Body

OSI Model

7. Application e-mail package or ftp.

6. Presentation for apps to exchange data - handled within tcp/ip

5. Session manages sessions between apps - sockets/ports used instead of session

4. Transport data is exaclty as it was sent

3. Network isolates upper layers from the net. ip handles packet addressing + delivery

2. Data Link reliable delivery of data is handle - not used inTCP/IP

1. Physical defines statndards for hardware, ie. cable length, voltage

TCP/IP Model

Application | data |

Tranport |header | data |

Internet |header |header | data |

IP - Internet Protocol

2. Moves data between Network Access and Transport layers.

3. Route datagrams to remote hosts and performs fragmentation + reassembly of datagrams.

4. IP does no error checking and will only route datagrams to the host. In fact IP doesn't even check if data was recieved. Error checking is left up to protocols in other layers

TCP - Transmission Control Protocol

2. Verifies delivery of data and performs error checking.

3. Uses Positive Acknowledgment with Retransmission (PAR) - the system will send data again unless it gets a positive acknowledgment that data was received okay.

4. Responsible for passing data to and from applications

TCP/IP tools

NFS - Network File System

biod on NFS clients - client side if NFS i/o

rpc.lockd handles file locks on both server and client

rpc.statd required by rpc.lockd to reset locks after crash

rpc.mountd on NFS server - processes the clients mount requests

IP Addresses

class A 1st bit 0 < 128 n.h.h.h

class B 1st 2bits 10 128 .. 191 n.n.h.h

class C 1st 3bits 110 192 .. 223 n.n.n.h

class D 1st 3bits 111 multicast addresses

network 0 = default route

127 = loopback address

host 0 and 255 reserved (host 0 does not exist since that would identify a network)

Subnets

130.97.16.66 in binary is 1000 0010.0110 0001.0001 0000.0100 0010

255.255.255.192 in binary is 1111 1111.1111 1111.1111 1111.1100 0000

produces this 1000 0010.0110 0001.0001 0000.0100 0010

subnet 130 .97 .16 .64

host 2

The subnet and host number in this case is transparent when dealing with a host file. Just take note that host address from 130.97.16.65 to 130.97.16.127 are the only hosts addresses available with that netmask. The address 130.97.16.128 uses the 1st bit instead of the 2nd and therefore effectively changes the network.

UDP - User Datagram Protocol

A socket is a combination of IP address and port

Routing and Gateways

gateway is defined as moving data between different protocols, ie. Novell - TCP/IP

router is defined as moving data between networks

Routing forwards datagrams based on information within the routing table.

Routing Protocols are programs that exchange information to build routing tables and usually fall into two groups: interior and exterior

interior is within an autonomous network

exterior is between autonomous networks

DNS - Domain Name Service - provides Internet information

BIND - Berkley Internet Name Domain

NIS - Network Information Service - provides local information

RIP - Routing Information Protocol

/etc/protocols provides protocol numbers used by IP to deliver the datagrams.

/etc/services provides port numbers used by TCP to deliver data to applications and contains all services used by /etc/inetd.conf.

/etc/networks contain subnet information or network information.

/etc/gateway specifies information at startup of routed and usually the default gateway is placed here. Example: net 0.0.0.0 gateway 128.66.12.1 metric 1 active

active means RIP can remove entry if gateway is inactive

passive means gateway is not required to provide updates

routed - starts RIP (accepts 15 hops as max) for advertising and receiving routing information

named - starts DNS

inetd - users the /etc/inetd.conf file for port information

name service

type stream - tcp

dgram - udp

protocol tcp or udp

wait status stream type servers allow "nowait"

datagam type servers require "wait"

uid user name which sever runs

arguments 1st argument is server's name

when changing this file do a kill -HUP PID

gated is used for EGP (Exterior Gateway Protocol) and RIP

arp -a address resolution protocol

ifconfig metric 3 causes the interface to have a higher cost than other interfaces on the host (which is usually 0 by default) so packets will go those routes before this route.

Misc.

route add default 128.66.12.1 1

the metric value is only used to determine if route is local or not - that's it for static routes.

the default gateway should be determined by the number of routes through a gatewy and not the amount of traffic.

static routes are lost upon reboot.

Security

find / -user root -perm 4000 -print

/usr/adm/sulog or messages

cops exposes security holes ... cert.sei.cmu.edu pub/cops/cops.tar.Z

/etc/inetd -c passwd root from 3 to 1

group added root to 1

Internet Control Message Protocol (ICMP)

PPP - Point to Point Protocol

IP Forwarding

Firewall must provide DNS name service for outside worl - DNS for internal network is provided internally

Firewall will not provide any information about internal hosts to the outside world

You must login to host first then ftp

Your system must have a route table entry for every network that it will communicate with ... explicit route for 1 network or a default route for all networks

For a firewall to become a secure router there must be no routing protocol, no default route in table, neither starts at boot time.

wrapper - provides access control available on cert.sei.cmu.edu at pub/network_tools/tcp_wrapper.shar