久久久亚洲AV波多野结衣,WWW亚洲色大成网络.COM ,久久精品视频亚洲

Chan Chen — Tue, 04 Dec 2012 06:06:00 GMT

摘要: Refer To�Q�http://ihyperwin.iteye.com/blog/1627794在分布式服务框架中，一个最基础的问题就是远�E�服务是怎么通讯的，在Java领域中有很多可实现远�E�通讯的技术，例如�Q�RMI、MINA、ESB、Burlap、Hessian、SOAP、EJB和JMS�{�，�q�些名词之间到底是些什么关�p�d��Q�它们背后到底是��Z��什么原理实现的呢，了解�q�些是实现分布式服务框架的基��知识�Q?.. 阅读全文

Chan Chen 2012-12-04 14:06 发表评论

Dos Attack

Chan Chen — Fri, 25 May 2012 18:44:00 GMT

什么是DoS��d��
那么�Q?/span>DoS到底是什么？接触PC��早的同志会直接想到微软磁盘操作系�l?/span> �?/span>DOS--Disk Operation System�Q�哦�Q�不不不�Q�我看盖茨可不像是黑客的老大哟！�?/span>DoS非彼DOS也，DoS�?/span>Denial Of Service�Q�拒�l�服务的�~�写�?/span>DoS是指故意的攻�ȝ��l�协议实现的�~�陷或直接通过野蛮手段�D�忍地耗尽被攻��d��象的资源�Q�目的是让目标计��机或网�l�无法提供正常的服务或资源访问，使目标系�l�服务系�l�停止响应甚臛_��溃，而在此攻��M��q�不包括侵入目标服务器或目标�|�络讑֤�。这些服务资源包括网�l�带宽，文�g�pȝ��I�间定w��Q�开攄��q�程或者允许的�q�接。这�U�攻��M��D��资源的匮乏，无论计算机的处理速度多快、内存容量多大、网�l�带宽的速度多快都无法避免这�U�攻��d��来的后果。要知道��M��事物都有一个极限，所以总能扑ֈ�一个方法��h��的值大于该极限��|��因此��׃��故意��D��所提供的服务资源匮乏，表面上好象是服务资源无法满��需求。所以千万不要自认�ؓ拥有了��够宽的带宽和��_��快的服务器就有了一个不�?/span>DoS��d��的高性能�|�站�Q�拒�l�服务攻��M��使所有的资源变得非常渺小�?/span>
其实�Q�我们作个�Ş象的比喻来理�?/span>DoS。街头的��馆是�ؓ大众提供��饮服务�Q�如果一��地痞流氓要DoS��馆的话�Q�手�D�会很多�Q�比如霸占着��桌不结账，堵住��馆的大门不让�\�Q�骚扰餐馆的服务员或厨子不能�q�活�Q�甚��x��恶劣……相应的计��机和网�l�系�l�则是�ؓInternet 用户提供互联�|�资源的�Q�如果有黑客要进�?/span>DoS��d��的话�Q�可以想象同��h��好多手段�Q�今天最常见�?/span>DoS��d��有对计算机网�l�的带宽��d��和连通性攻凅R��带宽攻��L��以极大的通信量冲�ȝ��l�，使得所有可用网�l�资源都被消耗殆��，最后导致合法的用户��h��无法通过。连通性攻��L��用大量的�q�接��h��冲击计算机，使得所有可用的操作�pȝ��资源都被消耗殆��，最�l�计��机无法再处理合法用��L��h��?/span> 什么是DDoS

传统上，��d��者所面��的主要问题是�|�络带宽�Q�由于较��的�|�络规模和较慢的�|�络速度的限�Ӟ��d��者无法发��多的��h��。虽然类�?/span>"the ping of death"的攻�ȝ��型只需要较��量的包��可以摧毁一个没有打�q�补丁的UNIX�pȝ��Q�但大多数的DoS��d��q�是需要相当大的带宽的�Q�而以个�h为单位的黑客们很难��用高带宽的资源。�ؓ了克服这个缺点，DoS��d��者开发了分布式的��d��。攻击者简单利用工具集合许多的�|�络带宽来同时对同一个目标发动大量的��d��h��Q�这��是DDoS��d��?/span>
DDoS�Q?/span>Distributed Denial Of Service�Q�又�?/span>DoS又向前发展了一大步�Q�这�U�分布式拒绝服务��d��是黑客利用在已经侵入�q�已控制的不同的高带宽主机（可能是数百，甚至成千上万収ͼ�上安装大量的DoS服务�E�序�Q�它们等待来自中央攻��L��制中心的命��o�Q�中央攻��L��制中心在适时启动全体受控��L��?/span>DoS服务�q�程�Q�让它们对一个特定目标发送尽可能多的�|�络讉K��h��Q��Ş成一�?/span>DoS�z�流冲击目标�pȝ��Q�猛烈的DoS��d��同一个网站。在寡不敌众的力量抗衡下�Q�被��d��的目标网站会很快失去反应而不能及时处理正常的讉K��甚至�pȝ��瘫痪崩溃。可�?/span>DDoS�?/span>DoS的最大区别是人多力量大�?/span>DoS是一台机器攻�ȝ��标，DDoS是被中央��d��中心控制的很多台机器利用他们的高带宽��d��目标�Q�可更容易地��目标网站攻下。另外，DDoS��d��方式较�ؓ自动化，��d��者可以把他的�E�序安装到网�l�中的多台机器上�Q�所采用的这�U�攻��L��式很难被��d��对象察觉�Q�直到攻击者发下统一的攻��d��令，�q�些机器才同时发赯��攅R��可以说DDoS��d��是由黑客集中控制发动的一�l?/span>DoS��d��的集合，现在�q�种方式被认为是最有效的攻��dŞ式，�q�且非常难以抉|��?/span>
无论�?/span>DoS��d��q�是DDoS��d��Q�简单的看，都只是一�U�破坏网�l�服务的黑客方式�Q�虽然具体的实现方式千变万化�Q�但都有一个共同点�Q�就是其�Ҏ��目的是��受害��L��或网�l�无法及时接收�ƈ处理外界��h��Q�或无法及时回应外界��h��。其具体表现方式有以下几�U�：
1�Q�制造大��量无用数据�Q�造成通往被攻��M��机的�|�络拥塞�Q��被攻��M��机无法正常和外界通信�?/span>

2�Q�利用被��d��L��提供服务或传输协议上处理重复�q�接的缺��P��反复高频的发出攻��L��的重复服务��h��Q��被攻��M��机无法及时处理其它正常的��h��?/span>
3�Q�利用被��d��L��所提供服务�E�序或传输协议的本��n实现�~�陷�Q�反复发送畸形的��d��数据引发�pȝ��错误的分配大量系�l�资源，使主机处于挂��L��态甚��x��机�?/span>

常见�?/span>DoS��d��

拒绝服务��d��是一�U�对�|�络危害巨大的恶意攻凅R��今天，DoS��h��代表性的��d��手段包括Ping of Death�?/span>TearDrop�?/span>UDP flood �?/span>SYN flood�?/span>Land Attack�?/span>IP Spoofing DoS�{�。我们看看它们又是怎么实现的�?/span>

��M��?/span> ping ( ping of death ) �Q?/span>ICMP (Internet Control Message Protocol�Q?/span>Internet控制信息协议)�?/span>Internet上用于错误处理和传递控制信息。它的功能之一是与��L��联系�Q�通过发送一�?/span>"回音��h��"�Q?/span>echo request�Q�信息包看看��L��是否"�zȝ��"。最普通的ping�E�序��是�q�个功能。而在TCP/IP�?/span>RFC文档中对包的最大尺寔R��有严格限制规定，许多操作�pȝ��?/span>TCP/IP协议栈都规定ICMP 包大��ؓ64KB�Q�且在对包的标题头进行读取之后，要根据该标题头里包含的信息来为有效蝲��L��成缓冲区�?/span>"Ping of Death" ��是故意产生畸�Ş的测�?/span>Ping�Q?/span>Packet Internet Groper�Q�包�Q�声�U�自��q��寸��过 ICMP 上限�Q�也��是加蝲的尺寸超�q?/span> 64KB上限�Q��未采取保护措施的�|�络�pȝ��出现内存分配错误�Q�导�?/span> TCP/IP 协议栈崩溃，最�l�接收方荡机�?/span>

泪滴( teardrop ) �Q�泪滴攻��d��用在 TCP/IP 协议栈实��C��信�QIP ��片中的包的标题头所包含的信息来实现自己的攻凅R�?/span>IP 分段含有指示该分�D�|��包含的是原包的哪一�D늚�信息�Q�某�?/span> TCP/IP协议栈（例如NT �?/span>service pack 4 以前�Q�在收到含有重叠偏移的伪造分�D�|��崩溃�?/span> UDP �z�水 (UDP flood) �Q�如今在Internet�?/span>UDP�Q�用��h��据包协议�Q�的应用比较�q�泛�Q�很多提�?/span>WWW�?/span>Mail�{�服务设备通常是��?/span>Unix的服务器�Q�它们默认打开一些被黑客恶意利用�?/span>UDP服务。如echo服务会显�C�接收到的每一个数据包�Q�而原本作为测试功能的chargen服务会在收到每一个数据包旉��机反馈一些字�W��?/span>UDP flood假冒��d��是利用�q�两个简单的 TCP/IP 服务的漏�z�进行恶意攻击，通过伪造与某一��L��?/span> Chargen 服务之间的一�ơ的 UDP �q�接�Q�回复地址指向开着Echo 服务的一��C��机，通过��?/span>Chargen �?/span> Echo服务互指�Q�来回传送毫无用处且占满带宽的垃圾数据，在两��C��Z��间生成��够多的无用数据流�Q�这一拒绝服务��d��飞快地导致网�l�可用带宽耗尽�?/span> SYN �z�水 ( SYN flood ) �Q�我们知道当用户�q�行一�ơ标准的TCP�Q?/span>Transmission Control Protocol�Q�连接时�Q�会有一�?/span>3�ơ握手过�E�。首先是��h��服务方发送一�?/span>SYN�Q?/span>Synchronize Sequence Number�Q�消息，服务�Ҏ��?/span>SYN后，会向��h��方回送一�?/span>SYN-ACK表示��认�Q�当��h��Ҏ��?/span>SYN-ACK后，再次向服务方发送一�?/span>ACK消息�Q�这样一��?/span>TCP�q�接建立成功�?/span>"SYN Flooding"则专门针�?/span>TCP协议栈在两台��L��间初始化�q�接握手的过�E�进�?/span>DoS��d��Q�其在实现过�E�中只进行前2个步骤：当服务方收到��h��方的SYN-ACK��认消息后，��h��方由于采用源地址�ƺ骗�{�手�D��得服务方收不�?/span>ACK回应�Q�于是服务方会在一定时间处于等待接收请求方ACK消息的状态。而对于某台服务器来说�Q�可用的TCP�q�接是有限的�Q�因��Z��们只有有限的内存�~�冲区用于创��接，如果�q�一�~�冲区充满了虚假�q�接的初始信息，该服务器��׃��Ҏ��下来的连接停止响应，直至�~�冲区里的连接企图超时。如果恶意攻��L��快速连�l�地发送此�c�连接请求，该服务器可用�?/span>TCP�q�接队列��很快被��d��Q�系�l�可用资源急剧减少�Q�网�l�可用带宽迅速羃��，长此下去�Q�除了少数幸�q�用��L��h��可以插在大量虚假��h��间得到应�{�外�Q�服务器��无法向用户提供正常的合法服务�?/span>

Land �Q?/span>Land Attack�Q�攻击：�?/span> Land ��d��中，黑客利用一个特别打造的SYN �?/span>--它的原地址和目标地址都被讄��成某一个服务器地址�q�行��d��。此丑ְ��D��接受服务器向它自��q��地址发�?/span> SYN-ACK 消息�Q�结果这个地址又发�?/span> ACK 消息�q�创��Z��个空�q�接�Q�每一个这��L��q�接都将保留直到��时�Q�在 Land ��d��下，许多 UNIX��崩溃，NT 变得极其�~�慢�Q�大�U�持�l�五分钟�Q��?/span>
IP�ƺ骗DOS��d��Q�这�U�攻��d��?/span>TCP协议栈的RST位来实现�Q��?/span>IP�ƺ骗�Q�迫使服务器把合法用��L��q�接复位�Q�媄响合法用��L��q�接。假讄��在有一个合法用�?/span>(100.100.100.100)已经同服务器建立了正常的�q�接�Q�攻击者构造攻�ȝ��TCP数据�Q�伪装自��q��IP�?/span>100.100.100.100�Q��ƈ向服务器发送一个带�?/span>RST位的TCP数据�D�c��服务器接收到这��L��数据后，认�ؓ�?/span>100.100.100.100发送的�q�接有错误，��׃��清空�~�冲��Z��已徏立好的连接。这�Ӟ��合法用户100.100.100.100再发送合法数据，服务器就已经没有�q�样的连接了�Q�该用户��p��拒绝服务而只能重新开始徏立新的连接�?/span>

常见�?/span>DDoS��d��

smurf�?/span>Fraggle ��d��?/span>Trinoo�?/span>Tribe Flood Network(TFN)�?/span>TFN2k以及Stacheldraht是比较常见的DDoS��d��E�序�Q�我们再看看它们的原理，其攻��L��\基本相近�?/span> Smurf ��d��Q?/span>Smurf是一�U�简单但有效�?/span> DDoS ��d��技术，Smurf�q�是利用ping�E�序�q�行�?/span>IP假冒的直接广播进行攻凅R��在Internet上广播信息可以通过一定的手段�Q�通过�q�播地址或其他机�Ӟ��发送到整个�|�络中的机器。当某台机器使用�q�播地址发送一�?/span>ICMP echo��h��包时�Q�例�?/span>Ping�Q�，一些系�l�会回应一�?/span>ICMP echo回应包，�q�样发送一个包会收到许多的响应包�?/span>Smurf��d��是使用�q�个原理来进行的�Q�同时它�q�需要一个假冒的源地址。也��是�?/span>Smurf在网�l�中发送的源地址��d��的主机地址�Q�目的地址为广播地址�?/span>ICMP echo��h��包，使许多的�pȝ��同时响应�q�发送大量的信息�l�被��d��L��Q�因��Z��的地址被攻击者假冒了�Q��?/span>Smurf是用一个伪造的源地址�q�箋ping一个或多个计算机网�l�，�q�就��D��所有计��机响应的那个主机地址�q�不是实际发送这个信息包的攻击计��机。这个伪造的源地址�Q�实际上��是��d��的目标，它将被极大数量的响应信息量所�Ҏ��。对�q�个伪造信息包做出响应的计��机�|�络��成为攻�ȝ��不知情的同谋。一个简单的 smurf ��d��最�l�导致网�l�阻塞和�W�三方崩溃，�q�种��d��方式要比 ping of death �z�水的流量高��Z��两个数量�U�。这�U��用网�l�发送一个包而引出大量回应的方式也被叫做Smurf"攑֤�"�?/span>

Fraggle ��d��Q?/span>Fraggle ��d��?/span> Smurf ��d��作了��单的修改�Q��用的�?/span> UDP 应答消息而非 ICMP�?/span>

"trinoo"��d��Q?/span>trinoo 是复杂的 DDoS ��d��E�序�Q�是��Z��UDP flood的攻击��Y件。它使用"master"�E�序对实际实施攻�ȝ��M��数量�?/span>"代理"�E�序实现自动控制。当然在��d��之前�Q��R入者�ؓ了安装��Y�Ӟ��已经控制了装�?/span>master�E�序的计��机和所有装有代理程序的计算机。攻击者连接到安装�?/span>master�E�序的计��机�Q�启�?/span>master�E�序�Q�然后根据一�?/span>IP地址的列表，�?/span>master�E�序负责启动所有的代理�E�序。接着�Q�代理程序用UDP 信息包冲�ȝ��l�，向被��d��目标��L��的随机端口发出全零的4字节UDP包，在处理这些超出其处理能力垃圾数据包的�q�程中，被攻��M��机的�|�络性能不断下降�Q�直��C��能提供正常服务，乃至崩溃。它�?/span>IP地址不做假，因此此攻��L��法用得不多�?/span>

"Tribal Flood Network"�?/span> "TFN2K" ��d��Q?/span>Tribe Flood Network�?/span>trinoo一��P��使用一�?/span>master�E�序与位于多个网�l�上的攻��M��理进行通讯�Q�利�?/span>ICMP�l�代理服务器下命令，其来源可以做假�?/span>TFN可以�q�行发动��C��胜数�?/span>DoS��d��Q�类型多�U�多��P��而且�q�可建立带有伪装�?/span>IP地址的信息包�?/span> 可以�?/span>TFN发动的攻��d��括：SYN flood�?/span>UDP flood�?/span>ICMP回音��h��flood�?/span>Smurf�Q�利用多台服务器发出��量数据包，实施DoS��d��Q�等��d��?/span>TFN的升�U�版TFN2k�q�一步对命��o数据包加密，更难查询命��o内容�Q�命令来源可以做假，�q�有一个后门控制代理服务器�?/span>

"stacheldraht"��d��Q?/span>Stacheldraht也是��Z��TFN�?/span>trinoo一��L��客户�?/span>/服务器模式，其中Master�E�序与潜在的成千个代理程序进行通讯。在发动��d��Ӟ��侵入者与master�E�序�q�行�q�接�?/span>Stacheldraht增加了新的功能：��d��者与master�E�序之间的通讯是加密的�Q�对命��o来源做假�Q�而且可以防范一些�\由器�?/span>RFC2267�q��o�Q�若��查出有过滤现象，它将只做�?/span>IP地址最�?/span>8位，从而让用户无法了解到底是哪几个�|�段的哪台机器被��d��Q�同时��?/span>rcp (remote copy�Q�远�E�复�?/span>)技术对代理�E�序�q�行自动更新�?/span>Stacheldraht �?/span>TFN一��P��可以�q�行发动��C��胜数�?/span>DoS��d��Q�类型多�U�多��P��而且�q�可建立带有伪装�?/span>IP地址的信息包�?/span>Stacheldraht所发动的攻��d��?/span>UDP 冲击�?/span>TCP SYN 冲击�?/span>ICMP 回音应答冲击�?/span>
如何防止DoS/DdoS��d��

DoS��d��几乎是从互联�|�络的诞生以来，��׃��随着互联�|�络的发展而一直存在也不断发展和升�U�。值得一提的是，要找DoS的工具一点不难，黑客��居的网�l�社区都有共享黑客��Y件的传统�Q��ƈ会在一起交��攻�ȝ��心得�l�验�Q�你可以很轻杄��?/span>Internet上获得这些工��P��像以上提到的�q�些DoS��d��软�g都是可以从网上随意找到的公开软�g。所以�Q何一个上�|�者都可能构成�|�络安全的潜在威胁�?/span>DoS��d��l�飞速发展的互联�|�络安全带来重大的威胁。然而从某种�E�度上可以说�Q?/span>DoS��d��永远不会消失而且从技术上目前没有�Ҏ��的解军_��法�?/span>
面对凶多吉少�?/span>DoS险�W�Q�我们该如何对付随时出现的黑客攻��d��Q�让我们首先寚w��成DoS��d��威胁的技术问题做一下�ȝ��?/span>DoS��d��可以说是如下原因造成的：
1�Q��Y件弱�Ҏ��包含在操作系�l�或应用�E�序中与安全相关的系�l�缺��P��q�些�~�陷大多是由于错误的�E�序�~�制�Q�粗心的源代码审核，无心的副效应或一些不适当的绑定所造成的。由于��用的软�g几乎完全依赖于开发商�Q�所以对于由软�g引�v的漏�z�只能依*打补丁，安装hot fixes�?/span>Service packs来��I补。当某个应用�E�序被发现有漏洞存在�Q�开发商会立卛_��布一个更新的版本来修正这个漏�z�。由于开发协议固有的�~�陷��D��?/span>DoS��d��Q�可以通过��单的补丁来��I补系�l�缺陗��?/span>
2�Q�错误配�|�也会成为系�l�的安全隐患。这些错误配�|�通常发生在硬件装�|�，�pȝ��或者应用程序中�Q�大多是�׃��一些没�l�验的，无责��d��工或者错误的理论所��D��的。如果对�|�络中的路由器，防火墙，交换��Z��及其他网�l�连接设备都�q�行正确的配�|�会减小�q�些错误发生的可能性。如果发��C��q�种漏洞应当��h��专业的技术�h员来修理�q�些问题�?/span>
3�Q�重复请求导致过载的拒绝服务��d��。当对资源的重复��h��大大��过资源的支付能力时��׃��造成拒绝服务��d��Q�例如，对已�l�满载的Web服务器进行过多的��h��使其�q�蝲�Q��?/span>
要避免系�l�免�?/span>DoS��d��Q�从前两�Ҏ��看，�|�络��理员要�U�极谨慎地维护系�l�，��保无安全隐患和漏洞�Q�而针对第三点的恶意攻��L��式则需要安装防火墙�{�安全设备过�?/span>DoS��d��Q�同时强烈徏议网�l�管理员应当定期查看安全讑֤�的日志，及时发现对系�l�的安全威胁行�ؓ�?/span>
3Com公司是一个全面的企业�|�络解决�Ҏ��提供商，旨在��Z��业用��h��?/span>"丰富、简单、灵�z�R��可*而高性能��h��?/span>"的网�l�解��x��案�?/span>Internet支持工具��是其中的主要解��x��案之一�Q�包�?/span>SuperStack 3 Firewall�?/span>Web Cache以及Server Load Balancer。不但作为安全网兌��备的3Com SuperStack 3 防火墙在�~�省预配�|�下可探��和防止"拒绝服务"(DoS)以及"分布式拒�l�服�?/span>"(DDoS)�{�黑客��R袭，强有力的保护您的�|�络�Q��您免遭未�l�授权访问和其他来自Internet的外部威胁和侵袭�Q�而且3Com SuperStack 3 Server Load Balancer在�ؓ多服务器提供��g�U�K��的4-7层负载均衡的同时�Q�还能保护所有服务器免受"拒绝服务"(DoS)��d��Q�同�?/span>3Com SuperStack 3 Web Cache在�ؓ企业提供高效的本地缓存的同时�Q�也能保证自�w�免�?/span>"拒绝服务"(DoS)��d��

Chan Chen 2012-05-26 02:44 发表评论

Gateway

Chan Chen — Wed, 23 May 2012 00:43:00 GMT

In computer networking, a gateway is a node (a router) on a TCP/IP network that serves as an access point to another network. A default gateway is the node on the computer network that the network software uses when an IP address does not match any other routes in the routing table.

In home computing configurations, an ISP often provides a physical device which both connects local hardware to the Internet and serves as a gateway. Such devices include DSL modems and cable modems.

In organizational systems a gateway is a node that routes the traffic from a workstation to another network segment. The default gateway commonly connects the internal networks and the outside network (Internet). In such a situation, the gateway node could also act as a proxy server and a firewall. The gateway is also associated with both a router, which uses headers and forwarding tables to determine where packets are sent, and a switch, which provides the actual path for the packet in and out of the gateway.

In other words, a default gateway provides an entry point and an exit point in a network.

Contents

[hide]

1 Example1

2 Example2

3 See also

4 External links

[edit]Example1

An office network consists of six hosts and a router is given as:

Hosts addresses:

192.168.4.3

192.168.4.4

192.168.4.5

192.168.4.6

192.168.4.7

192.168.4.8

Router (this side) address:

192.168.4.1

The network has a subnet mask of:

255.255.255.0 (/24 in CIDR notation)

Thus the usable network ranges from addresses 192.168.4.1 to 192.168.4.254. (TCP/IP defines the addresses 192.168.4.0 and 192.168.4.255 for special functions.)

The office's hosts will send packets addressed to IPs within this range directly, by resolving the destination IP address into a MAC address through an ARP sequence (if not already known through the host's ARP cache) and then enveloping the IP packet into a layer 2 (MAC) packet addressed to the destination host.

Packets addressed outside of this range (for this example, a packet addressed to 192.168.12.3) cannot travel directly to the destination. Instead they must be sent to the default gateway for further routing to their ultimate destination. In this example, the default gateway uses the IP address 192.168.4.1, which is resolved into a MAC address with ARP in the usual way. Note that the destination IP address remains 192.168.12.3, but the next-hop physical address is that of the gateway, rather than of the ultimate destination.

[edit]Example2

A network with three routers and three hosts, connected to the Internet through router1.

Hosts and addresses:

PC1 10.1.1.100, default gateway 10.1.1.1

PC2 172.16.1.100, default gateway 172.16.1.1

PC3 192.168.1.100, default gateway 192.168.1.96

Router1:

Interface 1 5.5.5.2 (public IP)

Interface 2 10.1.1.1

Router2:

Interface 1 10.1.1.2

Interface 2 172.16.1.1

Router3:

Interface 1 10.1.1.3

Interface 2 192.168.1.96

Network mask in all networks: 255.255.255.0 (/24 in CIDR notation).

If the routers do not use a Routing Information Protocol to discover which network each router is connected to, then the routing table of each router must be set up.

Router1

Network ID Network mask Gateway Interface (examples; may vary) Cost (decreases the TTL)

0.0.0.0 (default route) 0.0.0.0 Assigned by ISP (e.g. 5.5.5.1) eth0 (Ethernet 1st adapter) 10

10.1.1.0 255.255.255.0 10.1.1.1 eth1 (Ethernet 2nd adapter) 10

172.16.1.0 255.255.255.0 10.1.1.2 eth1 (Ethernet 2nd adapter) 10

192.168.1.0 255.255.255.0 10.1.1.3 eth1 (Ethernet 2nd adapter) 10

Router2

Network ID Network mask Gateway Interface (examples; may vary) Cost (decreases the TTL)

0.0.0.0 (default route) 0.0.0.0 10.1.1.1 eth0 (Ethernet 1st adapter) 10

172.16.1.0 255.255.255.0 172.16.1.1 eth1 (Ethernet 2nd adapter) 10

Router3

Network ID Network mask Gateway Interface (examples; may vary) Cost (decreases the TTL)

0.0.0.0 (default route) 0.0.0.0 10.1.1.1 eth0 (Ethernet 1st adapter) 10

192.168.1.0 255.255.255.0 192.168.1.96 eth1 (Ethernet 2nd adapter) 10

Router2 manages its attached networks and default gateway; router 3 does the same; router 1 manages all routes within the internal networks.

Accessing internal resources If PC2 (172.16.1.100) needs to access PC3 (192.168.1.100), since PC2 has no route to 192.168.1.100 it will send packets for PC3 to its default gateway (router2). Router2 also has no route to PC3, and it will forward the packets to its default gateway (router1). Router1 has a route for this network (192.168.1.0/24) so router1 will forward the packets to router3, which will deliver the packets to PC3; reply packets will follow the same route to PC2.

Accessing external resources If any of the computers try to access a webpage on the Internet, like http://en.wikipedia.org/, the destination will first be resolved to an IP address by using DNS-resolving. The IP-address could be 91.198.174.2. In this example, none of the internal routers know the route to that host, so they will forward the packet through router1's gateway or default route. Every router on the packet's way to the destination will check whether the packet's destination IP-address matches any known network routes. If a router finds a match, it will forward the packet through that route; if not, it will send the packet to its own default gateway. Each router encountered on the way will store the packet ID and where it came from so that it can pass the request back to previous sender. The packet contains source and destination, not all router hops. At last the packet will arrive back to router1, which will check for matching packet ID and route it accordingly through router2 or router3 or directly to PC1 (which was connected in the same network segment as router1).

The packet doesn't return If router1 routing table does not have any route to 192.168.1.0/24, and PC3 tries to access a resource outside its own network, then the outgoing routing will work until the reply is fed back to router1. Since the route is unknown to router1, it will go to router1's default gateway, and never reach router3. In the logs of the resource they will trace the request, but the requestor will never get any information. The packet will die because the TTL-value decrease to less than 1 when it is travelling through the routers or the router will see that it has a private IP and discard it. This could be discovered by using Microsoft Windows utility Pathping, since you only can ping until that router which has no route or wrong route. (Note that some routers will not reply to pinging.)

Chan Chen 2012-05-23 08:43 发表评论

DHCP Overview

Chan Chen — Wed, 09 May 2012 18:09:00 GMT

Technical overview

Dynamic Host Configuration Protocol automates network-parameter assignment to network devices from one or more DHCP servers. Even in small networks, DHCP is useful because it makes it easy to add new machines to the network.

When a DHCP-configured client (a computer or any other network-aware device) connects to a network, the DHCP client sends a broadcast query requesting necessary information from a DHCP server. The DHCP server manages a pool of IP addresses and information about client configuration parameters such as default gateway, domain name, the name servers, other servers such as time servers, and so forth. On receiving a valid request, the server assigns the computer an IP address, a lease (length of time the allocation is valid), and other IP configuration parameters, such as the subnet mask and the default gateway. The query is typically initiated immediately after booting, and must complete before the client can initiate IP-based communication with other hosts. Upon disconnecting, the IP address is returned to the pool for use by another computer. This way, many other computers can use the same IP address within minutes of each other.

Depending on implementation, the DHCP server may have three methods of allocating IP-addresses:

dynamic allocation: A network administrator assigns a range of IP addresses to DHCP, and each client computer on the LAN is configured to request an IP address from the DHCP server during network initialization. The request-and-grant process uses a lease concept with a controllable time period, allowing the DHCP server to reclaim (and then reallocate) IP addresses that are not renewed.

automatic allocation: The DHCP server permanently assigns a free IP address to a requesting client from the range defined by the administrator. This is like dynamic allocation, but the DHCP server keeps a table of past IP address assignments, so that it can preferentially assign to a client the same IP address that the client previously had.

static allocation: The DHCP server allocates an IP address based on a table with MAC address/IP address pairs, which are manually filled in (perhaps by a network administrator). [Only requesting clients with a MAC address listed in this table will be allocated an IP address]. This feature (which is not supported by all DHCP servers) is variously called Static DHCP Assignment (by DD-WRT), fixed-address (by the dhcpd documentation), Address Reservation (by Netgear), DHCP reservation or Static DHCP (byCisco/Linksys), and IP reservation or MAC/IP binding (by various other router manufacturers).

[edit]Technical details

DHCP uses the same two ports assigned by IANA for BOOTP: destination UDP port 67 for sending data to the server, and UDP port 68 for data to the client. DHCP communications are connectionless in nature.

DHCP operations fall into four basic phases: IP discovery, IP lease offer, IP request, and IP lease acknowledgement. These points are often abbreviated as DORA (Discovery, Offer, Request, Acknowledgement).

DHCP clients and servers on the same subnet communicate via UDP broadcasts, initially. If the client and server are on different subnets, a DHCP Helper or DHCP Relay Agentmay be used. Clients requesting renewal of an existing lease may communicate directly via UDP unicast, since the client already has an established IP address at that point.

[edit]DHCP discovery

The client broadcasts messages on the physical subnet to discover available DHCP servers. Network administrators can configure a local router to forward DHCP packets to a DHCP server from a different subnet. This client-implementation creates a User Datagram Protocol (UDP) packet with the broadcast destination of 255.255.255.255 or the specific subnet broadcast address.

A DHCP client can also request its last-known IP address (in the example below, 192.168.1.100). If the client remains connected to a network for which this IP is valid, the server may grant the request. Otherwise, it depends whether the server is set up as authoritative or not. An authoritative server will deny the request, making the client ask for a new IP address immediately. A non-authoritative server simply ignores the request, leading to an implementation-dependent timeout for the client to give up on the request and ask for a new IP address.

DHCPDISCOVER

UDP Src=0.0.0.0 sPort=68

Dest=255.255.255.255 dPort=67

OP HTYPE HLEN HOPS

0x01 0x01 0x06 0x00

XID

0x3903F326

SECS FLAGS

0x0000 0x0000

CIADDR (Client IP Address)

0x00000000

YIADDR (Your IP Address)

0x00000000

SIADDR (Server IP Address)

0x00000000

GIADDR (Gateway IP Address)

0x00000000

CHADDR (Client Hardware Address)

0x00053C04

0x8D590000

0x00000000

192 octets of 0s, or overflow space for additional options. BOOTP legacy

Magic Cookie

0x63825363

DHCP Options

DHCP option 53: DHCP Discover

DHCP option 50: 192.168.1.100 requested

DHCP option 55: Parameter Request List:

Request Subnet Mask (1), Router (3), Domain Name (15),

Domain Name Server (6)

[edit]DHCP offer

When a DHCP server receives an IP lease request from a client, it reserves an IP address for the client and extends an IP lease offer by sending a DHCPOFFER message to the client. This message contains the client's MAC address, the IP address that the server is offering, the subnet mask, the lease duration, and the IP address of the DHCP server making the offer.

The server determines the configuration based on the client's hardware address as specified in the CHADDR (Client Hardware Address) field. Here the server, 192.168.1.1, specifies the IP address in the YIADDR (Your IP Address) field.

DHCPOFFER

UDP Src=192.168.1.1 sPort=67

Dest=255.255.255.255 dPort=68

OP HTYPE HLEN HOPS

0x02 0x01 0x06 0x00

0x00000000

YIADDR (Your IP Address)

0xC0A80164

SIADDR (Server IP Address)

0xC0A80101

GIADDR (Gateway IP Address)

0x00000000

CHADDR (Client Hardware Address)

0x00053C04

0x8D590000

0x00000000

192 octets of 0s. BOOTP legacy

Magic Cookie

0x63825363

DHCP Options

DHCP option 53: DHCP Offer

DHCP option 1: 255.255.255.0 subnet mask

DHCP option 3: 192.168.1.1 router

DHCP option 51: 86400s (1 day) IP lease time

DHCP option 54: 192.168.1.1 DHCP server

DHCP option 6: DNS servers 9.7.10.15, 9.7.10.16, 9.7.10.18

[edit]DHCP request

In response to the offer Client requests the server. The client replies DHCPRequest, unicast to the server, requesting the offered address. A client can receive DHCP offers from multiple servers, but it will accept only one DHCP offer. Based on the Transaction ID field in the request, servers are informed whose offer the client has accepted. When other DHCP servers receive this message, they withdraw any offers that they might have made to the client and return the offered address to the pool of available addresses. In some cases DHCP request message is broadcast, instead of being unicast to a particular DHCP server, because the DHCP client has still not received an IP address. Also, this way one message can let all other DHCP servers know that another server will be supplying the IP address without missing any of the servers with a series of unicast messages.

Read more: http://wiki.answers.com/Q/What_is_Dora_process_in_DHCP_and_how_it_works#ixzz1ljWKjqeA

DHCPREQUEST

UDP Src=0.0.0.0 sPort=68

Dest=255.255.255.255 dPort=67

OP HTYPE HLEN HOPS

0x01 0x01 0x06 0x00

XID

0x3903F326

SECS FLAGS

0x0000 0x0000

CIADDR (Client IP Address)

0x00000000

YIADDR (Your IP Address)

0x00000000

SIADDR (Server IP Address)

0xC0A80101

GIADDR (Gateway IP Address)

0x00000000

CHADDR (Client Hardware Address)

0x00053C04

0x8D590000

0x00000000

192 octets of 0s. BOOTP legacy

Magic Cookie

0x63825363

DHCP Options

DHCP option 53: DHCP Request

DHCP option 50: 192.168.1.100 requested

DHCP option 54: 192.168.1.1 DHCP server.

[edit]DHCP acknowledgement

When the DHCP server receives the DHCPREQUEST message from the client, the configuration process enters its final phase. The acknowledgement phase involves sending a DHCPACK packet to the client. This packet includes the lease duration and any other configuration information that the client might have requested. At this point, the IP configuration process is completed.

The protocol expects the DHCP client to configure its network interface with the negotiated parameters.

DHCPACK

UDP Src=192.168.1.1 sPort=67

Dest=255.255.255.255 dPort=68

OP HTYPE HLEN HOPS

0x02 0x01 0x06 0x00

XID

0x3903F326

SECS FLAGS

0x0000 0x0000

CIADDR (Client IP Address)

0x00000000

YIADDR (Your IP Address)

0xC0A80164

SIADDR (Server IP Address)

0xC0A80101

GIADDR (Gateway IP Address switched by relay)

0x00000000

CHADDR (Client Hardware Address)

0x00053C04

0x8D590000

0x00000000

192 octets of 0s. BOOTP legacy

Magic Cookie

0x63825363

DHCP Options

DHCP option 53: DHCP ACK

DHCP option 1: 255.255.255.0 subnet mask

DHCP option 3: 192.168.1.1 router

DHCP option 51: 86400s (1 day) IP lease time

DHCP option 54: 192.168.1.1 DHCP server

DHCP option 6: DNS servers 9.7.10.15, 9.7.10.16, 9.7.10.18

After the client obtains an IP address, the client may use the Address Resolution Protocol (ARP) to prevent IP conflicts caused by overlapping address pools of DHCP servers.

[edit]DHCP information

A DHCP client may request more information than the server sent with the original DHCPOFFER. The client may also request repeat data for a particular application. For example, browsers use DHCP Inform to obtain web proxy settings via WPAD. Such queries do not cause the DHCP server to refresh the IP expiry time in its database.

[edit]DHCP releasing

The client sends a request to the DHCP server to release the DHCP information and the client deactivates its IP address. As client devices usually do not know when users may unplug them from the network, the protocol does not mandate the sending of DHCP Release.

[edit]Client configuration parameters in DHCP

A DHCP server can provide optional configuration parameters to the client. RFC 2132 describes the available DHCP options defined by Internet Assigned Numbers Authority(IANA) - DHCP and BOOTP PARAMETERS.

A DHCP client can select, manipulate and overwrite parameters provided by a DHCP server.[3]

[edit]Options

An option exists to identify the vendor and functionality of a DHCP client. The information is a variable-length string of characters or octets which has a meaning specified by the vendor of the DHCP client. One method that a DHCP client can utilize to communicate to the server that it is using a certain type of hardware or firmware is to set a value in its DHCP requests called the Vendor Class Identifier (VCI) (Option 60). This method allows a DHCP server to differentiate between the two kinds of client machines and process the requests from the two types of modems appropriately. Some types of set-top boxes also set the VCI (Option 60) to inform the DHCP server about the hardware type and functionality of the device. The value that this option is set to give the DHCP server a hint about any required extra information that this client needs in a DHCP response.

[edit]DHCP Relaying

In small networks, where only one IP subnet is being managed, DHCP clients communicate directly with DHCP servers. However, DHCP servers can also provide IP addresses for multiple subnets. In this case, a DHCP client that has not yet acquired an IP address cannot communicate directly with the DHCP server using IP routing, because it doesn't have a routable IP address, nor does it know the IP address of a router. In order to allow DHCP clients on subnets not directly served by DHCP servers to communicate with DHCP servers, DHCP relay agents can be installed on these subnets. The DHCP client broadcasts on the local link; the relay agent receives the broadcast and transmits it to one or more DHCP servers using unicast. The relay agent stores its own IP address in the GIADDR field of the DHCP packet. The DHCP server uses the GIADDR to determine the subnet on which the relay agent received the broadcast, and allocates an IP address on that subnet. When the DHCP server replies to the client, it sends the reply to the GIADDR address, again using unicast. The relay agent then retransmits the response on the local network.

[edit]Reliability

The DHCP protocol provides reliability in several ways: periodic renewal, rebinding, and failover. DHCP clients are allocated leases that last for some period of time. Clients begin to attempt to renew their leases once half the lease interval has expired. They do this by sending a unicast DHCPREQUEST message to the DHCP server that granted the original lease. If that server is down or unreachable, it will fail to respond to the DHCPREQUEST. However, the DHCPREQUEST will be repeated by the client from time to time,[specify] so when the DHCP server comes back up or becomes reachable again, the DHCP client will succeed in contacting it, and renew its lease.

If the DHCP server is unreachable for an extended period of time,[specify] the DHCP client will attempt to rebind, by broadcasting its DHCPREQUEST rather than unicasting it. Because it is broadcast, the DHCPREQUEST message will reach all available DHCP servers. If some other DHCP server is able to renew the lease, it will do so at this time.

In order for rebinding to work, when the client successfully contacts a backup DHCP server, that server must have accurate information about the client's binding. Maintaining accurate binding information between two servers is a complicated problem; if both servers are able to update the same lease database, there must be a mechanism to avoid conflicts between updates on the independent servers. A standard for implementing fault-tolerant DHCP servers was developed at the Internet Engineering Task Force.[4][note 1]

If rebinding fails, the lease will eventually expire. When the lease expires, the client must stop using the IP address granted to it in its lease. At that time, it will restart the DHCP process from the beginning by broadcasting a DHCPDISCOVER message. Since its lease has expired, it will accept any IP address offered to it. Once it has a new IP address, presumably from a different DHCP server, it will once again be able to use the network. However, since its IP address has changed, any ongoing connections will be broken.

[edit]Security

The base DHCP protocol does not include any mechanism for authentication.[5] Because of this, it is vulnerable to a variety of attacks. These attacks fall into three main categories:

Unauthorized DHCP servers providing false information to clients.[6]

Unauthorized clients gaining access to resources.[6]

Resource exhaustion attacks from malicious DHCP clients.[6]

Because the client has no way to validate the identity of a DHCP server, unauthorized DHCP servers can be operated on networks, providing incorrect information to DHCP clients. This can serve either as a denial-of-service attack, preventing the client from gaining access to network connectivity[citation needed], or as a man-in-the-middle attack. Because the DHCP server provides the DHCP client with server IP addresses, such as the IP address of one or more DNS servers,[6] an attacker can convince a DHCP client to do its DNS lookups through its own DNS server, and can therefore provide its own answers to DNS queries from the client.[7] This in turn allows the attacker to redirect network traffic through itself, allowing it to eavesdrop on connections between the client and network servers it contacts, or to simply replace those network servers with its own.[7]

Because the DHCP server has no secure mechanism for authenticating the client, clients can gain unauthorized access to IP addresses by presenting credentials, such as client identifiers, that belong to other DHCP clients.[citation needed] This also allows DHCP clients to exhaust the DHCP server's store of IP addresses—by presenting new credentials each time it asks for an address, the client can consume all the available IP addresses on a particular network link, preventing other DHCP clients from getting service.[citation needed]

DHCP does provide some mechanisms for mitigating these problems. The Relay Agent Information Option protocol extension (RFC 3046) allows network operators to attach tags to DHCP messages as these messages arrive on the network operator's trusted network. This tag is then used as an authorization token to control the client's access to network resources. Because the client has no access to the network upstream of the relay agent, the lack of authentication does not prevent the DHCP server operator from relying on the authorization token.[5]

Another extension, Authentication for DHCP Messages (RFC 3118), provides a mechanism for authenticating DHCP messages. Unfortunately RFC 3118 has not seen widespread adoption because of the problems of managing keys for large numbers of DHCP clients.[8]

整个�q�程�Q?nbsp;

1. DHCP��h��IP地址的过�E?l 发现阶段�Q�即DHCP客户端寻找DHCP服务器的阶段�?/div>

客户端以�q�播方式发送DHCPDISCOVER包，只有DHCP服务器才会响应�?/div>

l 提供阶段�Q�即DHCP服务器提供IP地址的阶�D�c�?/div>

DHCP服务器接收到客户端的DHCPDISCOVER报文后，从IP地址池中选择一个尚未分配的IP地址分配�l�客��L��Q�向该客��L��发送包含租借的IP地址和其他配�|�信�?/div>

的DHCPOFFER包�?nbsp;

l 选择阶段�Q�即DHCP客户端选择IP地址的阶�D�c��如果有多台DHCP服务器向该客��L��发送DHCPOFFER包，客户端从中随机挑选，然后以广播�Ş式向各DHCP服务

器回应DHCPREQUEST包，宣告使用它挑中的DHCP服务器提供的地址�Q��ƈ正式��h��该DHCP服务器分配地址。其它所有发送DHCPOFFER包的DHCP服务器接�?/div>

到该数据包后�Q�将释放已经OFFER�Q�预分配�Q�给客户端的IP地址�?如果发送给DHCP客户端的DHCPOFFER包中包含无效的配�|�参敎ͼ�客户端会向服务器发�?/div>

DHCPCLINE包拒�l�接受已�l�分配的配置信息�?/div>

l ��认阶段�Q�即DHCP服务器确认所提供IP地址的阶�D�c�?/div>

当DHCP服务器收到DHCP客户端回�{�的DHCPREQUEST包后�Q�便向客��L��发送包含它所提供的IP地址及其他配�|�信息的DHCPACK��认包。然后，DHCP客户�?/div>

��接收�ƈ使用IP地址及其他TCP/IP配置参数�?nbsp;

2. DHCP客户端箋�U�IP地址的过�E?/div>

l DHCP服务器分配给客户端的动态IP地址通常有一定的�U�借期限，期满后服务器会收回该IP地址。如果DHCP客户端希望��l��用该地址�Q�需要更新IP�U�约�?/div>

实际使用中，在IP地址�U�约期限辑ֈ�一半时�Q�DHCP客户端会自动向DHCP服务器发送DHCPREQUEST包，以完成IP�U�约的更新。如果此IP地址有效�Q?/div>

则DHCP服务器回应DHCPACK包，通知DHCP客户端已�l�获得新IP�U�约�?如果DHCP客户端箋�U�地址时发送的DHCPREQUEST包中的IP地址与DHCP服务器当�?/div>

分配�l�它的IP地址�Q�仍在租期内�Q�不一��_��DHCP服务器将发送DHCPNAK消息�l�DHCP客户端�?nbsp;

3. DHCP客户端释放IP地址的过�E?nbsp;

l DHCP客户端已从DHCP服务器获得地址�Q��ƈ在租期内正常使用�Q�如果该DHCP客户端不惛_��使用该地址�Q�则需��d��向DHCP服务器发送DHCPRELEASE包，

以释放该地址�Q�同时将其IP地址设�ؓ0.0.0.0�?/div>

Chan Chen 2012-05-10 02:09 发表评论

Bits and Bytes

Chan Chen — Tue, 20 Mar 2012 03:01:00 GMT

Question: What Is the Difference Between Bits and Bytes?
The terms bit and byte are common in computer networking. Both terms refer to digital data transmitted over a network connection. For example, bits and bytes both may represent network addresses or port numbers.
Answer:
A bit is a single numeric value, either '1' or '0', that encodes a single unit of digital information. A byte is a sequence of bits; usually eight bits equal one byte.

For example, in Internet Protocol (IP) networking, IP addresses contain 32 bits or 4 bytes. The bits encode the network address so that it can be shared on the network. The bytes divide the bits into groups.

The IP address 192.168.0.1, for instance, is encoded with the following bits and bytes:

11000000 10101000 00000000 00000001
Bits are grouped into bytes to, generally speaking, increase the efficiency of computer hardware, including network equipment, disks and memory.

Q. "Is there any difference between bps (small 'b') and Bps (capital 'b')?"

A. The term "bps" specifies network bandwidth in bits per second. The term "Bps" specifies network bandwidth in bytes per second.

unit converter: http://www.numion.com/calculators/units.html

Chan Chen 2012-03-20 11:01 发表评论

Telnet and SSH

Chan Chen — Mon, 12 Mar 2012 09:29:00 GMT

Telnet is a protocol that allows you to connect to remote computers (called hosts) over a TCP/IP network (such as the Internet). You use software called a telnet client on your computer to make a connection to a telnet server (i.e., the remote host). Once your telnet client establishes a connection to the remote host, your client becomes a virtual terminal, allowing you to communicate with the remote host from your computer. In most cases, you'll need to log into the remote host, which requires that you have an account on that system. Occasionally, you can log in as guest or public without having an account.

Telnet clients are available for all major operating systems.

Command-line telnet clients are built into most versions of Mac OS X, Windows, Unix, and Linux. To use them, go to their respective command lines (i.e., the Terminal application in Mac OS X, the shell in Unix or Linux, or the DOS prompt in Windows), and then enter:

telnet host

Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively).[1] The protocol specification distinguishes two major versions that are referred to as SSH-1 and SSH-2.

The best-known application of the protocol is for access to shell accounts on Unix-like operating systems. It was designed as a replacement for Telnet and other insecure remote shell protocols such as the Berkeley rsh and rexec protocols, which send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis.[2] The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet.

Chan Chen 2012-03-12 17:29 发表评论

How does DNS work

Chan Chen — Mon, 20 Feb 2012 03:47:00 GMT

Suppose your computer wants to find the IP address of `network-surveys.cr.yp.to`. It contacts a series of DNS servers around the Internet.

There are several DNS servers with information about network-surveys.cr.yp.to. A central root server (located at Internet HQ in Virginia) has the following data in a file on disk:

     .:198.41.0.4      
     &to:198.6.1.82

The root server's IP address is 198.41.0.4; your computer also has this address in a file on disk. Your computer sends its question to the root server, and receives a response from the root server's data:

     +--------+  network-surveys.cr.yp.to?  +-----------+      
     |  Your  | --------------------------> |198.41.0.4 |      
     |computer|      <---------------       |root server|      
     +--------+       &to:198.6.1.82        +-----------+

The response &to:198.6.1.82 is a delegation. It says ``For information about .to, ask the DNS server at IP address 198.6.1.82.''

The DNS server at 198.6.1.82 (also located somewhere in Virginia) has the following data in a file on disk:

     .to:198.6.1.82      &yp.to:131.193.178.160

Your computer sends its question to that DNS server, and receives a response:

     +--------+  network-surveys.cr.yp.to?  +----------+      
     |  Your  | --------------------------> |198.6.1.82|      
     |computer|  <------------------------  |.to server|      
     +--------+    &yp.to:131.193.178.160   +----------+

The response &yp.to:131.193.178.160 is another delegation. It says ``For information about .yp.to, ask the DNS server at IP address 131.193.178.160.''

The DNS server at 131.193.178.160 (located in my office in Chicago) has the following data in a file on disk:

     .yp.to:131.193.178.160      =network-surveys.cr.yp.to:131.193.178.100

Your computer sends its question to that DNS server, and receives a response:

     +--------+           network-surveys.cr.yp.to?         +---------------+      
     |  Your  | ------------------------------------------> |131.193.178.160|      
     |computer| <------------------------------------------ | .yp.to server |      
     +--------+  =network-surveys.cr.yp.to:131.193.178.100  +---------------+

The response =network-surveys.cr.yp.to:131.193.178.100 finally answers the original question: the IP address of network-surveys.cr.yp.to is 131.193.178.100.

All of this work is handled by a DNS cache running on your computer. Your computer remembers everything that it learned (for a limited amount of time; information changes!) to save time later. As an alternative, your computer can contact an external DNS cache operated by your Internet service provider; the external DNS cache will do all the work and report the answer.

Multiple servers

To protect against computer failure, there are actually several root servers, several .to servers, and two yp.to servers. Each of the root servers has the following information:

    .:198.41.0.4:a      
    .:128.9.0.107:b      
    .:192.33.4.12:c      
    .:128.8.10.90:d      
    .:192.203.230.10:e      
    .:192.5.5.241:f      
    .:192.112.36.4:g      
    .:128.63.2.53:h      
    .:192.36.148.17:i      
    .:192.58.128.30:j      
    .:193.0.14.129:k      
    .:198.32.64.12:l      
    .:202.12.27.33:m      
    &to:128.250.1.21:a      
    &to:193.0.0.193:b      
    &to:196.7.0.139:c      
    &to:206.184.59.10:d      
    &to:198.6.1.82:e      
    &to:206.86.247.253:f      
    &to:148.59.19.11:g

Each of the .to servers has the following information:

    .to:128.250.1.21:a      
    .to:193.0.0.193:b      
    .to:196.7.0.139:c      
    .to:206.184.59.10:d      
    .to:198.6.1.82:e      
    .to:206.86.247.253:f      
    .to:148.59.19.11:g      
    &yp.to:131.193.178.181:a      
    &yp.to:131.193.178.160:b      
    # or, in BIND master zone-file format:      
    # yp.to IN NS a.ns.yp.to      
    # yp.to IN NS b.ns.yp.to      
    # a.ns.yp.to IN A 131.193.178.181      
    # b.ns.yp.to IN A 131.193.178.160

Your computer tries the root servers in a random order. When it receives a response from some root server, it moves to the .to servers, and tries them in a random order. It eventually receives the answer from one of the two yp.to servers.

Reverse lookups

Suppose your computer sees the IP address 208.33.217.122 and wants to know the corresponding computer name.

Your computer asks a series of DNS servers about the name 122.217.33.208.in-addr.arpa. The root servers have the following information:

    &33.208.in-addr.arpa:206.228.179.10:c      
    &33.208.in-addr.arpa:144.228.254.10:b      
    &33.208.in-addr.arpa:144.228.255.10:a

The DNS server at IP address 144.228.254.10 has the following information:

    .33.208.in-addr.arpa:144.228.255.10:a      
    .33.208.in-addr.arpa:206.228.179.10:c      
    .33.208.in-addr.arpa:144.228.254.10:b      
    &217.33.208.in-addr.arpa:209.191.164.20:a      
    &217.33.208.in-addr.arpa:206.253.194.65:b

The DNS server at IP address 209.191.164.20 has the following information:

    .217.33.208.in-addr.arpa:209.191.164.20:a      
    .217.33.208.in-addr.arpa:206.253.194.65:b      
    =mm-outgoing.amazon.com:208.33.217.122

The answer is mm-outgoing.amazon.com.

Looking up the address for a name, and then the computer name for that address, doesn't necessarily produce the original name. Looking up the computer name for an address, and then the address for that name, doesn't necessarily produce the original address.

1. Your web browser asks the resolving DNS server what the address of www.domainname.com is. Your computer already knows where the local ISP resolving DNS server is through its network configuration.
2. The Resolving DNS server does not know the address. So it asks a root server the same question. The 13 root servers have globally well-known IP addresses, and are run by a US-based company called ICANN
3. The root server replies that it does not know, but it gives the address of the server which knows about .com domains.
4. The resolving DNS server asks the .com server what the address of www.domainname.com is.
5. The .com server replies that it does not know, but it gives the address of the server which knows about .domainname.com domain. This server is can be a managed server and many companies pay an annual fee (via a domain registar) to maintain this referral for their domain.
6. The resolving DNS server asks the .domainname.com server what the address of www.domainname.com is.
7. The server answers the query with the IP address of www.domainname.com, and marks the response as “authoratitve”. This is an assertion that the answer is correct and complete. It also adds to its reply that “this data is valid for 24 hours”, so that anyone who is asking can confidently re-use the information for that time without having to issue another query.
8. The resolving DNS server finally has its answer, and can reply back to the web browser with the IP address. Crucially it marks its answer as “non-authoratitive”, so that the web browser knows it has the information indirectly

Chan Chen 2012-02-20 11:47 发表评论

久久久亚洲AV波多野结衣,WWW亚洲色大成网络.COM ,久久精品视频亚洲

Dos Attack

Gateway

DHCP Overview

Bits and Bytes

Telnet and SSH

How does DNS work

Suppose your computer wants to find the IP address of network-surveys.cr.yp.to. It contacts a series of DNS servers around the Internet.

Multiple servers

Reverse lookups

Suppose your computer wants to find the IP address of `network-surveys.cr.yp.to`. It contacts a series of DNS servers around the Internet.