|
Domain Name Servers
When you surf the web using a Browser such as
Microsoft's Internet Explorer or Mozilla's FireFox, you
start by typing a home page address into the "To:"
dialog box and click "Go". If the address or URL
(universal resource locator) is accurate, the site is
displayed on your terminal screen. This URL addressing
method was designed as a user convenience and actually
represents a numerical address known as an IP or
"Internet Postal" address. The designers of the Net
thought it would be easier for users to recall verbose
(english) addresses rather than a string of possibly up
to 12 numbers comprising a quad (4 byte) IP. However,
for your Browser to actually reach the desired site,
the URL must be converted (or resolved) into its
numeric IP form. This is the job of DNS or Domain Name
Servers that exist out on the network. Technically its
possible to type in just the IP and reach the Web site.
Example: CNN's IP is "
64.236.24.12". Try typing CNN's IP into
your Browsers "To:" dialog box and click on "Go" or hit
the "Enter" key. Or, if you are lazy, click the IP
above.
There may be times when the DNS services are down and
you get the "Unable to Resolve" error message. Knowing
the IP could still allow you to get through.
To recap, every URL must first be resolved into its
actual IP address. When you type in the URL, your
Browser (behind the scenes) then request DNS to send
back the IP which in turn allows your Browser to reach
and render (display) the page.
A URL can be simple, or complex and may contain several
sections beginning with the protocol prefix (HTTP:// or
HTTPS://), the address - a server a verbose domain, sub
domain or IP (ARC.TZO.COM) and a path to a file
(/ham/ICR.PHO), the port number (by default or without
one, web servers render vi port 80), and a command tail
(where data can be passed back and forth between the
web server and the Browser (a user name, password,
instructions etc).
When "HTTPS" is employed, it means the transmissions
will occur using a 128 bit two key (private and public)
encryption protocol known as SSL 2 (Single Socket
Layer). This is a slightly less robust, but otherwise
identical and strong encryption method to that employed
by PGP (Pretty Good Privacy). Information passed by
HTTPS can be considered to be "practically" impossible
to decrypt and is therefore used by most banking and or
commercial services that pass sensitive information.
Example (simplified): Every time you connect to a Bank
over an SSL connection, the Bank transmits their public
key. Your browsers SSL code takes their public key and
generates a private key, which together is used to
encrypt the information you send to it (such as your
account and PIN number). Likewise when the Bank sends
your balance it is encoded first with their private key
and your public key (which SSL also generates and
supplies to them). All that's needed on either end to
decode is the other parties public key.
It is said that HTTPS is knows as the Holy Grail of the
hack and crack sub culture. To date no one has been
able to find an algorithm to factor out the private key
in a reasonably short period of time (less than the
lifetime of our Sun).
Most Browsers can actually read or interpret a URL in
non standard format. As example, a URL could be created
in hexadecimal, octal or dword formats. Sounds confusing?
Then learn more here at PcHelp.
Return to Top
The Versatile Web Browser
Every Browser has the ability to reach various "other"
services on the Internet or your PC. The "HTTP://" part of an
address tells the Browser you are trying to connect to
a Web server somewhere out on the Net. By default, a
modern Browser assumes you want a Web server if you
fail to include the "HTTP://" header. Many Universities
and Companies still operate public FTP servers (File
Depositories) where you can access software. Much of
this software is known as Freeware. Meaning its yours
to use without cost. Frequently the FTP (file transfer
protocol) IP is the same as the Web server. To let the
Browser know you want the FTP server, the URL should
start with the protocols key word "FTP://" Try typing the
following address (less quotes) into your Browser or
click it here "
FTP://papa.indstate.edu". You can even upload a
file from your PC to an FTP server, if the server
allows it.
In addition to FTP, there is a service called TELNET.
Telnet allows remote access to other systems on the
Net. Depending on how a system administrator sets the
permission, you could use Telnet to totally control
another system remotely. You type "telnet://domain
name:port (if not port 23, the default)" in the same
Go: dialog box. Your Browser might shell out to a
Windows Telnet utility but the effect is the same, you
can reach a Telnet server through your Browser. Many
surviving Telnet operations use non standard ports,
something not supported by the basic Telnet utility
that comes with Microsoft's operating systems.
Telnet is a service that is slowly disappearing
around the Net. Therefore Telnet is mentioned
mostly for nostalgia. However, if you are interested in
learning more, I suggest you visit the Telnet Organization.
All modern Browers are capable of rendering or displaying
most all common file types. The protocol key is "FILE://".
Example: file://drive.pathto.filename.extension
Finally, using your Browser, you can initiate and send
email through your default e-mail client by using the
"mailto:" protocol key word. Try typing
"mailto:arcmail@charter.net" in your Browsers "To:"
dialog box.
Return to Top
Why a Firewall?
As a Teacher I have always been impressed with buzz
words created by geeks to name various network
services. From words like Gopher, Archie and Kermit,
Firewall evolved out of the same genre. Because of the
Nets intentionally "open" digital packet architecture,
the main protocol running over the network (TCP/IP) was
destined to be tested, prodded, and exploited by every
bored, thrill seeking, mis directed psychotic. This is
not to say these hackers are a bunch of ignoramuses,
quite the contrary, most are very bright but typically
they are under-achievers in all other things
considered normal. The bottom line is that there is no
end to the number of people trying hourly to gain
notoriety as the first to gain unauthorized access to a
computer system somewhere out on the Net. If that were
all there was to it, the problem might not be a problem
at all. But most hackers, after gaining access, want
to do mischief that can range from a nuisance to
catastrophic.
The game plan whenever your computer is connected to
the Internet is to stop trouble before it starts. A
Firewall, properly configured, can protect you. There
are, unfortunately, ways around Firewalls when hackers
discover exploits in either the operating system or
the software programs you use, trust, and approve to pass
through your Firewall. More on that later.
There are two types of Firewalls, Hardware or Software
based. When PC's employed clock speeds under 200mhz, it
was more desirable to have a hardware firewall. Many
Routers, used on small Networks, have firewalls built
in. Since most PC's today are running Pentium processors
in excess of 1ghz, software firewalls are no longer
a handicap. For the average user, I suggest using a
FREE, intelligently designed, software firewall like
ZoneAlarm. ZoneAlarm is easy to use because the
operator does not need to know anything about what
protocols or ports his Internet software uses. Once
the operatorr approves ZoneAlarm to allow it, Zone
knows everything it needs to do. However, for more
sophisticated users, Zone allows full manual
configuration.
I highly recommend disabling any DSL/CABLE modems built
in firewall and using a good intutive software firewall
like ZoneAlarm. This will eliminate having to traverse
a mountain of arcane menus and options in your modems
setup everytime you add new software that communicates
on the Internet.
To disable port blocking, you will need to enter the
Modem/Routers configuration setup vi your Browser. The
manufacturer can supply the IP address to access the
device. Typically you will have the one of several
methods to disable all the port blocking. First, look
for a simple set "DMZ ON" check box; or, an IP
PASSTHROUGH/DMZ checkbox; OR, a PASS a Range of Ports
(as in 1 - 65535); OR, set the Modem to act as a
network Bridge. If as a Bridge you would be better
served if you add a Router (with it set to DMZ) between
the Modem and the PC. Otherwise you will need to
activate the PPPoE protocol (Point To Point protocol
over Ethernet)on the PC itself.
Finally, and this is important, if you are using IP
PASSTHROUGH, you must open a DOS Window and change your
NIC's former non routeable network IP to your new WAN
IP. This is accompolished by typing "IPCONFIG /RELEASE
then IPCONFIG /RENEW. The reason for this is that the
old IP is stored in the registry and would otherwise
continue to be used by your network card, until it is
changed by IPCONFIG. Your ISP will give you the Modem's
configuration address (a non route-able IP you type
into your Browsers "To:" dialog box). Commongly this
is 192.168.1.1 but may vary. Check the modem's manual.
Remember, if bypass your Modems built in Firewall, you
MUST run a good software firewall.
It is extremely important to keep abreast of patches,
fixes and UPDATES that come available for both your
operating system and client software (software that
communicates using the Internet). This INCLUDES your
FIREWALL. Hackers are famous for discovering flaws in
popular software that can be exploited over the
Internet. Even big giants like Microsoft have been
caught with their pants down. Example, lets say you use
MS'a e-mail client, Outlook Express. You authorize
your Firewall to permit Outlook to communicate over the
Net. But Outlook has a flaw. If it receives a
specially formatted message, it can crash your
computer.
In addition to a FireWall, you should be running a
good, regularly updated, Virus scanner. Look at the
last lesson for my recommendation on a good FREE virus
scanner. I also suggest you NOT operate a virus scanner
in stealth or background mode. This tends to make you
lazy and not alert to the implications of all your
actions. Since most all virus, trojans and worms
typically gain access to your computer when you install
or run an infected program you downloaded or received
as an email attachment, its only necessary to scan the
download or attachment BEFORE you use them.
Final Thoughts. You will never be 100% safe operating
a computer today that is connected to the Internet. In
other words, you can be had. It will likely happen at a
time when you are tried, overconfident or sloppy and
hit a key or click the mouse unintentionally. However,
with vigilance and good operating practices, a firewall
and a Virus scanner, you can be 99.99% safe.
Return to Top
Network Utilities
The Windows Operating System comes with a variety of
networking utilities to help diagnose and even correct
various problems. The utilities mentioned here are not
unique to Microsoft's Windows operating system and are
available from many other sources in different flavors.
In fact, most were originally created around the UNIX
operating system. What they all share in common is that
they all utilize features built into the TCP/IP
protocol that runs the digital realm known as the
Internet. The Windows variant of these utilities can be
found in the system folders and can be run or operated
within a system command window formally known as DOS.
PING: A submarine locates other underwater objects by
sending out a sound wave and listening for returning
echoes that are reflected back. The Internet is built
in such a way that every host computer on the Network
will respond to a special ICMP or PING packet vi built
in code in its TCP/IP software. This utility is
frequently used when building local networks to test
that each node or PC is connected and properly
responding. PING only requires that you give it the
address or IP of the machine you want a reply from.
Example, PING 198.162.100.1 Ping will either time out
after a few attempts to get a reply or return a packet
with round trip timing information when successful. In
either case it reports what is happening. Because PING
can reach across the entire Internet and be used
maliciously to flood someone's computer with
unnecessary traffic, eating at their bandwidth, most
firewalls automatically block ping request.
TRACEROUTE: Or TRACERT as found in Windows. The path
over the Internet to another computer, may not be the
shortest path, as it should when traffic is light and
all the backbones are functioning normally. It is
sometimes interesting to know the exact path and time
delays your packets are taking to each intermediate
relay before they reach their destination. Traceroute
takes advantage of a part of a data packet known as the
TTL byte or "Time to Live" value. Traceroute works by
sending a packet with low a low time-to-live (TTL)
value. The TTL value specifies how many hops the packet
is allowed before it is returned. When a packet can't
reach its destination because the TTL value is too low,
the last host returns the packet and identifies itself.
By sending a series of packets starting with a low TTL
then incrementing the TTL value with each successive
packet, traceroute finds out who all the intermediary
hosts are.
IPCONFIG: This utility serves many useful functions;
from determining your current IP address if they are
dynamically assigned, to resetting your IP in a local
network environment (the more frequent use). It can
also give determine your network cards MAC address,
which is unique to every card and necessary to know
when setting up virtual private networks.
NETSTAT: This is another diagnostic network utility
that can report a multitude of useful information but
is more of a system analyst tool.
For help using any of these tools, type its name at a
command prompt, followed by a space, then a question
mark.
If you are too lazy to find and use these net utilities
on your computer, many of these utilities can be
remotely operated vi the Web. One site for doing such
things is Network
Tools.
Return to Top
THE WEB
The modern Internet began life in 1969 as a group of
large mainframe computers (located at various
universities and research centers) tied together
through a network of wire, microwave and satellites.
This project was funded from the U.S. Governments
Advanced Research Projects Agency or ARPA. Hence it was
first known as the ARPANET.
The original aim was to create a network that would
allow users at any one site to be able to communicate
with users at any other site. The network was designed
so it could continue to function even if parts of it
were destroyed in the event of a military attack or
other disaster. This fish net like design in its
crisscrossing connections, wherein messages could be
routed or rerouted in more than one direction or path
across the network, made the system highly redundant
and therefore survivable. Eventually insightful people
in our government turned the network over to use by
Universities, Colleges and Research Centers, where in
turn it was made available to their scientist, teachers
and students and eventually the general public and the
world.
The Internet today is a cooperative, public, self-
sustaining facility connecting hundreds of millions of
personal computers and people worldwide. Physically,
the Internet now uses a portion of the total resources
of currently existing private telecommunication
networks such as those used for telephone and Teletype
communications. Technically, what distinguishes the
Internet from standard voice type communications is its
use of a set of data transmission and reception rules
(called protocols) such as TCP/IP (Transmission Control
Protocol/Internet Protocol). Two recent adaptations of
Internet technology, the Intranet and the Extranet,
also make use of the TCP/IP protocol.
The term WEB, as opposed to Net, came into more wide
spread use in 1990 when Tim Berners-Lee created the
HTML or Hyper Text Markup Language that is used today
(in much newer iterations) to render (send and receive)
information in a multimedia form. That is, text,
pictures and sounds. The format also includes "links"
that can take you immediately to resources on other
systems. The Mozilla group was one of the first
organizations to create the software to take advantage
of this new language. It was called a Web Browser or
just Browser for short. Eventually people in the
Mozilla group splintered off to produce Netscape. Since
then, Mozilla went on to produce the most popular
freeware Browser in use today, called Firefox.
Microsoft was hesitant to put much effort into their
early Browser, known as Internet Explorer, by assuming
the WEB was not going to be the final incarnation of
data transfer. As a result, several 3rd party software
companies found the opportunity to produce competing
Browsers like AOL's Navigator and Opera. When Microsoft
finally woke up, they began taking advantage of their
huge monopoly by creating feature in their HTML server
software that could only be taken advantage of by using
their Internet Explorer Browser. After several large
anti trust suits, the playing field is now more or less
level again with consumer choice.
NOTE: For those interested in learning more about
writing HTML code, here is a page with lots of HTML resources:
DoHTML.
Return to Top
Electronic Mail
In theory, E-Mail could easily be transmitted across
the Internet from source PC to destination PC without
any go-between servers. This direct route is known
as peer to peer. The drawback is this would
require the destination PC to be "online" at the same
time the sender mails a message. To overcome this
problem the ISP's run e-mail SMTP and POP3 servers
that are online 24/7.
ISP = Internet Service Provider
SMTP = Simplified Mail Transport Protocol
POP3 = Post Office Protocol Version 3
Each has a specific job and will be explained below.
SENDING MAIL:
Example, you are joe@myisp.com and your mail is going
to jim@hisisp.com. When you send an e-mail message from
your client (your e-mail program) it delivers the
message over the Internet vi TCP/IP (Transfer Control
Protocol) to an SMTP server. This is all done
automatically. Your stack (a group of tcp/ip software
programs running on your PC) opens a Socket on port 25
to connect to your providers SMTP server. Your
providers SMTP server (lets assume smtp.myisp.com)
receives your sent message. The SMTP now looks up (vi
a DNS call - to a special MX Domain Name Server) the
destination POP3 MX record of the destination POP3
server (lets assume pop.hisisp.com) and then attempts
to relay the mail to its true destination. The
addresses of all POP3 servers are intentionally made
obscure vi MX DNS to prevent ordinary users from
accessing them directly to spread spam. (unsolicited
messages, usually advertisements).
If the POP3 server is listening (as they normally do)
the mail is received. If the server is off line for
whatever reason, the sending SMTP spools (stores) the
message and trys again every four hours typically for
24 hours. Generally the mail gets through within this
time frame. However, two things could happen. First
the POP3 mailer might be permanently off line. Second
the account (or mailbox) at the destination might no
longer be valid. In either of those two cases the mail
is returned to you with an explanation. Of course it
is possibly your providers SMTP server could be out of
service too, in which case your e-mail client will
report an error message on its attempt to send. More on
those anomalies later.
RECEIVING MAIL:
To receive mail, your e-mail client contacts your
providers POP3 (post office protocol) server (lets
assume its pop.myisp.com) on port 110 vi its ordinary
(non MX record) DNS address. Note: POP3 servers listen
and send vi two addresses - more on this in a minute).
Any messages waiting are transmitted to your e-mail
client along with instructions from your e-mail client
to delete the messages just successfully received from
off the POP3 servers database.
If you have been paying attention, you might be
wondering why your e-mail program cannot send its
outgoing mail directly to the destinations POP3 server
(pop.hisisp.com). The answer is because by design and
International agreement, this is the job of an SMTP
server. To thwart any rogue designed e-mail programs
from possibly bypassing the "system", the POP3 server
address (used to receive relayed mail) is on a
secondary hidden address - called it MX record.
However, its technically feasible to do this. And
SPAMMERS are famous for it.
SPAM MAIL:
Spam by definition is the receipt of any unsolicited
messages from other people or organizations. Today Spam
constitutes more than half of all e-mail traffic in the
world. Spam typically exploits the open architecture or
weaknesses of today's electronic mail systems. In an
effort to minimize Spam traffic, many ISP's have made
it impossible to use their SMTP servers unless you are
a recognized customer and logged onto their system. In
addition, some require that your return address match
their domain name. While this in fact stops some spam,
it also imposes some limitations upon a legitimate user
by restricting them from sending mail to their
providers SMTP server from outside their providers
network.
PORT BLOCKS:
Many ISP's go so far as to block any incoming traffic
on port 25 (the incoming SMTP port of most SMTP
servers) that does not originate from within their
domain. This eliminates non customers from using their
SMTP servers to send spam. Some independent E-Mail
providers will offer receipt of incoming mail on non
standard ports, such as 25000, to help thwart spam.
RUNNING YOUR OWN E-MAIL SERVER:
Due to the nature of TCP/IP, you can do anything on
your piece of the pipe that your provider can do
(assuming they imposes zero restrictions - and most
have no "physical" restrictions other than limits of
use to be found in their TOS or Terms of Service
agreement), and, within the confines of the amount of
available bandwidth you have. Therefore, its entirely
possible to run your own SMTP/POP3 servers; but not
very practical unless you are online 24/7 with a high
bandwidth connection. There are several shareware mail
server packages out there, FtGate being one of the more
popular.
UNDERSTANDING E-MAIL ATTACHMENTS:
Mail Attachments are one of the most misunderstood
facets of modern electronic mail. Here is the story.
The 8 bit design of the basic data unit, the Byte,
allows up to 256 characters (a bit can be zero or 1
representing TWO states, and with 8 bits you get
2x2x2x2x2x2x2x2 possibilities or combinations). The
alphabet consist of only 26 characters needing
representation. But if you factor upper and lower
case, as well as standard punctuation, then throw in
some control characters to do such arcane things as
carriage returns and line feeds and you wind up with
127 total necessary characters. This leaves position 7
(counting from left to right stating with zero - the
8th bit), unnecessary! Programmers being the
efficient fellows they are, designed the early packet
network systems around 7bit data bytes (the 8th bit was
used for a parity test). (Parity is measured by summing
the decimal value of the bits in a byte. If the number
is even, parity is even and vice versa. So, the 7th
bit is set to either 1 or 0.) This was a very crude
method of insuring data integrity in the early days of
networks. This is also where the 7E1, 8N1 type
designations for setting up old modem terminal software
come from.
So, what does this mean for modern computers and
electronic mail today? Its really very simple. Modern
electronic mail, being derived from and still operating
on many older main frame network computers is limited
to sending TEXT information only, i.e. no bytes with
values 128 or above can be transmitted. Since programs,
(executable files), contain bytes covering both low and
high characters from the ASCII table, this limits e-
mail from being able to carry them. The term Binary
file is often misused to represent 8bit data streams.
UUENCODE TO THE RESCUE:
Enter the BINHEX and BASE64 protocols (sometimes known
as the MIME standard). These utilities convert 8bit
bytes to 7bit bytes so they can be "Attached" to e-mail
as text. The miracle of modern programs is that this
encoding, (and decoding after its received), is all
done in the background. Most all users today have
adopted the MIME standard for e-mail, but UUENCODE (an
older protocol) is still very popular for passing
binary files on Newsgroups or the UUNET. When attaching
text files, some E-Mail clients allow the option of
merging the text file data into the message body, or,
sending it as a separate file.
UNDERSTANDING CC AND BCC ADDRESSING:
Either of these fields are used to send carbon copies
of your message to multiple recipients. If you use CC
everyone you send to will "see" the addresses of everyone
else who received a copy. Not too cool if your address
book reads more like a little black book. But, if you
use BCC instead, no recipients will ever know who else
got the same message; and, it will all look rather
personalized.
SENDING ANONYMOUS E-MAIL:
I am frequently asked if it is possible to send mail
anonymously; that is, so it "cannot" be traced. The
answer is not really. However, a method to obtain some
anonymity is to use a remailer service. Oddly, the many
are free and typically operated and sponsored by
privacy advocacy groups. One of the better ones was
REPLAY.COM, now long out of business. However, where
one dies on the vine, others come along to replace
them. If you are interested in anonymous mail do a
Google on "free anonymous email".
OTHER APPROACHES TO BECOMING SLIGHTLY ANONYMOUS:
Some users simply change their return mail address to a
pseudonym. While this may work on some SMTP server,
many are filtering the incoming mail and checking for
valid return addresses. If the return address is not
identical to that used to establish the account, the
mail is bounced. The ISP's are doing this to combat
SPAM. The only alternative is to setup your own SMTP
server. Send your e-mail to your server and then have
your server relay with no restrictions. FTGate is one
of the better PC SMTP servers on the market. Although
not for amateurs, it does the job. Find FTGate at
FloosieTek.
ELIMINATING X-HEADERS:
Using E-Mail clients that do not include X-Headers is
another way to gain some anonymity. More about a few
of those later below. X-Headers tell the recipient a
lot about who you are. Example, "X-Mailer" will
indicate the name of the e-mail program you are using
and "X-Sender" will give your verbose sub domain
address at the time the message was transmitted.
Although this address changes with each logon, your ISP
has a running log of who had that address at that hour.
In other words, you can still be traced. Occasionally
the mail program can be patched with a hex editor to
blank out the offending headers. But this is something
left only to experienced hackers.
POWER FEATURES TO LOOK FOR IN A GOOD E-MAIL CLIENT:
FILTERS: allow you to automate almost all processes.
ALIASES OR NICKNAMES: allow you to type "Gary" and get
"arcmail@charter.net" when you move the cursor.
MULTIPLE ACCOUNT OPERATIONS: In Eudora (my favorite) its called
"Personalities" . This allows you to check e-mailboxes
in many pop3 server accounts.
AUTOSAVE: Without this life can be a bear if you are
typing a long epistle and suddenly lose power.
SIGNATURES AND TEMPLATES: This is a must for business
mail. Most users put dorky saying in their signature
file which I find a total waste of bandwidth. I use
them for my PGP public key and my URL's etc. TEMPLATES
OR STATIONARY: is useful for form letters and putting
out a LISTSERV.
MULTI THREADING: Threading is another time saving
feature that allows concurrent operations. You can
type new messages, send mail from a Que and check for
incoming mail all at the same time with zero
interruptions. Its a must have feature.
PLUGINS: Another way to add versatility to your e-mail
client is for it to accomodate Plugins. I use a plugin
for PGP, Power Searching and Talking E- Mail.
IMPORT/EXPORT: A handy feature when migrating to
another e-mail client. It allows you to use your old
e- mail address books created by other mail clients and
make backups of your existing one.
RETURN RECEIPT: This feature must be server side
supported and has some drawbacks. The return receipt
only confirms the destination server got the mail not
that the recipient read it. I see little or no value
in this. Some online services like Compuserv once
informed the user when the recipient downloaded or read
the message. But, they also charged for the service.
FREE E-MAIL CLIENTS:
ThunderBird at: Mozilla Org.
E-Mail to Snail Mail Services: NetGram
Great Spelling Checker that will interface
with most Windows programs: ForNada
E-MAIL HOUSEKEEPING HINTS
Never allow mail to accumulate in either your IN box or
OUT box. Either manually move it to mailboxes or setup
filters to do the move automatically.
Take advantage of the timesaving bells and whistles
your e-mail program offers. Keep an up-to-date address
book, and never delete names and addresses. You never
know when someone will come back into your digital
life.
CHAIN E-MAIL is not only tacky, it's bandwidth robbing.
Don't become a participant in silly chainmail.
FLAMING, the sending of abusive or insulting e-mail, is
always a mistake. Would you say it in person? If not,
don't send it.
Return to Top
NEWSGROUPS
An often overlooked service on the Net today are the
Newsgroups (formally known as UUNET) running on servers
using the NNTP protocol. Some of you may have started
your modem life by contacting BBS'es (or Bulletin Board
Service's) in the late seventies and eighties. Each BBS
had a "theme", "subject" or "topic" that it catered
too. For instance if you were a Pilot, you likely
dialed BBS'es involved in Aviation. The big limitation
for most users was their toll free calling radius
unless the use did not mind paying long distance
charges. When the Internet Technology boomed, BBS'es
died on the vine. However the demand for gathering
places of people of common interest did not. Thus
evolved the Newsgroups which began life as a few dozen
topics shared by mostly researchers and scientist.
Internet Service Providers run most of the NNTP servers
that dish out the Newsgroups. However, some are picky
about which groups they allow on their servers and
accordingly many private NNTP operators, who don't
discriminate, have appeared on the scene with many
charging access fees. NNTP servers are all tied
together, sharing their data so that if you post a
message on one, eventually it appears on all of them
(where allowed!).
Newsgroup servers are still mostly run on older text
based UNIX servers using 7 bit (or text data storage).
This means that 8 bit data such as pictures and
software from first be converted to a 7 bit format,
transmitted that way, then converted back on the users
side. The more popular protocols for accomplishing
this are knows as UUENCODE and MIME. These protocols
are usually built into the Newsreaders and require no
user intervention with the entire operation happening
rather seamlessly.
Today the individual topic groups in the system number
over 80,000 with the Alt or Alternative groups numbering
the most. Newsgroups allow the user to POST, REPLY
TO and READ messages posted by others. Some groups are
moderated and have strict rules and others are lax and
loose. To access Newsgroups a client called a
Newsreader is required. Many Browsers or E-Mail clients
have a Newsreader built into them. But for the purist,
a stand alone client like Forte's AGENT
Newsreader is the only way to go.
The giant Web search engine Google, has made
it relatively easy to access Newsgroups. Its no longer
necessary to install a standalone newsreader like
Agent, although most purist do.
Return to Top
ROAMING PACKETS
Lets see what happens when your Browser makes a request
to visit a web page. After traveling through your phone
line and then through the telephone company central
office, your Web page request travels successively
through:
Your Internet service provider (ISP) server, the
regional network your ISP is connected to, if necessary,
through one of the four major network access points
(NAPs) in the U.S. Then through the national commercial
Backbones.
And then once again through the NAP, regional network,
and ISP at the other end. Sounds complicated? thats
because it is!
The regional networks and many Internet service
providers (ISPs) connect to several major commercial
networks that provide the backbone or superlink that
carries your Web requests and returned pages cross
country or on to international destinations. (Most of
the major Internet service providers are also national
commercial backbone providers.)
The actual physical wiring is often leased by the
networks from Regional Bell Operating Companies (RBOCs)
or other telephone companies. The Internet networks
interconnect the leased lines with their own routers
and switchers. Routers share information with adjacent
routers about the best routes to use. The agreements
among ISPs and the backbone providers to interconnect
and carry each other's traffic are called peering
agreements.
The regional networks and tributaries of the major
commercial networks intersect at four main network
access points (NAPs) near New York, Washington, D.C.,
Chicago, and San Francisco.
Major companies that provide this collective backbone
(they sometimes rent or share each other's lines)
include:
AT&T Network Services
BBN Planet
Cable & Wireless USA
Sprintlink
UUNET, a part of MCI WorldCom
In general, the NAPs interconnect with each other and
with major cities that feed into them with T-3 lines.
Locations with less traffic are connected with T-1
lines. Cable & Wireless USA includes a large ATM
network with OC-3 lines. Many regional ISPs
interconnect directly with each other for regional
connections that do not need to go through a NAP.
In addition to the commercial backbone, there is also a
national scientific backbone called the "very high
speed Backbone Network Service" (vBNS) that
interconnects five supercomputer centers in the United
States.
The T-carrier system, introduced by the Bell System in
the U.S. in the 1960s, was the first successful system
that supported digitized voice transmission. The
transmission rate for a T1 is 1.544 Mbps. The T-1 line
is in common use today in Internet service provider
(ISP) connections to the Internet.
Another level, the T-3 line, providing 44.736 Mbps, is
also commonly used by ISPs. Another commonly installed
service is a fractional T-1 line, which is the rental
of some portion of the 24 channels in a T-1 line, with
the other channels going unused.
The T-carrier system is entirely digital, using pulse
code modulation and time-division multiplexing. The
system uses four wires and provides full-duplex
capability (two wires for receiving and two for sending
at the same time).
The T-1 digital stream consists of 24 64-Kbps channels
that are multiplexed. (The standardized 64 Kbps channel
is based on the bandwidth required for a voice
conversation.) The four wires were originally a pair of
twisted-pair copper wires, but can now also include
coaxial cable, optical fiber, digital microwave, and
other media. A number of variations on the number and
use of channels are possible.
In the T-1 system, voice signals are sampled 8,000
times a second and each sample is digitized into an 8-
bit word. With 24 channels being digitized at the same
time, a 192-bit frame (24 channels each with an 8-bit
word) is thus being transmitted 8,000 times a second.
Each frame is separated from the next by a single bit,
making a 193-bit block. The 192 bit frame multiplied by
8,000 and the additional 8,000 framing bits make up the
T-1's 1.544 Mbps data rate. The signaling bits are the
least significant bits per frame.
ATM (asynchronous transfer mode) is a dedicated-
connection switching technology that organizes digital
data into 53-byte cells or packets and transmits them
over a medium using digital signal technology.
Individually, a cell is processed asynchronously
relative to other related cells and is queued before
being multiplexed over the line.
Because ATM is designed to be easily implemented by
hardware (rather than software), faster processing
speeds are possible. The pre specified bit rates are
either 155.520 Mbps or 622.080 Mpbs. IEEE Spectrum
reports that speeds on ATM networks are expected to
reach 10 Gbps.
The Synchronous Optical Network (SONET) includes a set
of signal rate multiples for transmitting digital
signals on optical fiber. The base rate (OC-1) is 51.84
Mbps. OC-2 runs at twice the base rate, OC-3 at three
times the base rate, and so forth. Planned rates
include OC-1, OC-3 (155.52 Mbps), OC-12 (622.08 Mpbs),
and OC-48 (2.488 Gbps). ATM makes use of some of the
Optical Carrier levels.
The vBNS (very high-speed Backbone Network Service) is
a network that interconnects a number of supercomputer
centers in the United States and is reserved for
science applications requiring the massive computing
that supercomputers can provide. Scientists at the
supercomputer centers and other locations apply for
time on the supercomputers and use of the vBNS by
describing their projects to a committee that
apportions computer time and vBNS resources. The vBNS
and the supercomputer centers were initiated and are
maintained by the National Science Foundation (NSF).
The vBNS began operation in April, 1995, as the
successor to the NSFNet. The NSFNet itself succeeded
DARPANET, the original Internet network. The vBNS is
the scientific portion of the Internet that NSF
continues to fund. The physical infrastructure for the
original Internet is now owned and maintained by the
national commercial backbone companies in the United
States and worldwide.
Currently, MCI provides the backbone infrastructure for
the vBNS under contract from the National Science
Foundation. The backbone consists mainly of
interconnected OC-3 lines (operating at 155 Mbps or
higher). The vBNS provides connections to the four
national network access points (NAPs). The vBNS
infrastructure itself is not shared with commercial
companies and ordinary users.
As part of the evolution toward a commercially self-
sustained Internet, the National Science Foundation
continues to operate the routing arbiter, a service
that the NAPs and other routers use to route and
reroute packets and optimize traffic flow on the
Internet. The routing arbiter service is managed by
Merit under a contract from the NSF that expires in
July, 1999.
The vBNS has recently become part of the infrastructure
of Internet2. A new NFS-funded initiative is developing
an advanced network infrastructure referred to as the
National Technology Grid.
Return to Top
Who OWNS the Internet:
The Internet is a public collaboration. No one person,
organization, or group of organizations owns it. It
grew from a relatively small network of four computers
used in research for the United States defense
establishment into a public system comprised of
hundreds of commercial telecommunication networks of
all sizes, thousands of institutions, hundreds of
thousands of businesses, and at least 30 million
individual users. Who really runs it and keeps it
going? You. In your roles as economic producer and
consumer, as information user, as free-speech advocate
and concerned parent, as a political participant in
your own community and the world community, you have a
real interest in seeing that the Internet serves you
well. Fortunately, there are many ways to do this.
The Internet Society. The institutional "soul" of
the Internet. You can join.
The Internet Architecture Board. Among other things,
this Internet Society board oversees the IETF.
The Internet Engineering Task Force. This group,
composed of working members from many corporations as
well as interested and competent individuals, maintains
TCP/IP, the underlying Internet protocol.
The World Wide Web Consortium. This industry-supported
organization, whose founders include Web protocol
inventor Tim Berners-Lee, fosters standards for the
Web, including the Hypertext Transport Protocol (HTTP)
that your Web browser and all Web servers use,
Hypertext Markup Language (HTML), and other Web
standards.
The Internet Corporation for Assigned Names and Numbers
(ICANN), the private, non-profit corporation with
responsibility for Internet address space allocation,
protocol parameter assignment, domain name system
management, and root server system management
functions, the service previously performed by the
Internet Assigned Numbers Authority.
InterNIC. This organization controls the assignment of
domain names and their equivalent IP addresses. If we
examine the minimum and maximum numerical value that
can be stored in an IP (dot quad - 4 byte number) we
see it can range from zero to 4,294,967,295 or
approximately 5 billion, the current population of the
Earth.
There are three classes of domain or network providers
A, B and C. A class C provider is the more common,
representative of most smaller local Internet Service
providers. They can typically sell 254 unique
addresses. The class B can offer 65,535 addresses and
the class A - 16,777,215.
A typical ISP has 1000 customer. When 254 call at the
same time, someone will get a busy signal. Each
customer is assigned an IP number at the time they
connect. They will be the only person in the world who
has that number at that time. Its truly a unique
identification. When they hang up, that IP is returned
to the IP modem POOL to be reissued to the next caller.
This is called dynamic IP addressing. Some services
give you an IP that never changes, this is called a
Static IP. The primary advantage in a static IP is
having a fixed or permanent address on the Net - like
your municipal house number. This makes DC or direct
connect clients and servers very easy to use. This is
sometimes called peer to peer communications such as
Internet telephone/video and chat communications.
When you apply for a domain of your own such as
garyraymond.com, you are given a static IP which is
registered and paired with your URL (domain name) on
the DNS server system.
For example to find "www.volvo.se" (the web server for
Volvo in Sweden), DNS does the following:
1) Ask one of the 13 root DNS servers for the addresses
of "se" DNS servers.
2) Ask one of these "se" DNS servers for the addresses
of "volvo.se" DNS servers.
3) Ask one of these "volvo.se" DNS servers for the
address of "www.volvo.se"
By iterating through the tree (starting at the root),
DNS can find any address in the world based on this
"root file".
Originated because of "cold war" security needs and
U.S. defense research efforts, the Internet continues
to be influenced by governments around the world. Some
governments determine how accessible the Internet is
and who can access it. Democratic governments are
concerned about defense security, children's access to
pornography, and the regulation of and provision of
fair access to telecommunications infrastructure.
The Electronic Frontier Foundation. This organization
leads the fight to protect free speech on the Internet.
Standards organizations. Standards foster order and
stability. Foremost is the International Organization
for Standardization (ISO). Among groups that contribute
to standards development are the Institute of
Electrical and Electronic Engineers. Many other
organizations contribute to standards.
Inventors and product developers. The Internet is the
result of the individual ideas of people like Vinton
Cerf (TCP/IP) and Tim Berners-Lee (HTTP), teams and
work groups of bright and devoted contributors, often
supported by collaborating corporations such as
Netscape, Microsoft, Sun Microsystems, IBM, and every
company that produces a product you can use on the
Internet.
Content developers. Not least, there has to be some
reason to use the Internet. Content developers are the
people who've built the millions and millions of Web
pages.
Infrastructure providers. These include Internet
service providers, your local phone company, possibly
your cable TV company, and hundreds of companies that
manufacture and put together the networks that make up
the Internet.
Return to Top
MUMBO JUMBO or where it all begins:
Your PC receives a unique Internet Postal address (or IP
number) from your ISP (Internet service provider). This
number either stays the same (is STATIC) or changes
every time you logon (or when the IP lease expires). Your ISP has
a block of such numbers, which are allocated by their
upstream provider. At the top of the hierarchy for IP
number allocations are the three regional registries:
APNIC for Asia and the Pacific (www.apnic.net), RIPE
for Europe (www.ripe.net), and ARIN (www.arin.net), the
American Registry for Internet Numbers, for the
Americas and part of Africa. These agencies work in
conjunction with the Internet Assigned Numbers
Authority (www.iana.org), currently funded by the U.S.
government's National Science Foundation.
To make it possible to assign IP numbers dynamically,
in 1993 the Internet Engineering Task Force came up
with the idea of the Dynamic Host Configuration
Protocol, more commonly known as DHCP. DHCP was
designed specifically to allow greater allocation
flexibility than earlier protocols such as BOOTP (the
old Bootstrap Protocol). DHCP is in fact based on
BOOTP, but it offers many extended features, including
the ability to lease IP numbers for limited periods of
time, thereby allowing the DHCP server to recover and
reuse those numbers.
Providing IP addresses to dial-in and digital accounts is probably
the most common use of DHCP, but it is not the only
one. For example, you can also use DHCP to let
computers on your LAN share an Internet connection.
Microsoft Windows 98 Second Edition offers this
configuration through a feature known as Internet
Connection Sharing (ICS). When installed, ICS acts as a
DHCP server to the computers on the LAN, dynamically
assigning them IP addresses from a pool of IP numbers
in the 192.168.x.x range, which has been reserved for
use in private networks. The computer on the LAN that
serves these numbers in turn obtains an IP address
through DHCP (from its ISP) and in effect shares this
IP number with the rest of the LAN. It processes each
client request to the Internet as if the request were
coming from the IP number, using the private IP numbers
to keep track of which LAN client made the request and
should receive the response. But enough of this for
now. Read at the end of this article for more info
on how DHCP works.
The Internet Assigned Numbers Authority (IANA) has
reserved the following Class ranges of IPv4 addresses
(dot quads - 4 bytes - 32 bits) for use in PRIVATE
Networks:
Class A: 10.0.0.1 - 10.255.255.254
Class ?: 90.0.0.0 - 90.255.255.254
Class B: 172.16.0.1 - 172.31.255.254
Class C: 192.168.0.1 - 192.168.255.254
Because these addresses are reserved as private, no
hosts on the Internet will ever use addresses in any of
these ranges. Similarly, the main routers on the
Internet backbone will not pass packets with such
addresses. There will be many other private networks
using the same ranges, but they can never clash with
one another.
An important concept to understand about Internet
addresses is that every Internet address has a "network
part" and a "host part". You cannot tell which part is
the network part and which part is the host part
without using something called a "subnet mask". The
result of ANDing the IP with the mask is the Network
Address.
Where the subnet mask bit fields are a binary "one",
the bits are network bits. Where the subnet mask is a
binary "zero", the bits are host bits. The network part
is the leftmost part and the host part is the rightmost
part of the address. The binary value for decimal 255
is 1111-1111.
Example:
Addr=211.178.101.117
Mask=255.255.255.0
Results: 211.178.101 is Network
and 117 is Host on that Network
Examples of private network addresses are:
10.0.0.1, 10.0.0.2, 10.0.0.3
using a subnet mask of 255.0.0.0
172.16.0.1 thru 172.31.255.254
using a subnet mask of 255.255.0.0
192.168.0.1, 192.168.0.2, 192.168.0.3
using a subnet mask 255.255.255.0
There are five classes of Public Domains, A, B, C, D and E.
The Network Class is denoted in the first
or leftmost Octet of the IP (or dot quad).
001 thru 126 denotes A class
128 thru 191 denotes B class
192 thru 223 denotes C class - most small local ISP's
224 thru 239 denotes D class - used for broadcasting
240 thru 255 denotes E class - unused or experimental
Class A "address ranges" also use only the first octet to
identify the network, and this lies in the range 1 to
126 (ie, 1.0.0.0 to 126.0.0.0); the matching subnet
mask is 255.0.0.0 There are 126 (16,777,216) addresses
in a class A network. All 126 of the class A ranges
have been allocated.
Note that the 127.0.0.0 range is reserved for loopback
(the internal logical IP network via which any machine
running IP may address itself).
Class B address ranges use the first two octets for the
network number, and the first octet must be in the
range 128 to 191; the subnet mask is 255.255.0.0. There
are 16,000 (65,536) addresses in a class B network; a
subnet mask of 255.255.0.0 is used. Most of the class B
ranges have been allocated.
Class C address ranges use the first three octets for
the network number, and the first octet must be between
223 and 192. There are 2,000,000 (256) addresses in a
class C range; the subnet mask of 255.255.255.0 is
used.
Class D is between 224.0.0.0 and 239.0.0.0 and is used
for IP multicast, a form of broadcasting.
Class E (Experimental) reserves values from 240.0.0.0
to 255.0.0.0, which currently are not used.
Certain values are reserved and may not be used. "0"
(zero) refers to an entire network; for example,
192.168.24.0 means the range of addresses from
192.168.24.1 to 192.168.24.254, and 192.0.0.0 refers to
the 192.0.0.1 to 192.255.255.255 range. A machine
therefore may not be given an address ending in 0
(zero). Similarly, 255 is the “broadcast address”: a
packet sent to 192.169.24.255 will be picked up by all
machines in the 192.168.24.0 network. Thus, 255 may not
be used in the address.
IPv6 or 128 bit addresses are being implemented.
Standardized TCP/IP Port assignments:
By international agreements, the standard ports cover
the range of numbers from 0 through 1023. Various
Clients Communicate on the following default Ports.
TELNET talks on port 23
E-MAIL talks on port 25 (smtp) and 110 (pop3)
HTTP talks on port 80
NNTP talks on port 119
FTP talks on port 21
All port numbers are stored in 16 bit Integers.
Registered ports are numbered from 1024 through 49151.
The remaining ports, referred to as dynamic ports or
private ports, are numbered from 49152 through 65535.
Here is some additional help if you are creating a new
client - server application and picking operating
ports:
Ports 1-1023 are off-limits to people inventing new
protocols. They are reserved by the IANA for new
"standard" protocols. Important protocols like POP3 and
HTTP have low numbers (110 and 80, respectively), but
your new K-RAD game server shouldn't. Note that id
Software is going to Hell for using port 666 with their
DOOM network server. They cleaned up their act with
Quake, though.
Ports 1024 through 49151 are Registered Ports, which
are a good range to choose your ports from. Just beware
that the entire world is choosing from ports in this
range, so it may make sense for you to register your
port, or at least check the current list of assigned
ports. Just be aware that no one is obligated to check
that list before they make up their app's port number.
Ports 49152 through 65535 are Dynamic Ports, meaning
that operating systems use ports in this range when
choosing random ports. (The FTP protocol, for example,
uses random ports in the data transfer phase.) This is
a poor range to choose ports from, because there's a
fairly decent chance that your program and the OS will
fight over a given port eventually.
Many OSes pick local ports for client programs from the
1024-5000 range. You would do well to pick server ports
higher than 5000, but this is not as rigid a rule as
the previous ones.
Within the "safe" 5000-49151 range, there are many
numbers the IANA shows as unregistered. Of these, you
should avoid port numbers with patterns to them, or a
widely-recognized meaning. People tend to pick these
since they're easy to remember, but this increases the
chances of a collision. Ports 6969, 5150 and 22222 are
bad choices, for example.
You should also give some thought to making your
program's port configurable, in case your program is
run on a machine where another server is already using
that port.
Fully Qualified Domain Name
Extension Conventions:
arpa --- Advanced Projects Research Agency
com ---- Commercial/Busineses
edu ---- Education/Universities
gov ---- Government
int ---- International
mil ---- Military
net ---- Networks Organizations and ISP's
org ---- Non Profit Organizations
Example: - london-college.edu.gb
Example: - keesler.af.mil
The 7 proposed new extension are:
arts ---- cultural and entertainment entities
firm ---- businesses or firms
info ---- entities providing information services
nom ----- individual or personal designation
rec ----- recreational or entertainment entities
store --- businesses offering goods for purchase
web ----- entities related to the World Wide Web
NOTE: The two letter country code designator list below
may not be complete!
ae ---- United Arab Emirates
ai ---- Anguilla
ar ---- Argentine Republic
at ---- Austria
au ---- Australia
be ---- Belgium
bg ---- Bulgaria
bh ---- Finland
bm ---- Bermuda
bo ---- Bolivia
br ---- Brazil
ca ---- Canada
ch ---- Switzerland
cl ---- Chile
cn ---- People's Republic of China
co ---- Colombia
cr ---- Costa Rica
cy ---- Cyprus
cz ---- Czech Republic
de ---- Federal Republic of Germany
dk ---- Denmark
do ---- Dominican Republic
ec ---- Ecuador
ee ---- Estonia
eg ---- Arab Republic of Egypt
es ---- Spain
fi ---- Finland
fj ---- Fiji
fo ---- Faroe Islands
fr ---- France
gb ---- Great Britain
ge ---- Georgia
gl ---- Greenland
gr ---- Greece
gu ---- Guam
hk ---- Hong Kong
hr ---- Croatia / Hrvatska
hu ---- Hungary
id ---- Indonesia
ie ---- Ireland
il ---- Israel
in ---- India
is ---- Iceland
it ---- Italian Republic
jm ---- Jamaica
jo ---- Kingdom of Jordan
jp ---- Japan
kr ---- Korea
kw ---- Kuwait
ky ---- Cayman Islands
kz ---- Kazakhstan
lc ---- Saint Lucia
li ---- Principality of Liechtenstein
lt ---- Lithuania
lu ---- Grand Duchy of Luxembourg
lv ---- Latvia
mo ---- Macau (Ao-me'n)
mt ---- Malta
mx ---- United Mexican States
my ---- Malaysia
ni ---- Nicaragua
nl ---- Netherlands
no ---- Norway
nz ---- New Zealand
pa ---- Panama
pe ---- Peru
ph ---- Philippines
pl ---- Poland
pt ---- Portuguese Republic
ro ---- Romainia
ru ---- Russian Federation
se ---- Sweden
sg ---- Singapore
si ---- Slovenia
sk ---- Slovakia
su ---- Union of Soviet Socialist Republics
th ---- Thailand
tr ---- Turkey
tt ---- Trinidad & Tobago
tw ---- Taiwan
ua ---- Ukraine
ug ---- Uganda
uk ---- United Kingdom of Great Britain
us ---- United States of America
uy ---- Uruguay
ve ---- Venezuela
za ---- South Africa
zm ---- Zambia
WHAT IS DHCP and HOW does it WORK?
DHCP is a client/server protocol (as are TCP/IP, HTTP,
FTP, and other Internet protocols). A DHCP client makes
requests of a DHCP server, which responds to the client
in preconfigured ways. A computer acts as a DHCP client
if its IP address is set to 0.0.0.0, or in Windows'
case if its TCP/IP settings are configured for
"Server Assigned IP address". When the client connects
to the network, a four-phase DHCP communication takes
place. From this point on, we'll look only at a
situation in which a computer dials in to an ISP, but
all other DHCP allocations operate by the same
principles.
The first phase is initialization. Because the client
does not have an IP address but requires one in order
to perform Internet actions (such as connection to a
Web site), it must locate a DHCP server that will issue
one. In our dial-in case, the client connects to the
modem, then broadcasts a DHCPDISCOVER message over the
line and onto the network to locate a server. If the
ISP has more than one DHCP server, all available units
respond to the request by sending a DHCPOFFER packet
that contains an IP address and an offer of lease
length. The lease length, established by the server's
administrator, is the length of time the client can
have the IP address.
The client responds with a DHCPREQUEST broadcast
indicating which server's DHCPOFFER it will accept. The
broadcast is necessary so that all other servers know
they won't be needed and can stop waiting for a
response. The accepted server finishes the
initialization phase by issuing an acknowledgment in
the form of a DHCPACK message, assigning the IP address
and the duration of the lease. If the offered IP
address has become unavailable in the meantime (because
of timing), the server sends a DHCPNAK
(nonacknowledgment) message instead, forcing the client
to start over with a DHCPDISCOVER broadcast. In fact,
the client might initiate this new broadcast on its
own: After receiving the DHCPACK packet, it issues an
Address Resolution Protocol (ARP) broadcast to the
network to determine if the offered IP address is in
use (again, because of the timing). If the address is
in use, the client will send a DHCPDECLINE message to
the offering server and immediately send a new
DHCPDISCOVER message.
Next come the renewal and rebinding phases. As
mentioned, a lease is the amount of time the server
will let the client use the IP address for. Leases can
be set for a very brief period of time, unlimited time,
or anything in between. The reason the lease time isn't
simply called "expiry time" is that leases can be
renewed as the connection is in progress.
The DHCP client (not the server) operates two timers,
T1 and T2. By default, T1 is set at 50 percent of the
lease time and T2 at 87.5 percent. When the lease has
reached the T1 point, the client enters the renewal
phase, issuing a DHCPREQUEST packet to the currently
granting server asking for a new lease. If the server
responds with a DHCPACK packet, the lease is renewed
and T1 and T2 change accordingly (the original T2 is
never reached). If the server does not respond, the
client will continue using the current IP address until
it reaches T2. At this point, the client enters the
rebinding phase and broadcasts a DHCPREQUEST packet to
all the servers. Any server that responds with a
DHCPACK renews the lease and then becomes the current
granting server. If no server responds, the lease
expires and the client no longer has an IP number.
Basically, it's just been kicked off the Internet.
The final phase is called (perhaps optimistically)
"graceful shutdown" and occurs when a client no longer
needs the assigned IP address. The client issues a
DHCPRELEASE message, telling the server that it can
have its IP number back. As you might expect,
gracefulness is not always the way things happen; if
somebody picks up the phone line and cuts you off, your
ISP's server has to wait until your computer's next T2
point to reclaim the address.
DHCP is not a complex protocol, and setting up a DHCP
client is easy. But there's no mistaking the importance
of this protocol. Without it, IP address allocation and
configuration would be much more difficult for both
user and administrator, and IP numbers, already in
short supply, would run out much more quickly.
Return to Top
All must have, TOTALLY FREE Software
Mozilla's FireFox Browser
and ThunderBird E-Mail Download
Anti-Virus Download
TCP Viewer Download
ZoneAlarm Firewall Download
Find your IP (Utility) K5HUM's Freeware Download
Tune your TCP/IP stack with TCPOptimizer.
FREE SubDomain Register Here
FREE SubDomain Updater Download
PicoPhone (P2P Voice chat) Download
Pretty Good Privacy (PGP) Download
Set PC clock to Atomic Time by K5HUM Download
Set PC clock to Atomic Time by Robin Keir Download
IRFanViewer - Picture & movie Viewer, Editor, Converter Download
SECURITY - DO YOU TRUST YOUR FIREWALL?
Test for Leaks in Outbound Detection with FireHole
Finally, for a Kiosk of helpful PC info, try asking the
Experts.
Return to Top
SECURITY ISSUES
COMMENTARY: ARE YOU A SECURITY THREAT
You could be. No matter how bullet proof the clients
or servers you operate, you can still be had. Example:
You reach a web site you assume can be trusted and
click to accept a new authentication certificate and
bingo, suddenly your PC abounds with adware and or
spyware or God forbid, something worse like a zombie
bot that uses your computer to attempt infecting
others by using your Internet connection.
The bottom line is, who can you trust? Users typically
make reasonable assumptions. Surely your Banker's web
site is ok, as should be your Broker or sites like E-Bay
or Amazone.com. In most of those cases your
instincts will be right, but what if a site APPEARS
legitimate but isn't? Attempts to send you to bogus web
sites vi e-mail are known as phishing. If you are not
very familiar with a sites true domain name (or URL
construction in general), you could get tricked into
divulging highly sensitive information. Several sites
that are under attack today are Earthlink, E-Bay and PayPal.
Beware of e-mail that looks legitimate and appears to
originate from these companies. This is especially true
if the message asks you to go update your account.
You could stay abreast of all the Net news, or first
check with other users, or search Google for any
indications of trouble before you dive in. But can you
afford the time to investigate? Just how far are you
willing to take your paranoia for the sake of keeping
your computer clean?
Have you ever CLICKED in error? I think most of us
have in one situation or another. Usually its no big
deal but sometimes it isn't. Should you not operate
your computer when you are tried, exhausted or not
fully alert? Maybe you shouldn't. I know of several
acquaintances who clicked e-mail attachments in error
and got infected with worms. Does this mean you should
block all attachments? Can you trust that your anti
virus database is caught up with the real world?
One irony is that things like Cookies which are still
innocuous, are among the number one fear of computer
users. Sure, you can choose to disable cookies, even
java and java script, active-x etc. But is the loss of
functionality worth the perceived protection? I think
not.
The world runs on a lot of trust. You trust your
firewall is doing its job, you trust your virus
database is current, you trust your authorities know
their jobs etc. However, you can be as cautious as
its possible to be, but never believe you are beyond
being had. Today it is estimated that 50% of the home
computers running on the Internet are loaded with
everything from adware, spyware, zombie bots, Trojan or
worm hijackers or worse. Have you checked your Windows
Task Manager lately? Read about how to do that farther
down.
KEEP CONTROL OF YOUR PC
Recommendation Level: Medium
I will outline below how you can manage, control,
monitor and fix otherwise tough problems on your
computer. The following paragraphs will assume you are
putting a new computer in service or setting one up
that currently has no problems. However, the
information presented can also assist in
troubleshooting and restoring many virus, Trojan and
worm crippled computers.
A good starting point is to insure you have a stable,
non interfearing scanner for virii, worm and trojan
detection.
I recommend that if Norton is
installed on your new PC, you use Control
Panel's "Software Install/Remove" utility to remove it. Thats
right, get rid of it. Even tho the number of users
reporting problems is lower than those experiencing
success, if you happen to be one of the unfortunate
ones, Norton can be a big unsolvable headache. From
several years of experience I can confidently recommend
a FREE bug scanner called AntiVir. As AntiVir installs, it will ask if
you want to run its background or Guard scanner; I
recommend saying no. To avoid the possibility of
runtime conflicts, I think it is
better to later on manually scan ALL files you receive
by disks, or intentionally download or receive as e-mail attachments. Once
AntiVir is installed it will proceed to scan your hard drives for
problems. Relax and get a cup of coffee, the initial scan
could take 30 minutes depending on the size of your drive(s).
If AntiVir finds infected files, you will be presented
with an option to delete them. If a reboot is required
allow it. Later on, I recommend that you MANUALLY update the AntiVir
database once a week rather than allow the scanner to
go online automatically to update. I always want to
KNOW what and when something is using the net.
If you connect to the Net, then without exception you
need a FIREWALL. If you prefer or
insist on using modem/routers etc with their
complicated NAT configurations, you likely don't need
to be reading this paragraph, assumming you are schooled enough
to handle it. However most users don't have the
knowledge or the time. In those cases you need an
intuitive software Firewall, one that knows exactly
what to do when it asks, and you authorize, a client or
server application to access the Internet. I can
highly recommend a FREE software firewall called ZoneAlarm. With
today's more powerful computers, software firewalls are
a zero footprint on the resources of your PC.
A SPECIAL NOTE to the diehard hardware firewall purist:
I know of NO hardware firewall that does a CRC check on
an executable file like ZoneAlarm does (and maybe other
software firewalls). There is no worm or virus that I
know of than can infect a file without altering its CRC
signature. The later versions of ZoneAlarm detect a
changed file (one with a new CRC) and alert you. If
you are upgrading with trust, no problem. If the file
suddenly was altered, you best know whats going on.
Ok, assumming your machine is virus, worm and Trojan
free, and you have an operational Firewall, its time
for the next step. Now you need to know what programs
(ones that belong) are loaded on your PC when it boots up.
These should be System files and your applications.
A good way to find out is to check with Window's Task Manager. Find an open or unoccupied
spot on your Taskbar and right click. When the taskbar
menu opens, click "Task Manager". Or, alternatively,
(1) you can create a desktop Shortcut to
"C:\WINDOWS\system32\taskmgr.exe" or (2) type the path
and program name into the Start/Run dialog box.
When you initially setup a new PC, or have high
confidence that your existing computer is clean, you
should make a baseline list by recording from Task
Manager every app that is running on your machine for
later comparison. This will make it easy to later
determine if something is running that should not be or
was not being reported previously. TaskManager is also
useful to monitor the CPU load. The amount of free CPU
time (System Idle Process)
should always be 96% or better. A very low value could
indicate a Trojan or worm is running in the background.
OR, it could indicate a bug ridden or poorly coded
application. TaskManager will indicate what program is
taxing your processor the hardest.
Programs can load at bootup time in
any of the following ways. By having a
shortcut to the Start/Programs/Startup folder; by an
entry in the Registry RUN key, by an
entry listing in the WIN.INI and SYSTEM.INI files
which are stored in the system folder (\Windows); and finally, as
a Service. I suggest you print out a copy of the WIN
and SYSTEM INI files. These two files are basic text
(ASCII) files that can be viewed and edited with Windows
Notepad.exe
To determine what is running on your computer as a Service
(programs that load from the services key in the
registry), create a shortcut to
"C:\WINDOWS\system32\services.msc" and launch it; or,
type the above into the Start/Run window. Programs,
either good or malicious ones, can be set vi the
Services utility to load automatically or manually.
Most malicious stuff is obviously set to run
automatically when the machine boots up. By right
clicking on the program line you can bring up a sub
menu from which you can both STOP
the file from running (in real time), AND set it
to MANUAL run where it will no longer load up when the
PC boots.
To see what Windows is loading at
bootup using the Registry's RUN key, you can use
a utility called regedit.exe (it comes with Windows).
In XP the registry consist of several database files
known as "Software, System, SAM, Security, Default, UserDiff
and NTuser.dat", note the first 6 have no file extensions.
Now, go to Start/Run and type in "REGEDIT.EXE". If you are
unfamiliar with using Windows regedit.exe to do this, I
suggest you obtain a free AutoRun utility from System Internals that will show you! If you
elect to use REGEDIT, navigate to
"HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows \CurrentV
ersion \Run". Once again make a list (from the moment
you put the PC in service or when conditions are
normal) of everything thats listed. Again, by comparing
your old list to a current one, you will know what has
been added or changed. You will need REGEDIT to remove
an entry in the RUN key. CAUTION, you better insure you have
a restore point just in case things get FUBAR.
Finally you should monitor all
programs that are opening sockets and ports on
your machine. You can download another free utility
called
TCPView to do this. TCPView will show the
program on your PC thats opening sockets, the ports its using
and the endpoints (who the socket is connected to), locally or out
on the Net. On average I take a peek at TCPView
several times a day and more frequently when using new
client or server software.
Using the entire paradigm mentioned above, you
can likely save yourself a lot of future grief.
Happy computing!
WMF FLAW
Recommendation Level: Medium
01/05/06 A new flaw found in Microsoft's Windows Meta
File has spawned dozens of recent attacks.
Microsoft released a patch. You can learn more
about it by reading Microsoft's Bulletin
MS-06-001.
For some meaty independent commentary, surf to
Steve Gibson's site.
FIREFOX
Recommendation Level: Strong
For those using FireFox you should consider
incorporating the NoScript
Extension. This give you a first line defense against
malicious java scripts yet permits you (on the fly) to
allow safe familiar sites.
OPEN PORTS
Recommendation Level: Strong
Many Windows computers (even with basic Firewall
protection) are running with port 1024 wide open to the
world. To check if this is the case on your computer,
go to Steve Gibsons "Port Scan" facility and look for the
ShieldsUP!
Link. In addition, check out several of Gibsons free
security
utilities, in particular his DCOMbobulator, Shoot The Messenger and
MouseTrap.
Check here frequently for the latest security news!
Return to Top
|
