ECE-3600 Topics to Review for the Final Exam www.csc.gatech.edu/copeland/jac/3600/slides/ 12/4/2014 Chapter 1 - The Internet Autonomous Systems (AS) - connected by ISPs (tiers) Block(s) of IP addresses assigned (subnets) by IANA Domain Names - assigned by Registrars (Verisign, Two Cows, …) to AS's, Companies, Individuals. Used in Universal Resource Locators (URLs) Authoritative DNS servers (names -> 32 bit no.s) Edge Routers and Firewalls Domain Name System Root, Top Level (.com), Authoritative (AS's), Local DNS servers Recursive, Non-recursive lookups Domain Name Registrars ("whois", "nslookup") Parts of URL like www.csc.gatech.edu (host,subnet, domain) Dynamic DNS, reverse lookups, mx lookups Chapter 2 - Applications and Application Layer HTTP (Web) - get command, "objects", Browser Simultaneous TCP connections, (non-)persistent FTP - separate (out of band) control on TCP port 22 original (non-passive) data on TCP 21 with client listening passive - data on high-port/high-port TCP, normal establishment Email - role that email servers play (messages not host to host) SNMP - for sending mail to server, and server to server POP - post office protocol, to check and download email IMAP - ditto plus store mail in many folders on server Web Mail - uses browser as interface to Email Server. (HTML formatted email can bear malicious applications) Peer-to-Peer Network - no central server, or limited function server. "Socket" - the OS interface between the Application Layer and the Transport Layer (TCP, UDP, etc.). Defined by Source and Destination IP addresses and S&D Port numbers (4 items, and TCP or UDP). Servers also have a "Listening Socket" to receive initial contacts from new IP,Port combinations. Chapter 3 - Transport Layer UDP, TCP port numbers, server and client Sockets, "Listening Socket" for server Connections - how defined (IPs and Ports) TCP - reliable connections Flow control - Receiver Window size in every TCP header. Congestion control, Congestion Window variation due to ? Time out, slow start # Duplicate Acks, fast recovery Flag bits, sequence and ack numbers in header Slow Start, Exponential Decrease + Additive Increase Rapid retransmission (3 dup.s), RTO (-> slow start) Receiver Window (size), Congestion Window (size) TCP, UDP, ICMP, IC - 1's checksums for error detection File Transmission Time - when Window Limited, and when not Round-trip packet propagation time thru multiple routers, including 1) cache delay, 2) transmission time, and 3) link propagation time. Chapter 4a - IP Addresses network address, network mask CIDR notation - a.b.c.d/n sub-nets, no. hosts, reserved addresses network address, broadcast address routing choice, longest prefix rule dividing a block of IP addresses into sub-nets aggregating Subnets to shorten Routing Table "Longest Prefix Rule" Network Address Translation, "private address blocks", how NAT capability changes IP addresses and Ports (single outside IP, many private IPs inside). IP Header Fragmentation - Datagram ID Offset, Flags: "Frag. Flag" (mf), "Do Not Frag. (DNF) Time to Live (TTL), 1's Checksum IPv6 - 128-bit addresses, Flow ID (future use), Frag. info in option Chapter 4b - Routing Routers forward IP datagrams toward recipient Parts of a router (input queue, output queue, switching fabric, routing processor [forwarding table]) OSPF Dykstra algorithm, forwarding table from tree. Broadcast to all, link costs to neighbors RIP Bellman-Ford algorithm, lowest route in forwarding table from nearest neighbors tables (+1) Reverse path poisoning to prevent loops Limited to small sub-nets. BGP Used on backbone to connect AS’s. Chapter 5 -Local Area Networks - Ethernet Ethernet can transport many Network Layer protocols besides IP. LAN connects hosts to other hosts on that LAN or to the gateway router (to connect worldwide) Hubs - collision domains, exponential backoff Switches - "forwarding table" self learning How are addresses assigned -Manufacturer ID Virtual LAN (VLAN) – what? why? CDMA/CD - what is “CD”, “MA”, “CD” Collisions, Exponential Backoff Full or Half Duplex Address Resolution Protocol (ARP), uses broadcast addresses (MAC and IP) - (as does DHCP when looking for IP, netmask, DNS IP) [Dynamic Host Configuration Protocol] Chapter 6 - Wireless Networks Wireless - WiFi - IEEE 802.11 CDMA/CA - what is “CD”, “MA”, “CA” ARQ - acknowledgement, retransmission CDMA - 1 spreading chip, only for robustness Security: WEP is weak, WPA needs 22 character passphase WiMAX (4G) - IEEE802.16 - longer distance point to point - last mile to home, metro area coverage Cellular Freq. Division - different freq. sets used by near cells FM modulation - used by AMPS (obsolete), T(ime)DMA (GSM - AT&T), C(ode)DMA (Verizon) Cells -> frequency reuse, many more users. Data - EDGE, 3G, 4G Chapter 7 - Multimedia Problems to overcome: Timing jitter - use Playback Buffer (adds delay) Delay - problem for interactive (phone, videoconf.) - Future, may see "flow switching" in IPv6 network. - Today, higher-bandwidth links minimize congestion Dropped Packets (with UDP streaming) - Application must mitigate (interpolate to fill in) - Forward Error Correction (add parity bits, interleave) TCP - slows down if packets dropped (congestion control) RTSP - Real Time Streaming Protocol (vs. TCP, UDP) Adds serial numbers, time stamps, no retransmission. Web Browser - link to Video or Audio - link downloads "metafile," uses it to start player ("Media Player", QuickTime, "Real Player", …) Broadcast - Flooding (like Multicast Tree) Session Initiation Protocol (SIP) and H.323 - Voice and Video call setup Chapter 8 - Security Services: Privacy, Authentication (& Authorization), Access, Integrity Encryption plaintext -> [ Encryption ] -> ciphertext ciphertext -> [ Decryption ] -> plaintext Symmetric Encryption uses same key for both operations (KDC) Asymmetric Encryption uses two keys, Public and Private Bob uses his Private Key to: Decrypt messages to him, encrypted with his Public Key Sign messages by encrypting the Message Digest (hash) Others use Bob's Public Key to: Encrypt messages for him, decrypt his digital signature. SSL with HTTP makes HTTPS: Web sites have "Certificate" signed by a Certificate Authority (CA) Browser will warn Certificate is invalid, if the signing CA's Cert is not on file. If on file, Browser uses CA Public Key to verify Web Certificate Certificate sent to Browser, which uses the enclosed "Public Key" to encrypt "Session Key" and send it back to Web site. Public Key Infrastructure (PKI) requires CA have a database of valid and revoked Certificates that it has signed. Transport Layer Security (TLS) - like SSL, used for secure email connections. New versions of SSL same as TSL PGP and GnuPG - used with individual's Public/Private Keys to encrypt and sign email messages. Bot Nets - up to 200,000 computers infected with Bot (from robot) software, connected in a Peer-to-Peer network, controlled by a Bot Master who steals information (IDs), contracts to send SPAM and malware, DDOS competitor's servers, operate Phishing Sites, … . Classic Hacker attacks by five steps: 1. Reconnaissance - scans IP addresses to find hosts with "open" ports. 2. Exploit - gain access to computer through server software known to have a "vulnerability" 3. Escalate Privilege - to root or "admin" with another technique. 4. "Root Kit" - install a root kit or bot program to hide presence and open a permanent back door. 5. Utilize - steal information, add to bot net, use as evil server, …