3rd Edition: Chapter 2
advertisement
ECE5650 Basic Network Services (II) FTP, Email, and DNS 2: Application Layer 1 Recap: HTTP and Web HTTP request msg format and method types: GET, POST, HEAD, PUT, DELATE HTTP response msg format and status codes Cookies and their usage: Persistent vs Non-Persistent cookies 2: Application Layer 2 Examples ofInternet Services 2.1 Principles of network applications 2.2 Web and HTTP 2.3 FTP 2.4 Electronic Mail SMTP, POP3, IMAP 2.7 Socket programming with TCP 2.8 Socket programming with UDP 2.9 Building a Web server 2.5 DNS 2: Application Layer 3 FTP: the file transfer protocol user at host FTP FTP user client interface file transfer local file system FTP server remote file system transfer file to/from remote host client/server model client: side that initiates transfer (either to/from remote) server: remote host ftp: RFC 959 ftp server: port 21 for control, port 20 for data 2: Application Layer 4 SFTP: secure file transfer protocol user at host file transfer over SSH SFTP SFTP SFTP user client server interface local file system remote file system All communication (login, control and data are secured) transfer file to/from remote host same as FTP client/server model network protocol designed by the IETF to provide secure file transfer and manipulation facilities over the secure shell (SSH) protocol. 2: Application Layer 5 FTP: separate control, data connections TCP control connection port 21 FTP client contacts FTP server at port 21, specifying TCP as transport protocol Client obtains authorization over control connection Client browses remote directory by sending commands over the persistent control connection. When server receives a command for a file transfer or directory listing, the server opens a TCP data connection to client After transferring one file, server closes connection. FTP client TCP data connection port 20 FTP server Server opens a second TCP data connection to transfer another file. Control connection: “out of band” HTTP sends control info in-band FTP server maintains “state”: current directory, earlier authentication 2: Application Layer 6 FTP commands, responses Sample commands: Sample return codes sent as ASCII text over status code and phrase (as control channel USER username PASS password LIST return list of file in RETR (Get) filename STOR (Put) filename current directory retrieves (gets) file stores (puts) file onto remote host in HTTP) 331 Username OK, password required 125 data connection already open; transfer starting 425 Can’t open data connection 452 Error writing file 2: Application Layer 7 All FTP commands (RFC 959) Access control commands: USER, PASS, ACT, CWD, CDUP, SMNT, REIN, QUIT. Transfer parameter commands: PORT, PASV, TYPE STRU, MODE. Service commands: RETR, STOR, STOU, APPE, ALLO, REST, RNFR, RNTO, ABOR, DELE, RMD, MRD, PWD, LIST, NLST, SITE, SYST, STAT, HELP, NOOP. www.faqs.org/rfcs/rfc959.html 2: Application Layer 8 FTP Summary FTP/SFTP is used to transfer files between hosts FTP is an out-of-band protocol: control is sent over server port 21 while data is sent over server port 20. Control connection is persistent and the FTP server must maintain the state of the user. Data connection is non-persistent and initiated by FTP server. 2: Application Layer 9 Electronic Mail outgoing message queue user mailbox user agent Three major components: user agents mail servers mail server SMTP simple mail transfer protocol: SMTP User Agent a.k.a. “mail reader” composing, editing, reading mail messages e.g., Eudora, Outlook, elm, Netscape Messenger outgoing, incoming messages stored on server SMTP mail server user agent SMTP user agent mail server user agent user agent user agent 2: Application Layer 10 Electronic Mail: mail servers user agent Mail Servers mailbox contains incoming messages for user message queue of outgoing (to be sent) mail messages SMTP protocol between mail servers to send email messages client: sending mail server “server”: receiving mail server mail server SMTP SMTP mail server user agent SMTP user agent mail server user agent user agent user agent 2: Application Layer 11 Electronic Mail: SMTP [RFC 2821] uses TCP to reliably transfer email message from client to server, port 25 direct transfer: sending server to receiving server three phases of transfer handshaking (greeting) transfer of messages closure command/response interaction commands: ASCII text response: status code and phrase messages must be in 7-bit ASCII 2: Application Layer 12 Scenario: Alice sends message to Bob 1) Alice uses UA to compose message and “to” bob@wayne.edu 2) Alice’s UA sends message to her mail server; message placed in message queue 3) Client side of SMTP opens TCP connection with Bob’s mail server 1 user agent 2 mail server 3 4) SMTP client sends Alice’s message over the TCP connection 5) Bob’s mail server places the message in Bob’s mailbox 6) Bob invokes his user agent to read message mail server 4 5 6 user agent 2: Application Layer 13 Sample SMTP interaction C: S: C: S: C: S: C: S: C: S: C: C: C: S: C: S: telnet smtp.wayne.edu 25 220 mirapointmr3.wayne.edu HELO alice 250 Hello alice, pleased to meet you MAIL FROM: <alice@crepes.fr> 250 alice@crepes.fr... Sender ok RCPT TO: <bob@wayne.edu> 250 bob@wayne.edu ... Recipient ok DATA 354 Enter mail, end with "." on a line by itself Do you like ketchup? How about pickles? . 250 Message accepted for delivery QUIT 221 wayne.edu closing connection 2: Application Layer 14 Try SMTP interaction for yourself: telnet ece.eng.wayne.edu 25 see 220 reply from server enter HELO, MAIL FROM, RCPT TO, DATA, QUIT commands above lets you send email without using email client (reader) 2: Application Layer 15 SMTP Mail message format SMTP: protocol for exchanging email msgs RFC 822: standard for text message format: header lines, e.g., To: From: Subject: different from SMTP commands. SMTP msg goes into the DATA command header blank line body body the “message”, 7-bit ASCII characters only 2: Application Layer 16 Message format: multimedia extensions MIME: multimedia mail extension, RFC 2045, 2056 additional lines in msg header declare MIME content type MIME version method used to encode data, quotedprintable is another method multimedia data type, subtype, parameter declaration From: alice@crepes.fr To: bob@wayne.edu Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg base64 encoded data ..... ......................... ......base64 encoded data encoded data where each line is 78 7-bit ASCII characters including CRLF 2: Application Layer 17 Base64 encoding scheme (RFC 2045) Encoding (not encrypting) method input: 8 bit ASCII data output: one of the 64 values listed in the Base64 encoding table and the “=“ character Process: group the input data in chunks of 3-bytes or 24-bits each break each 24-bit chunk into 4 values that are 6-bits each use the Base64 encoding table to find the character of each value if any chunk is less than 3 bytes then pad it with 0s and use the “=“ for any of these 6 0s. A 6-bit value with all 0s and at least 1 non-padded 0 will be an “A” Smallest base64 encoded output is 4 characters. Base64 Encoding Table Value Char 0A Value Char 16 Q Value Char 32 g Value Char 48 w 1B 17 R 33 h 49 x 2C 18 S 34 i 50 y 3D 19 T 35 j 51 z 4E 20 U 36 k 52 0 5F 21 V 37 l 53 1 6G 22 W 38 m 54 2 7H 23 X 39 n 55 3 8I 24 Y 40 o 56 4 9J 25 Z 41 p 57 5 10 K 26 a 42 q 58 6 11 L 27 b 43 r 59 7 12 M 28 c 44 s 60 8 13 N 29 d 45 t 61 9 14 O 30 e 46 u 62 + 15 P 31 f 47 v 63 / Example: input is AB A ASCII hex=0x41 B ASCII hex=0x42 16-bits + 8 padded 0s: 0100 0001 0100 0010 0000 0000 4 values that are 6-bits each: 010000-010100-001000-000000 16-20-8-6 padded 0s Base64 output is QUI= 2: Application Layer 18 Mail access protocols user agent SMTP SMTP sender’s mail server access protocol user agent receiver’s mail server SMTP: delivery/storage to receiver’s server Mail access protocol: retrieval from server POP3: Post Office Protocol version 3 [RFC 1939] uses port 110 • authorization (agent <-->server) and download IMAP: Internet Mail Access Protocol [RFC 1730] • more features (more complex) • manipulation of stored msgs on server HTTP: Hotmail , Yahoo! Mail, etc. 2: Application Layer 19 POP3 protocol authorization phase client commands: user: declare username pass: password server responses +OK (Server accepted prior command) -ERR (server rejected prior command) transaction phase, client: list: list message numbers retr: retrieve message by number dele: delete quit UIDL: “unique-ID listing” list unique message ID for all of the messages present in the users mailbox. Useful for downloadand-keep by keeping a file that lists the messages retrieved in earlier sessions, the client can use the UIDL command to determine which messages on the server have already been seen. “Received:” in the msg indicates the SMTP servers that forwarded the msg C: S: C: S: C: S: telnet ece.eng.wayne.edu 110 +OK POP3 server ready user bob +OK pass hungry +OK user successfully logged on C: S: S: S: C: S: S: S: S: C: C: S: S: C: C: S: list 1 498 2 912 . retr 1 Return-Path: <fromuser@..> Received: from b1 by d1 ... more data.. . dele 1 retr 2 <message 1 contents> . dele 2 quit +OK POP3 server signing off 2: Application Layer 20 POP3 (more) and IMAP More about POP3 Previous example uses “download-and-delete” mode. User cannot re-read the deleted e-mail. “Download-and-keep”: copies of messages on different clients POP3 is stateless across sessions IMAP Keep all messages in one place: the server Allows user to organize messages in folders IMAP keeps user state across sessions: names of folders and mappings between message IDs and folder name 2: Application Layer 21 Email Summary Comparison with HTTP: SMTP and POP3 uses persistent connections SMTP requires message (header & body) to be in 7bit ASCII SMTP server uses CRLF.CRLF to determine end of message download-and-delete vs download-and-keep in POP3 All data communications are insecure by default HTTP: pull data from web server SMTP: push data to mail server both have command/response interaction, status codes HTTP: each object encapsulated in its own response msg SMTP: multiple objects sent in one multipart msg SMPT msg must be in 7-bit ASCII while HTTP has no restriction 2: Application Layer 22 DNS: Domain Name System People: many identifiers: SSN, name, passport # Internet hosts, routers: IP address (32 or 128 bit) - used for addressing datagrams “canonical name”, e.g., ww.yahoo.com - used by humans Q: map between IP addresses and name ? Domain Name System (DNS) is: 1- distributed database implemented in hierarchy of many name servers 2- application-layer protocol: host, routers and name servers communicate to resolve names (address/name translation). DNS protocol uses UDP transport protocol and port 53. 3- employed by other application layer protocols (HTTP, SMTP, FTP) to resolve host names. 2: Application Layer 23 DNS DNS services Hostname to IP address translation Host aliasing Canonical (actual) and alias names (user-friendly): cwis-1.wayne.edu for alias www.wayne.edu Mail server aliasing: mail server and web server can share the same alias name. E.g. czxu@wayne.edu, wayne.edu Load distribution Why not centralize DNS? single point of failure traffic volume distant centralized database maintenance doesn’t scale! Replicated Web servers: a set of IP addresses for one canonical name. DNS returns the list of IPs for a name but rotated by 1 each time so the user can use the first listed IP. 2: Application Layer 24 Distributed, Hierarchical Database Root DNS Servers (13 servers labeled A-M) Top-Level Domain Servers (TLDs) com DNS servers Authoritative DNS servers yahoo.com amazon.com DNS servers DNS servers org DNS servers pbs.org DNS servers edu DNS servers poly.edu umass.edu DNS serversDNS servers Each Client uses a local DNS server that does not belong to the hierarchy: The local DNS is usually assigned by the DHCP server as part of the temporary IP assignment (run command: “ipconfig /all” to find your local DNS server). 2: Application Layer 25 DNS: Root name servers There are 13 root DNS server world wide that are labeled A-M: map of root DNS, as of Oct 2006. a Verisign, Dulles, VA c Cogent, Herndon, VA (also Los Angeles) d U Maryland College Park, MD g US DoD Vienna, VA h ARL Aberdeen, MD j Verisign, ( 11 locations) k RIPE London (also Amsterdam, Frankfurt) i Autonomica, Stockholm (plus 3 other locations) m WIDE Tokyo e NASA Mt View, CA f Internet Software C. Palo Alto, CA (and 17 other locations) b USC-ISI Marina del Rey, CA l ICANN Los Angeles, CA 2: Application Layer 26 TLD and Authoritative Servers Top-level domain (TLD) servers: responsible for com, org, net, edu, etc, and all country code top-level domains (ccTLD) us, ca, in, cn, jp. Network solutions maintains servers for com TLD Educause for edu TLD Authoritative DNS servers: organization’s with public names has DNS servers, providing authoritative hostname to IP mappings for organization’s servers (e.g., Web and mail). Can be maintained by organization or service provider 2: Application Layer 27 Local Name Server Does not strictly belong to hierarchy Each ISP (residential ISP, company, university) has one. Also called “default name server” When a host makes a DNS query, query is sent to its local DNS server Acts as a proxy, forwards query into hierarchy. 2: Application Layer 28 Example of Typical DNS request Client X wants IP address for Y Steps performed: 1- Client sends DNS request to the local DNS server to search on its behalf (recursive query) 2- local DNS contacts one of the root DNSs to resolve hostname Y. root DNS server 3- root DNS returns the TLD DNS IP to local DNS 4- local DNS contacts one of the TLDs to get an Authoritative DNS nam 5- TLD returns IP of authoritative DNS to local DNS 6- local DNS contacts authoritative DNS to resolve X 7- authoritative DNS returns IP of Y 8- local DNS return IP of Y to X Query 1 is recursive Queries 2, 4 and 6 are iterative 2 3 TLD DNS server 4 5 local DNS server 1 8 7 6 authoritative DNS server requesting host X Y Example of recursive+iterative DNS query - typically used 2: Application Layer 29 Recursive and Iterative DNS queries root DNS server recursive query: 2 puts burden of name resolution on contacted name server heavy load? iterative query: 3 7 TLD DNS server local DNS server 5 1 4 8 reply is directly returned to requesting server “I don’t know this name, but ask this server” 6 authoritative DNS server requesting host requested host Example of pure recursive DNS query - not typically used 2: Application Layer 30 DNS: caching and updating records once (any) name server learns mapping, it caches mapping cache entries timeout (disappear) after some time TLD servers typically cached in local name servers • Thus root name servers not often visited Client may also cache DNS names update/notify mechanisms under design by IETF RFC 2136 http://www.ietf.org/html.charters/dnsind-charter.html 2: Application Layer 31 hosts file local file that is checked by the client DNS of the OS before sending a DNS request. It can speed the web access. If the requested name is found in the hosts file then its corresponding IP is used. Can be used to create custom (name-IP) entries. File Location: windows XP: C:\WINDOWS\system32\drivers\etc most UNIX and Linux: /etc File Structure: <IP address><space><name><space><# comment> Example of an entry: 127.0.0.1 localhost #default entry 2: Application Layer 32 DNS records DNS: distributed db storing resource records (RR) RR format: (name, value, type, ttl) Type=A name is hostname value is IP address always in authoritative DNS may be cached in nonauthoritative DNSs Type=CNAME name is alias name for some “canonical” (the real) name www.ibm.com is really servereast.backup2.ibm.com value is canonical name used by all hosts Type=NS Type=MX name is domain (e.g. foo.com) value is name of mailserver value is hostname of associated with name that is authoritative name server for this usually an alias name domain company can have a web server and a always in non-authoritative DNSs mail server with the same alias to point to authoritative DNSs name. e.g. TTL is time to live of the RR and determines [wayne.edu mail.wayne.edu, MX] when an RR should be removed from cache. 2: Application Layer 33 DNS records with DNS servers Authoritative DNSs for an institution: must contain Type A RRs for the institution’s public names and IPs. may contain Type MX RRs for the institution’s public mail server names and IPs. may contain Type CNAME RRs if the institution has Canonical names for its alias names. TLD DNSs contain Type NS RRs with each organization’s public name is mapped to its authoritative DNS server names. There is usually a primary and secondary authoritative DNS servers. contain Type A RRs with the Authoritative DNS server name and IP address. 2: Application Layer 34 DNS protocol, messages DNS protocol : query and reply messages, both with same message format msg header identification: 16 bit #, query and reply msgs use the same # flags: query or reply 1 bit flag recursion desired or available 1 bit reply is authoritative 2: Application Layer 35 DNS protocol, messages Name, type fields for a query RRs in response to query records for authoritative servers additional “helpful” info that may be used 2: Application Layer 36 Inserting records into DNS Example: just created startup “Network Utopia” Register name networkuptopia.com at a registrar (e.g., Network Solutions) Need to provide registrar with names and IP addresses of your authoritative name server (primary and secondary) Registrar inserts two RRs into the com TLD server: (networkutopia.com, dns1.networkutopia.com, NS) (dns1.networkutopia.com, 212.212.212.1, A) Put in authoritative server Type A record for www.networkuptopia.com and Type MX record for networkutopia.com How do people get the IP address of your Web site? 2: Application Layer 37 nslookup command and whois DB used to displays information that you can use to diagnose Domain Name System (DNS) infrastructure. Contacts the specified DNS server to retrieve requested records. nslookup <domain or IP to find> <DNS server name> Example: nslookup wayne.com whois database can be used to locate the corresponding registrar, DNS server and IPs for a particular domain. Only registrars accredited by the Internet Corporation for Assigned Names and Numbers (ICANN - non-profit org) are authorized to register .aero, .biz, .com, .coop, .info, .museum, .name, .net, .org, or .pro names. .com whois database: http://www.internic.net/whois.html .edu whois database http://whois.educause.net/index.asp wayne.edu DNS name servers: NS.WAYNE.EDU NS2.WAYNE.EDU DNS.MERIT.NET NS2.CS.WAYNE.EDU 141.217.1.15 141.217.1.13 141.217.16.10 2: Application Layer 38 DNS Vulnerabilities DDoS bw-flooding attack against DNS server. A large scale attack on 13 DNS root servers on Oct 21, 2002 by using ICMP ping messages Block ICMP ping packets in packet filtering DNS queries attack Hard to be filtered Mitigated by caching in local DNS servers Man-in-the-middle attack Trick a server into bogus records into its cache Hard to implement, because it needs to intercept packets Reflection attack on other hosts Send queries with spoofed source addr of a target server 2: Application Layer 39 DNS Summary DNS services: Hostname to IP address translation Host aliasing, Mail server aliasing, Load distribution DNS is hierarchical and distributed root DNS vs TLD vs Authoritative DNS vs local DNS recursive vs iterative DNS query DNS cache: local server caches TLDs so that root servers are rarely visited DNS record types: A, NS, CNAME, MX DNS Query and Reply msg format is the same nslookup command and the whois database DNS vulnerabilities 2: Application Layer 40 Examples ofInternet Services 2.1 Principles of network applications 2.2 Web and HTTP 2.3 FTP 2.4 Electronic Mail SMTP, POP3, IMAP 2.5 DNS 2.6 P2P and File Sharing 2.7 Socket programming with TCP 2.8 Socket programming with UDP 2.9 Building a Web server 2: Application Layer 41
