Open source software security

Madirish Tutorial 02

30 November -0001
Ok, so you want to become a hacker, well you're going to have to understand the basics really well. What do I mean by the basics? Well, you're going to have to understand what's out there and how its organized. The basic structure of the internet is one of servers and clients. A server is any computer that handles requests for information. A client is the machine making the request. The simplest way to explain this concept is in terms of a web server. When you're surfing the web and you bop over to Yahoo, what happens in the background to make Yahoo's website show up in your browser? Well, what happens is when you type "http://www.yahoo.com" into your browser's URL (Universal Resource Locator) window your browser springs into action. The technical explanation goes something like this. Your browser, when given a URL, opens a local port on your computer and broadcasts the website name to a DNS (Domain Name Server) that translates the website's name (www.yahoo.com) into the IP (Internet Protocol) address of the destination (Yahoo!'s is 216.115.108.245). All web pages have IP addresses connected to them in the form of a sting of 4 three digit numbers from 0 to 255 separated by periods. The browser then forward's its request to the server (Yahoo in this case) targeting Port 80. Port 80 (the default HTTP (Hyper Text Transfer Protocol) port) requests are handled by the server's web server software (Apache or Microsoft's IIS for example). Requests to port 80 receive responses in the form of a long string of HTML (Hypertext Mark-Up Language) which is sent to your browser and translated by the browser into a viewable web page.

As you can see that's a lot of steps for something even as simple as a web page request. The beauty of the system though is that it works the same way for most of the protocols on the Internet. FTP, e-mail, telnet, etc. all work the same way. The most important concept in this exchange, however, is the client server model. Your computer (the client) makes requests for information from the server. The server responds and the program you are using to make the requests translates the responses into something you can use.

The second important concept in this exchange is the idea of IP addresses. Most computers out there on the Internet have names, something people can make sense of. This, however, is useless to a computer. Computer's use numeric designations to handle their identities. If you want to see what your own IP address is, and you're working on a Windows machine, open a DOS prompt and type in 'ipconfig'. If you're not on the internet tat the time, you may find that your IP address is 0.0.0.0. The other IP address always connected to your computer is 127.0.0.1. This is the default loop-back address. Anything you send to 127.0.0.1 will always will always be send to the machine issuing the command. For example, try the following. At a command prompt type 'ping 127.0.0.1' and examine the response. Even if you aren't connected to the internet you'll see a response. Now, every machine has an IP address. Well, if you tell your computer to send or receive something from Yahoo, how does your computer make the transition from www.yahoo.com to 216.115.108.245. Well, the answer is DNS (Domain Name Service) servers. You'll notice if you look under the hood of your internet connection software (for example by examining the 'Properties' of your Network Neighborhood or Dial-Up Connection on a Windows machine) that you have entries for DNS. These are the IP's of the servers that you use when connected to the internet. DNS is pretty complex stuff, but in a nutshell DNS servers maintain a huge table of IP addresses and names for translation. In addition DNS servers contact each other pretty regularly and update their lists. Network Solutions (I think) is the highest authority on DNS and stuff trickles down from there on the internet. This is why registering your domain (so a DNS can connect your name to an IP address) is important in building a web site.

Networks operate in pretty much the same way as the internet. After all, the internet really isn't anything but a huge distributed network. Now there are many different ways in which a network can work, even if they aren't connected to the internet. How can a network not be connected to the internet you ask? Well many aren't or are only online sometimes. How can these computers communicate without DNS then? Well, just like 127.0.0.1 is a reserved IP address (it always loops locally) there are many reserved internal IP addresses. These addresses are never used on the internet, so anyone can build a LAN and use them to assign IP's to computers. Now, you may have seen reserved IP's assigned to computers that were connected to the internet. How does this work? Well through a gateway or router. A gateway or router is really nothing other than a big translation machine. Gateways/routers are used to send information to for translation to the outside world. A Gateway/Router translates IP addresses and responses so that communications reach their destination. Lets say for instance that you had the reserved IP address of 127.0.0.4 on your computer. Well since its reserved a server wouldn't know where to send responses to requests (if you pointed you browser at yahoo.com for instance). Reserved IP's aren't listed in any DNS table. So your router is positioned between you and the internet. Routers have designated IP's and can translate your request so that it looks like it came from the router. The response to your request returns to the router, which, in turn passes that information on to your computer. Pretty neat huh?

The other common concept you're run into with IP addresses is the idea of static versus dynamic IP's. This concept is pretty simple actually. The most common source of dynamic IP are dial-up connections. What happens when you have a dynamic IP is that you dial up your ISP (Internet Service Provider). The ISP usually responds to your call with a DHCP (Dynamic Host Control Protocol) server that assigns you an IP out of a table of IP's available from that server. The DHCP server allows your computer to download that IP and use it for the duration of your call. When you hang up your IP is released back to the DHCP server which can assign it to the next caller. Thus if you have a dynamic IP, it will change pretty much every time you call your ISP, thus making it impossible for you to ever host a web server (how would DNS server's know what IP to send requests to yourname.com when it gets them? DNS servers update every 24 hours or so too, so they are too slow to keep up with rapidly changing IP addresses). Static IP's are usually purchased from ISP's when you get a LAN (Local Area Network) connection. Most businesses choose this route. Basically you go to ISP X and say, I want a business class DSL line with a dozen IP's and the ISP sells you the line, and the right to use 216.26.345.001 to 216.26.345.015 for instance. You could set up a DHCP server to assign these IP's around your network, only use the IP's for servers that hosted any number of other computers behind them with reserved IP's (turning the server into a gateway/router) or simply assign each IP to a workstation. There are advantages and disadvantages to all these approaches.

So now you know the basics of the architecture of the internet. Basically you have a bunch of IP's out there owned by a huge number of ISP's with a host of reserved IP machines operating behind gateway/routers to boot. All of it makes the internet a pretty hairy place, but also a very resilient place. With the multitude of ISP's running their own little corners of the web, and LAN administrators running their own corners of ISP IP addresses, and DNS servers scattered about trading and updating their 'routing tables' you can see how the internet his horribly fragile, but also distributed enough to survive catastrophe.