Open source software security

Madirish Tutorial 05

30 November -0001
Right-o, so now you're online. What can you do out there in cyberspace? Well, anything you want, but first you're going to have to understand what you're looking at. TCP/IP (yup, you knew I'd get to it eventually) is the most important protocol to understand if you're going to operate on the internet. TCP/IP (Transmission Control Protocol / Internet Protocol) is the lingua franca of the internet. Originally developed by ARPAnet way back in the day, TCP/IP grew up on Unix computers. Now, the theory of TCP/IP is pretty complex stuff, and you don't really need to understand all of the bits and pieces. You do, however, need to understand the basic principle behind it. TCP/IP is used to send and receive signals over the internet. It's a pretty robust protocol and can withstand a lot of anomalies along the communication route. What TCP/IP does in a nutshell is break a signal up into pieces. When you want to make a connection your computer takes the information it needs to send and breaks it up into 'packets' using TCP/IP. These packets are all assigned a header, a flag, and content (amongst other things). The header basically contains routing information and a number. Think of TCP/IP like postcards. If you want to mail a one page letter reliably through TCP/IP you tear the letter up into pieces, you then paste these pieces to post cards and mail them separately. Now, you may think this is stupid, why break up the information into tiny pieces? Think of it as not 'keeping all your eggs in one basket.' What happens if a connection is broken or interrupted? You'd have to resend the whole chunk of information. With TCP/IP what happens is each packet is numbered and the total number is also noted. This way recipients of TCP/IP packets know how many to expect and, based on their number, in what order to reassemble them. The beauty of TCP/IP is that it's a two way street for communication. Once packets are received, a receipt is sent to the broadcasting computer. This way both ends of the communication tell one another what has been sent and received. If any packets are lost in transmission, then they are simply resent. This way whole chunks of information can reliably reach their destination. The other neat thing about TCP/IP is that it takes advantage of the web-like structure of the net. Packets are broadcast out onto the net and filter their way to their target by being forwarded by every computer they hit. This means that even if a direct path from the sender to the receiver is unavailable, the packets can be routed around to their destination. The down side of this is that a multitude of computers are used to forward the packets, and each of these computers could potentially capture a copy of the packet and then forward it on. Luckily packets are tiny, so only having a few packets of a transmission wouldn't yield too much information about the communication, but it could be enough.

Ok, so now you understand the basics of TCP/IP. How then does this protocol function on the internet? Well TCP/IP is used in conjunction with the client-server model and the idea of ports to make the internet work. Ports are like telephone receivers. You always need two ports to have a connection. Ports are opened by computer programs, through their networking connections and accept packets designated for that port. This way you can use an single Ethernet card to host a web server and receive e-mail on. Your web server listens to the packets coming to your Ethernet card and accepts packets with the destination port 80, and you mail client monitors the same connection and accepts traffic bound for port 1073. Now, all TCP/IP processes have two ports involved, a server port and a client port. Server ports are usually numbered below 1024 and client ports are usually above. This way two way communication over the same protocol can occur on two ports, one on the server and one on the host. This allows you to have a mail server running, and download mail from that server at the same time. For example: sendmail (the bastion e-mail server used across the net) operates on port 25. That means that connections TO sendmail all hit port 25, but the client machine opens a port over 1024 to communicate with sendmail. As hackers, we're going to be concerned mostly with server ports, those under 1024, since they're static, and ports created by clients are dynamic and usually only last for a short time (the duration of the communication). Some well known ports are:

7    - Echo
21   - FTP (File Transfer Protocol)
23   - Telnet
25   - SMTP (Simple Mail Transfer Protocol)
80   - HTTP (HyperText Transfer Protocol)
110  - POP (Post Office Protocol)


Now, to communicate to computers through these ports you're going to need a client program. A web browser is probably the most common of these tools. Web browsers, however, can only interpret HTML (HyperText Mark-Up Langauge) and default to making requests to port 80. For a more interesting experience, try telnet. Telnet is a text based communication tool. Telnet is an old protocol that used to be the default method for communicating to remote machines (especially Unix). Telnet handles log-in's and shell access by default. You can use telnet to connect to any port, however. Not many of them will give you any response, but you can always try. Telnetting to a web site (try: telnet yahoo.com 80 at a command (DOS) prompt) will show you the web server's response to your request (a long string of HTML). Telnetting to port 25 ("telnet madirish.net 25" for instance) will allow you to interact with a sendmail server, even send fake mail if you want. Try telnetting to madirish.net and see what you get. Using telnet is one of the easiest ways to explore ports and protocols on the internet. Mess around with it and see what you can find.