19531 - Telematics. 13th Tutorial - Application Layer Protocols



Similar documents
CS43: Computer Networks . Kevin Webb Swarthmore College September 24, 2015

Internet Technology 2/13/2013

, SNMP, Securing the Web: SSL

2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET)

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP Abstract Message Format. The Client/Server model is used:

FTP and . Computer Networks. FTP: the file transfer protocol

CS 356 Lecture 27 Internet Security Protocols. Spring 2013

Domain Name System (DNS)

Internet Technologies Internet Protocols and Services

Network Services. SMTP, Internet Message Format. Johann Oberleitner SS 2006

Networking Applications

The Application Layer. CS158a Chris Pollett May 9, 2007.

CPSC Network Programming. , FTP, and NAT.

Communication Systems Network Applications - Electronic Mail

1 Introduction: Network Applications

Chapter 2 Application Layer. Lecture 5 FTP, Mail. Computer Networking: A Top Down Approach

Fundamentals of the Internet 2009/ Explain meaning the following networking terminologies:

Electronic mail security. MHS (Message Handling System)

2- Electronic Mail (SMTP), File Transfer (FTP), & Remote Logging (TELNET)

Setup Local Mail Server Using Postfix, Dovecot And Squirrelmail On CentOS 6.5/6.4

EE 7376: Introduction to Computer Networks. Homework #3: Network Security, , Web, DNS, and Network Management. Maximum Points: 60

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP - Message Format. The Client/Server model is used:

The Application Layer: DNS

Internet Security [1] VU Engin Kirda

Protocolo FTP. FTP: Active Mode. FTP: Active Mode. FTP: Active Mode. FTP: the file transfer protocol. Separate control, data connections

. Daniel Zappala. CS 460 Computer Networking Brigham Young University

Mail system components. Electronic Mail MRA MUA MSA MAA. David Byers

FTP: the file transfer protocol

CSCI-1680 SMTP Chen Avin

Chapter 7 Transport-Level Security

. MIME is the protocol that was devised to allow non-ascii encoded content in an and attached files to an .

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

DATA COMMUNICATOIN NETWORKING

Simple Mail Transfer Protocol

Network Security - Secure upper layer protocols - Background. Security. Question from last lecture: What s a birthday attack? Dr.

Electronic Mail

Appendix. Web Command Error Codes. Web Command Error Codes

Chapter 17. Transport-Level Security

APNIC elearning: Network Security Fundamentals. 20 March :30 pm Brisbane Time (GMT+10)

Introduction. -- some basic concepts and terminology -- examples for attacks on protocols -- main network security services

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

security

Network Security Fundamentals

Electronic Mail Security. Security. is one of the most widely used and regarded network services currently message contents are not secure

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Transport Layer Security Protocols

Remote login (Telnet):

SMTP Servers. Determine if an message should be sent to another machine and automatically send it to that machine using SMTP.

1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; SMTP.

Chapter 6 Electronic Mail Security

Network Fundamentals Carnegie Mellon University

Mail agents. Introduction to Internet Mail. Message format (2) Authenticating senders

Computer System Management: Hosting Servers, Miscellaneous

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Overview. SSL Cryptography Overview CHAPTER 1

CipherMail Gateway Quick Setup Guide

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Redirecting and modifying SMTP mail with TLS session renegotiation attacks

Client Server Registration Protocol

Application Example: WWW. Communication in the WWW. WWW, HTML, URL and HTTP. Loading of Web Pages. The Client/Server model is used in the WWW

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

internet technologies and standards

Cork Institute of Technology Master of Science in Computing in Education National Framework of Qualifications Level 9

Chapter 7: Network security

Managing and Securing Computer Networks. Guy Leduc. Chapter 3: Securing applications. Chapter goals: security in practice:

HTTP. Internet Engineering. Fall Bahador Bakhshi CE & IT Department, Amirkabir University of Technology

What is network security?

Sonian Getting Started Guide October 2008

How do I get to

Protocol Rollback and Network Security

Applications and Services. DNS (Domain Name System)

Network Security Essentials Chapter 7

Lab 7: Introduction to Pen Testing (NMAP)

First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring

Security. Raj Jain. Washington University in St. Louis

Configuring SSL Termination

FTP: the file transfer protocol

Protocol Security Where?

Network Security Essentials Chapter 5

Cryptography and Network Security Chapter 15

Introduction to Computer Networks

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Chapter 10. Network Security

Management CSCU9B2 CSCU9B2 1

Standards and Products. Computer Security. Kerberos. Kerberos

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Transcription:

19531 - Telematics 13th Tutorial - Application Layer Protocols Bastian Blywis Department of Mathematics and Computer Science Institute of Computer Science 03. February, 2011 Institute of Computer Science Telematics Tutorial 03. February, 2011 1

Outline 1. TCP Checksum 2. DNS, SMTP, POP3, IMAP 3. E-Mail 4. DNS Infrastructure 5. Asymmetric Key Cryptography 6. Cryptographically Generated Addresses (CGA) 7. Simple Network Management Protocol (SNMP) 8. Cookies Institute of Computer Science Telematics Tutorial 03. February, 2011 2

TCP Checksum The TCP header contains a checksum field. 1. What algorithm is applied? 2. Which parts of the TCP segment are protected by the checksum? 3. Why does the approach violate the principles of a layered network architecture and why is the violation necessary???? Institute of Computer Science Telematics Tutorial 03. February, 2011 3

TCP Checksum 1. TCP uses the Internet checksum algorithm like IPv4 and UDP 2. Checksum is calculated over pseudo header, TCP header, and data 3. Mixes network and transport layer data 0 8 16 31 Source Address (IP address) Reserved Destination Address (IP address) Protocol (IP version) TCP Segment Length TCP Header (checksum bits set to null) Data Figure: Relevant parts for the TCP checksum calculation Institute of Computer Science Telematics Tutorial 03. February, 2011 4

DNS, SMTP, POP3, IMAP 1. Explain the differences between SMTP, POP3, and IMAP. 2. Let s consider user Bob wants to send an email to user Alice. In order to establish a connection with the SMTP server, the server s name has to be resolved into an IP address by DNS. Explain which messages are exchanged and between which hosts when recursive name resolution is used. Assume that only the name server responsible for the domain server.org can answer the request. 3. Now it is Alice s turn to reply to Bob. Explain which messages are exchanged when using iterative name resolution. Assume that only the name server responsible for the domain server.org can answer the request. 4. Explain how Bob s SMTP server finds the MTA responsible for accepting email messages on behalf of Alice.??? Institute of Computer Science Telematics Tutorial 03. February, 2011 5

DNS, SMTP, POP3, IMAP Bob Alice IP address: 192.45.56.127 208.115.92.45 Name server: 192.47.56.2 208.115.92.2 SMTP server: mail.server.org mail.server.org Email Address: bob@realword.org alice@wonderland.org Institute of Computer Science Telematics Tutorial 03. February, 2011 6

DNS, SMTP, POP3, IMAP Post Office Protocol (POP3) used to access and extract e- mail from a mailbox, 3 states: Authorization User has to provide credentials Commands: USER, PASS Transaction Download of messages Commands: STAT, LIST, RETR, DELE, QUIT No selection of individual messages Update Update of states, e.g., deletion of emails Termination Figure: POP3 State Machine Institute of Computer Science Telematics Tutorial 03. February, 2011 7

DNS, SMTP, POP3, IMAP Internet Message Access Protocol (IMAP) protocol used to transfer e-mail messages between user s mailbox and an agent, 4 states: Not authenticated User has to provide credentials Connection can also be pre-authenticated Commandos: AUTHENTICATE, LOGIN Authenticated Management of mailboxes Commandos: SELECT, EXAMINE, CREATE, DELETE, RENAME, SUBSCRIBE, UNSUBSCRIBE, LIST, LSUB, STATUS, and APPEND Selected Management of messages Commando: CHECK, CLOSE, EXPUNGE, SEARCH, FETCH, STORE, COPY, and UID Selection of individual messages, can support flagging and filtering Logout Server shutdown or connection closed with LOGOUT Figure: IMAP State Machine Institute of Computer Science Telematics Tutorial 03. February, 2011 8

DNS, SMTP, POP3, IMAP Simple Mail Transfer Protocol (SMTP) standard for transferring electronic mail messages from one machine to another ( sending mails ) Protocol to connect MTAs No checksum, no encryption Commandos: HELO, MAIL FROM, RCPT TO, DATA, QUIT Institute of Computer Science Telematics Tutorial 03. February, 2011 9

DNS, SMTP, POP3, IMAP $ telnet localhost 25 Trying ::1... Connected to localhost.localdomain. Escape character is ^]. 220 belgrad.imp.fu-berlin.de ESMTP Postfix (Ubuntu) EHLO belgrad.imp.fu-berlin.de 250-belgrad.imp.fu-berlin.de 250-PIPELINING 250-SIZE 10240000 (...) 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: root@belgrad.imp.fu-berlin.de 250 2.1.0 Ok RCPT TO: blywis@inf.fu-berlin.de 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> Hello World. 250 2.0.0 Ok: queued as B4E5CCCCD7 QUIT 221 2.0.0 Bye Connection closed by foreign host. Institute of Computer Science Telematics Tutorial 03. February, 2011 10

Notes DNS, SMTP, POP3, IMAP Many application layer protocols are human-readable ASCII protocols You can try to speak the protocols yourself with telnet Try to capture some packets containing specific strings using ngrep or similar tools $ sudo ngrep -d eth0 -i password interface: eth0 (160.45.112.0/255.255.255.0) match: password ####################################################### T 160.45.112.24:35796 -> 216.34.181.45:80 [AP] GET /search.pl?query=password HTTP/1.1..Host: slashdot.org..connection: keepalive..referer: http://slashdot.org/..accept:application/xml, application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*; q=0.5..user-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/ 534.10 (KHTML, like Gecko) Ubuntu/10.10 Chromium/8.0.552.224 Chrome/ 8.0.552.224 Safari/534.10..Accept-Encoding: gzip,deflate,sdch..acce pt-language: en-us,en;q=0.8,de;q=0.6..accept-charset:iso-8859-1,utf-8; q=0.7,*;q=0.3..cookie: utmz=9273847.1295944481.1.1.utmcsr=google utmccn=(organic) utmcmd=organic utmctr=slashdot; utma=9273847.124450 2582.1295944481.1295944481.1295944481.1; utmc=9273847; utmb=9273847.2.10.1295944481... ########################## Institute of Computer Science Telematics Tutorial 03. February, 2011 11

DNS, SMTP, POP3, IMAP Recursive DNS resolution: root Bob's resolver 1 8 Name Server 192.47.56.2 7 2 org 3 6 de 4 server.org 5 Institute of Computer Science Telematics Tutorial 03. February, 2011 12

DNS, SMTP, POP3, IMAP Iterative DNS resolution: root Alice's resolver 1 8 Name Server 208.115.92.2 2 3 4 5 org de 7 6 server.org Institute of Computer Science Telematics Tutorial 03. February, 2011 13

DNS, SMTP, POP3, IMAP Explain how Bob s SMTP server finds the MTA responsible for accepting email messages on behalf of Alice. Bob s SMTP server resolves the MX record of wonderland.org. The MX record refers to a mail server responsible for accepting email messages on behalf of a recipient s (Alice s) domain. $ nslookup > set querytpe=mx > fu-berlin.de fu-berlin.de MX preference = 10, mail exchanger = mail.fu-berlin.de mail.fu-berlin.de internet address = 130.133.4.67 Institute of Computer Science Telematics Tutorial 03. February, 2011 14

E-Mail 1. Inspect the full email header of a message, which you have received and discuss the contents. 2. Can you approximate when the message was actually sent? 3. How are attachments transfered???? Institute of Computer Science Telematics Tutorial 03. February, 2011 15

E-Mail Return-path: <des-bounces+blywis=inf.fu-berlin.de@lists.spline.inf.fu-berlin.de> Delivery-date: Mon, 24 Jan 2011 13:26:22 +0100 Received: from deliver1.zedat.fu-berlin.de ([130.133.4.79]) by mbox5.zedat.fu-berlin.de (Exim 4.69) for blywis@zedat.fu-berlin.de with esmtp (envelope-from <des-bounces+blywis=inf.fu-berlin.de@lists.spline.inf.fu-berlin.de>) id <1PhLV0-0000C3-GH>; Mon, 24 Jan 2011 13:26:22 +0100 (...) Received: from belgrad.imp.fu-berlin.de ([160.45.111.22] helo=belgrad.localnet) by inpost2.zedat.fu-berlin.de (Exim 4.69) for des@lists.spline.inf.fu-berlin.de with esmtpsa (envelope-from <blywis@zedat.fu-berlin.de>) id <1PhLUA-0003SO-1t>; Mon, 24 Jan 2011 13:25:30 +0100 From: Bastian Blywis <blywis@zedat.fu-berlin.de> To: des@lists.spline.inf.fu-berlin.de Date: Mon, 24 Jan 2011 13:25:24 +0100 User-Agent: KMail/1.13.5 (Linux/2.6.35-24-generic; KDE/4.5.1; x86_64; ; ) MIME-Version: 1.0 Message-Id: <201101241325.28103.blywis@zedat.fu-berlin.de> Subject: [DES] Testbed Problems X-BeenThere: des@lists.spline.inf.fu-berlin.de X-Mailman-Version: 2.1.11 Precedence: list Reply-To: blywis@inf.fu-berlin.de, Distributed Embedded Systems Mailing List <des@lists.spline.inf.fu-berlin.de> Institute of Computer Science Telematics Tutorial 03. February, 2011 16

E-Mail List-Id: Distributed Embedded Systems Mailing List <des.lists.spline.inf.fu-berlin.de> List-Unsubscribe: <https://lists.spline.inf.fu-berlin.de/mailman/options/des>, <mailto:des-request@lists.spline.inf.fu-berlin.de?subject=unsubscribe> List-Archive: <https://lists.spline.inf.fu-berlin.de/mailman/private/des> List-Post: <mailto:des@lists.spline.inf.fu-berlin.de> List-Help: <mailto:des-request@lists.spline.inf.fu-berlin.de?subject=help> List-Subscribe: <https://lists.spline.inf.fu-berlin.de/mailman/listinfo/des>, <mailto:des-request@lists.spline.inf.fu-berlin.de?subject=subscribe> Content-Type: multipart/mixed; boundary="===============0298841459==" Sender: des-bounces@lists.spline.inf.fu-berlin.de Errors-To: des-bounces+blywis=inf.fu-berlin.de@lists.spline.inf.fu-berlin.de X-Originating-IP: 130.133.110.77 X-ZEDAT-Hint: A/A X-purgate: clean X-purgate-type: clean X-purgate-ID: 151147::1295871942-00000C13-B8D6576E/0-0/0-0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.2 X-Spam-Flag: NO X-Spam-Checker-Version: SpamAssassin 3.0.4 on Algerien.ZEDAT.-Berlin.DE X-Spam-Status: No, score=0.0 required=8.0 tests=forged_rcvd_helo, SPF_HELO_PASS,SPF_PASS X-Length: 7579 X-UID: 27558 Institute of Computer Science Telematics Tutorial 03. February, 2011 17

E-Mail Multipurpose Internet Mail Extensions (MIME) Email is specified for 7-bit ASCII text, see RFC 2822 MIME enables Special characters Attachments MIME defines Structures in the message body (additional headers) Coding rules for non-ascii characters Content transfer encodings (depends on server support) 7bit quoted-printable base64 8bit binary Levinson The MIME Multipart/Related Content-type RFC 2387, 1998 Institute of Computer Science Telematics Tutorial 03. February, 2011 18

E-Mail --Boundary-00=_QTEwGFbtpng199H Content-Type: application/x-executable; name="notebook.pdf" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="notebook.pdf" JVBERi0xLjQNJeLjz9MNCjE0IDAgb2JqDTw8L0xpbmVhcml6ZWQgMS9MIDIyMjQ4L08gMTYvRSAx Mzc2Mi9OIDIvVCAyMTkyMS9IIFsgNzc2IDIyNV0+Pg1lbmRvYmoNICAgICAgICAgICAgICAgICAg DQp4cmVmDQoxNCAyNA0KMDAwMDAwMDAxNiAwMDAwMCBuDQowMDAwMDAxMDAxIDAwMDAwIG4NCjAw MDAwMDEwODEgMDAwMDAgbg0KMDAwMDAwMTIxMSAwMDAwMCBuDQowMDAwMDAxNDU5IDAwMDAwIG4N CjAwMDAwMDE4NzUgMDAwMDAgbg0KMDAwMDAwMjYzNCAwMDAwMCBuDQowMDAwMDAzMTg4IDAwMDAw IG4NCjAwMDAwMDMyMzIgMDAwMDAgbg0KMDAwMDAwMzQ3NSAwMDAwMCBuDQowMDAwMDAzNjk3IDAw MDAwIG4NCjAwMDAwMDM5MjUgMDAwMDAgbg0KMDAwMDAwNDAwMiAwMDAwMCBuDQowMDAwMDA2NTQ5 IDAwMDAwIG4NCjAwMDAwMDY1ODQgMDAwMDAgbg0KMDAwMDAwNjcxOCAwMDAwMCBuDQowMDAwMDA2 ODU1IDAwMDAwIG4NCjAwMDAwMDk1NDggMDAwMDAgbg0KMDAwMDAwOTcwMSAwMDAwMCBuDQowMDAw Institute of Computer Science Telematics Tutorial 03. February, 2011 19

DNS Infrastructure 1. Discuss the vulnerability of DNS. Read the fact sheet issued by the ICANN regarding an attack on the DNS root servers in 2007: Download Additionally, read the (nicely illustrated) article An Illustrated Guide to the Kaminsky DNS Vulnerability. 2. What is a DNS amplification attack? 3. Why are we so dependent on DNS???? Institute of Computer Science Telematics Tutorial 03. February, 2011 20

DNS Infrastructure Discuss! Institute of Computer Science Telematics Tutorial 03. February, 2011 21

DNS Infrastructure DNS amplification attack Distributed Denial of Service (DDoS) attack Abuses recursive DNS servers that accept non-local requests Uses spoofed UDP packets Small requests can generate large replies (factor 70) DNS servers originally generated only up to 512 byte UDP packets... this was changed in RFC 2671 Attack 1. Get botnet or similar infrastructure 2. Generate DNS requests with spoofed source address (victim) 3. Sent request to DNS server(-s) and specify large UDP payload buffer 4. Victim will experience DDoS attack due to many large DNS replies Vaughn and Evron DNS Amplification Attacks March 17, 2006 Institute of Computer Science Telematics Tutorial 03. February, 2011 22

DNS Infrastructure DNS Dependence DNS is vital for the function of the Internet: Do you know the IP for www.fu-berlin.de??? Humans do not want to remember four octets (what about IPv6?) Domain names are important to enable mobile hosts (decouple locator and identifier) DNS is used to distribute Internet traffic geographically DNS enables email, can support asymmetric cryptography systems, etc There are several DNS related attacks! DNSSEC will be one of the most important security topics of the next 5 years. Institute of Computer Science Telematics Tutorial 03. February, 2011 23

Asymmetric Key Cryptography Discuss public-private key encryption. 1. Explain the difference between symmetric and asymmetric encryption. 2. Discuss the role of the public and private key to implement encryption and authentication. 3. What is the basic idea of a digital signature???? Institute of Computer Science Telematics Tutorial 03. February, 2011 24

Asymmetric Key Cryptography There are two general approaches for crypto systems: Symmetric Sender and receiver share the same key. Public-key Two different but mathematically related keys are used to implement encryption and authentication: a public and a private key. Encryption: Public key ciphers, private key deciphers Authentication: Public key deciphers, private key ciphers A digital signature is used to verify the authenticity of a digital message or document, i.e., that the document was created by a known sender. Typically, the sender hashes the data and ciphers the hash using its private key (signature). Problem: Can do you trust the public keys and where do you get them from? Institute of Computer Science Telematics Tutorial 03. February, 2011 25

Asymmetric Key Cryptography Message Digest 5 (MD5): hashing algorithm Rivest, Shamir, Adleman (RSA): public key cryptography (asymmetric) International Data Encryption Standard (IDEA): symmetric key cryptography Figure: PGP Example Institute of Computer Science Telematics Tutorial 03. February, 2011 26

Cryptographically Generated Addresses (CGA) Read and discuss RFC 3972. 1. Why is a network layer address authentication important? 2. How can you implement an autonomous, self consistent address authentication???? Institute of Computer Science Telematics Tutorial 03. February, 2011 27

Cryptographically Generated Addresses (CGA) Someone can claim to be the owner of your IP address, e.g., ARP or NDP address resolution Problem: Mechanism required to ensure that you are the owner of an IP address Requirement: Mechanism should work without a certification authority or any security infrastructure Institute of Computer Science Telematics Tutorial 03. February, 2011 28

Cryptographically Generated Addresses (CGA) Idea of Cryptographically Generated Addresses (CGA) Use a cryptographic identifier as address Host generates public/private key pair Interface identifier is based on the (hash of) public key Public key (+parameters) will be attached to the message Binding between the public key and the address can be verified by re-computing the hash value and by comparing the hash with the interface identifier Self-consistent authentication of source address without dedicated infrastructure IP address created this way is called cryptographically generated address (CGA) Message is signed by the corresponding private key CGAs does not work for IPv4 (address length too short) Institute of Computer Science Telematics Tutorial 03. February, 2011 29

Cryptographically Generated Addresses (CGA) Figure: CGA Encapsulation Institute of Computer Science Telematics Tutorial 03. February, 2011 30

Cryptographically Generated Addresses (CGA) Figure: CGA Decapsulation Institute of Computer Science Telematics Tutorial 03. February, 2011 31

Simple Network Management Protocol (SNMP) 1. Which device specific information are mutually available to both the SNMP agent and SNMP management system? How is this information encoded? 2. Explain the difference between public and private MIB. 3. What is the most important improvement of SNMPv3 in contrast to previous versions? 4. Explain how you can identify the port that a host is connected with on an SNMP capable switch.??? Institute of Computer Science Telematics Tutorial 03. February, 2011 32

Simple Network Management Protocol (SNMP) Background Management Information Base (MIB) specifies a set of variables a managed device must have, operations, and description You need an information model: objects to represent specific resources need to be identical on all systems Solution Structure of Management Information (SMI) specifies a set of rules to define and identify MIB variables Generic type: Managed Object Generic data structure: 2-dimensional table SMI standard includes definitions of terms like IPAddress (defining it to be a 4-octet string) Institute of Computer Science Telematics Tutorial 03. February, 2011 33

Simple Network Management Protocol (SNMP) Differences between public and private MIB: Public MIB specifies generic resources, e.g., interface table which may also depend on the device type, e.g., switch Private MIB specifies vendor and device specific resources Fundamental improvement of SNMPv3 in contrast to previous versions: SNMPv3 = SNMPv2 + Security + Administration Provides user-based security model: Authentication & Encryption View-based access control enables access rights to MIB Backward compatible to SNMPv1 and SNMPv2 Institute of Computer Science Telematics Tutorial 03. February, 2011 34

Simple Network Management Protocol (SNMP) Identifying the port that a host is connected with on an SNMP capable switch Each switch maintains a forwarding database ( bridge table ) There is a public bridge MIB (RFC 4188) for managing MAC bridges based on the IEEE 802.1D-1998 standard The forwarding database for transparent bridging is defined in...mib-2.dot1dbridge.dot1dtp.dot1dtpfdbtable (1.3.6.1.2.1.17.4.3) Institute of Computer Science Telematics Tutorial 03. February, 2011 35

Cookies Read and discuss Michal Zalewski s article HTTP cookies, or how not to design protocols. 1. Why are cookies required? 2. What is so critical about cookies and why is there no good specification???? Institute of Computer Science Telematics Tutorial 03. February, 2011 36

Cookies Problem: HTTP is a stateless protocol Problem: Several applications require a persistent state Solution: Store state in file (cookie) on client s system Major Problems: Domain scoping: Who may set a cookie for whom? Size of cookies adds up: Web servers could reject large packets Limited cookie jar size: Deletion of critical cookies possible secure and httponly cookies: Who may actually read/write these cookies? Non-ASCII characters: Unclear specification Session length Current situation: Each browser handles cookies individually The verdict: Multiple unspecific and too late published RFCs as well as incomplete browser support or browser specific behaviors lead to serious problems. Application HTTP TCP IP statefull stateless statefull stateless Institute of Computer Science Telematics Tutorial 03. February, 2011 37

The Last Slide TM Thank you for your attention. Questions? Institute of Computer Science Telematics Tutorial 03. February, 2011 38

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information