. , , ,

,,,

,

TCP/IP

,

?

, . , , , . TCP/IP, , , , .

, TCP/IP, , .

- , TCP/IP. , . 80- , , . 90- , , . , [Cerf93]. (NII) .

1.1.1

, TCP/IP . , SMTP( ). TELNET( ) FTP( ). , , . :

  • SMTP - ,
  • TELNET - , ,
  • FTP - ,
  • DNS - , TELNET, FTP IP .
  • ,
    • gopher - ,
    • WAIS - ,
    • WWW/http - , FTP, gopher, WAIS , (http), Netscape, Microsoft Internet Explorer Mosaic .
  • RPC - ,
    • NFS - , ,
    • NIS - , , ,
  • X Windows - ,
  • rlogin, rsh r- - , ,

TCP/IP , , , , , - . gopher www . .

1.1.2

, , Unix. TCP/IP 80- Unix, , BSD(Berkeley Software Distribution). Unix , Unix TCP/IP. , Unix , , , IP. , BSD UNIX , , .

Unix , , DEC VMS, NeXT, MVS , DOS, Microsoft Windows, Windows'95, Windows NT Apple. , , TELNET, , , , , . Unix , Linux, FreeBSD BSDi, , Microsoft Windows NT, , . , TCP/IP . , , ( , ) .

TCP/IP

TCP/IP , , . [Com91a],[Com91b],[Hunt92] [Bel89] ; , , .

TCP/IP , T1 .25, Ethernet RS-232. Ethernet , T1 . (, TCP/IP), . , , . , TCP/IP, , . PPP (Point-to-Point Protocol) SLIP (Serial Line IP) , .

, TCP/IP - , TCP, IP, UDP (User Datagram Protocol), ICMP (Internet Control Message Protocol), . TCP/IP (), 1.1

1.2 IP

IP , , , TCP UDP. , IP , TCP UDP .

IP , IP IP . IP , , , , , .

TCP UDP , , , . , IP ; , , , . IP , , . , -. TCP UDP IP c , . , [Bel89] , , . , , IP- , .

1.2.2 TCP

IP- TCP, IP TCP. TCP , . TCP , , , , .

TCP , TELNET. , , TCP, IP, , -. , TELNET, FTP, rlogin, X Windows SMTP TCP. DNS TCP ( ), UDP .

1.2.3 UDP

1.1, UDP , TCP. , . UDP , . -, NFS, , TELNET FTP. , UDP, RPC, NIS NFS, NTP( ) DNS( DNS TCP).

UDP , TCP, ( ).[Ches94]. UDP .

1.2.4 ICMP

ICMP ( ) , IP; - , IP. -, -. ICMP redirect , ICMP unreachable . , ICMP TCP, . PING ICMP.

[Bel89] ICMP: Unix , . , ICMP , . , , , , .

1.2.5 TCP UDP

TCP UDP -. , TELNET . - TELNET, TELNET. , , . . , , .

TELNET ? TCP UDP , :

  • IP- - ,
  • IP- - ,
  • - -
  • - -

- , ; 16- . , 25 SMTP 6000 X Windows; , , IP- , . , , ; , .

, , TELNET. TELNET 23, 23. TELNET, , , . , 3097, , TELNET, TCP-. , TELNET . 1.2

1.2 TELNET

, , , UNIX, , 1024( ). - , 1024, . TCP/IP, BSD .

TCP- UDP- , . ( 2).

TCP UDP , TELNET, , , , . , UNIX, - ( , ).

,

, . , , , , . , , - () .

- - ( , ) , - , , . : , , . ; ( : ) . , .

1.3.1

, , . , UNIX sendmail( Unix. , , , sendmail). , , sendmail , . , - sendmail sendmail [CIAC94a]. sendmail , , , .

-, , FTP- , . , FTP-, , [CIAC94c]. , , , , , . , , , .( , , , , ).

: [CERT94] [CIAC94b] , , , . , . , , . , , , , , .

. [Garf92], [Cur92],[ Bel89], [Ches94] [Farm93] , .

1.3.2

, - , . "" , . Unix , . , . , - . , , 8 , , .., .

- , TCP UDP , . , NFS(UDP) , . , .

1.3.3

, , TELNET FTP, . IP-, , . , . , .

, TELNET FTP, . , , .

X Windows, , . X ( , WWW- Netscape). , , .

1.3.4

1.2.1, , IP- , TCP UDP . , IP- , . , IP- - , , . , . , - :

  1. IP- , .
  2. , , IP- , .
  3. , .
  4. , , .
  5. , , .

Unix , . , , .

, , . TCP/IP Unix Unix . NFS (NFS IP- ). , IP-, , Unix , . - .

, , , [NIST94a]. , . , . , TELNET SMTP( ). , -, , , . , , , .

, DNS, , , . , , .

1.3.5

. , , NIS(Network Information Service) NFS(Network File system). , , , . , . , , , .

, rlogin, "" . , , . , , , , , . rlogin , , , , . , , , , rlogin . [Bel89][Ches94].

1.3.6

, . . Unix , , ( ) , , .

- , ( , ) . Unix BSD, , , . - , . , , , , , ( sendmail ).

1.3.7 .

: , , . , , . , -. , , , .

, , , , . 1.3.2, Unix. , Unix-, . , , . - .

?

, TCP UDP . , , , , , . , , , . .

(CERT/CC) , 1988 . , , . CERT , . , . , , , , , , .

NIST , , , . , , , , . :

  • ,

, . , , . , , , , , . , , , . , , "" , .

NIST , , , . , , . , , .

?

, , NFS NIS, . . , . , , - .

. .

2.2.1

. , .

, , , NFS, . , , . , NFS NIS, .

, ICMP. ICMP, .

2.2.2

. , , . , , .

, : , . , , , ? , , , - , .

2.2.3

- , , . , , , .

, Kerberos[NIST94c] . , Kerberos - , , - , .

2.2.4

, , , . , , finger . finger , , , . finger , , , , .

DNS , IP- . , , , .

2.2.5

, . (alarm), , .

. , , , . , .

2.2.6

, - . , . , , , . , .

[Avol94] Frederick Avolio and Marcus Ranum. A Network Perimeter With Secure Internet Access. In Internet Society Symposium on Network and Distributed System Security, pages 109-119. Internet Society, February 2-4 1994.

[Bel89] Steven M. Bellovin. Security Problems in the TCP/IP Protocol Suite. Computer Communications Review, 9(2):32-48, April 1989.

[Cerf93] Vinton Cerf. A National Information Infrastructure. Connexions, June 1993.

[CERT94] Computer Emergency Response Team/Coordination Center. CA-94:01, Ongoing Network Monitoring Attacks. Available from FIRST.ORG, pub/alerts/cert9401.txt, February 1994.

[Chap92] D. Brent Chapman. Network (In)Security Through IP Packet Filtering. In USENIX Security Symposium III Proceedings, pages 63-76. USENIX Association, September 14-16 1992.

[Ches94] William R. Cheswick and Steven M. Bellovin. Firewalls and Internet Security. Addison-Wesley, Reading, MA, 1994.

[CIAC94a] Computer Incident Advisory Capability. Number e-07, unix sendmail vulnerabilities update. Available from FIRST.ORG, file pub/alerts/e-07.txt, January 1994.

[CIAC94b] Computer Incident Advisory Capability. Number e-09, network monitoring attacks. Available from FIRST.ORG, pub/alerts/e-09.txt, February 1994.

[CIAC94c] Computer Incident Advisory Capability. Number e-14, wuarchive ftpd trojan horse. Available from FIRST.ORG, pub/alerts/e-14.txt, February 1994.

[Com91a] Douglas E. Comer. Internetworking with TCP/IP: Principles, Protocols, and Architecture. Prentice-Hall, Englewood Cliffs, NJ, 1991.

[Com91b] Douglas E. Comer and David L. Stevens. Internetworking with TCP/IP:Design, Implementation, and Internals. Prentice-Hall, Englewood Cliffs, NJ, 1991.

[Cur92] David Curry. UNIX System Security: A Guide for Users and System Administrators. Addison-Wesley, Reading, MA, 1992.

[Farm93] Dan Farmer and Wietse Venema. Improving the security ofyour site by breaking into it. Available from FTP.WIN.TUE.NL, file /pub/security/admin-guide-to-cracking.101.Z, 1993.

[Ford94] Warwick Ford. Computer Communications Security. Prentice-Hall, Englewood Cliffs, NJ, 1994.

[Garf92] Simpson Garfinkel and Gene Spafford. Practical UNIX Security. O'Reilly and Associates, Inc., Sebastopol, CA, 1992.

[Haf91] Katie Hafner and John Markoff. Cyberpunk: Outlaws and Hackers on the Computer Frontier. Simon and Schuster, New York, 1991.

[Hunt92] Craig Hunt. TCP/IP Network Administration. O'Reilly and Associates, Inc., Sebastopol, CA, 1992.

TCP/IP , ?

 

 

 

! , , , .
. , :