droppercauseNetworking and Communications

Oct 28, 2013 (3 years and 7 months ago)







Hacer Çondur


Tugba Agcaoglu

What is IP?

An IP address (Internet Protocol address) is a unique address that certain electronic devices
use in order to identify and communicate with each other on a computer netwo
rk utilizing the Internet
Protocol standard (IP)

in simpler terms, a computer address. Any participating network device

including routers, computers, time
servers, printers, Internet fax machines, and some telephones

have their own unique address.

An I
P address can also be thought of as the equivalent of a street address or a phone number
(compare: VoIP (voice over (the) internet protocol)) for a computer or other network device on the
Internet. Just as each street address and phone number uniquely iden
tifies a building or telephone, an
IP address can uniquely identify a specific computer or other network device on a network.

IP addresses can appear to be shared by multiple client devices either because they are part of
a shared hosting web server enviro
nment or because a proxy server (e.g., an ISP or anonymizer
service) acts as an intermediary agent on behalf of its customers, in which case the real originating IP
addresses might be hidden from the server receiving a request. The analogy to telephone sys
would be the use of predial numbers (proxy) and extensions (shared).

What is IP?(another explan.)

The Internet Protocol (IP) is a data
oriented protocol used for communicating data across a
switched internetwork.

IP is a network layer protocol
in the internet protocol suite and is encapsulated in a data link
layer protocol (e.g., Ethernet). As a lower layer protocol, IP provides the service of communicable
unique global addressing amongst computers

IP addressing and routing

Perhaps the most comp
lex aspects of IP are IP addressing and routing. Addressing refers to
how end hosts become assigned IP addresses and how subnetworks of IP host addresses are divided
and grouped together. IP routing is performed by all hosts, but most importantly by intern
routers, which typically use either interior gateway protocols (IGPs) or external gateway protocols
(EGPs) to help make IP datagram forwarding decisions across IP connected networks.

In computer networking the term routing (or routeing) refers to se
lecting paths in a computer
network along which to send data.

Routing directs forwarding, the passing of logically addressed packets from their source
network, toward their ultimate destination through intermediary nodes; typically hardware devices
routers. The routing process usually directs forwarding on the basis of routing tables which
maintain a record of the best routes to various network destinations. Thus constructing routing tables,
which are held in the routers' memory, becomes very importa
nt for efficient routing.

Routing differs from bridging in its assumption that address
structures imply the proximity of
similar addresses within the network, thus allowing a single routing
table entry to represent the route
to a group of addresses. Theref
ore, routing outperforms bridging in large networks, and it has become
the dominant form of path
discovery on the Internet.

Small networks may involve manually configured routing tables, while larger networks
involve complex topologies and may change cons
tantly, making the manual construction of routing
tables very problematic. Nevertheless, most of the public switched telephone network (PSTN) uses
computed routing tables, with fallback routes if the most direct route becomes blocked; see routing
in th
e PSTN. Dynamic routing attempts to solve this problem by constructing routing tables
automatically, based on information carried by routing protocols, and allowing the network to act
nearly autonomously in avoiding network failures and blockages.

routing dominates the Internet. However, the configuration of the routing protocols
often requires a skilled touch; one should not suppose that networking technology has developed to the
point of the complete automation of routing.

switched networks
, such as the Internet, split data up into packets, each labeled with
the complete destination address and each routed individually. Circuit switched networks, such as the
voice telephone network, also perform routing, in order to find paths for circuits (
such as telephone
calls) over which they can send large amounts of data without continually repeating the complete
destination address.

Traditional IP routing stays relatively simple because it uses next
hop routing where the router
only needs to consider
where it sends the packet, and does not need to consider the subsequent path of
the packet on the remaining hops. However, more complex routing strategies can be, and are, often
used in systems such as MPLS, ATM or Frame Relay, which are sometimes used as
technologies to support IP networks.

Classed IP Addressing and the Use of ARP

Consider a small internal TCP/IP network consisting of one Ethernet segment and three nodes. The IP
network number of this Ethernet segment is 200.1.2. The host numbe
rs for A, B, and C are 1, 2, and 3
respectively. These are Class C addresses, and therefore allow for up to 254 nodes on this network

Each of these nodes have corresponding Ethernet addresses, which are six bytes long. They are
normally written i
n hexadecimal form separated by dashes (02
A9 for example).

In the diagram above and subsequent diagrams, we have emphasized the network number portion of
the IP address by showing it in red.

Suppose that A wanted to send a packet to C for
the first time, and that it knows C's IP address. To
send this packet over Ethernet, A would need to know C's Ethernet address. The
Address Resolution
Protocol (ARP)

is used for the dynamic discovery of these addresses [1].

ARP keeps an internal table of
IP address and corresponding Ethernet address. When A attempts to
send the IP packet destined to C, the ARP module does a lookup in its table on C's IP address and will
discover no entry. ARP will then broadcast a special request packet over the Ethernet s
egment, which
all nodes will receive. If the receiving node has the specified IP address, which in this case is C, it will
return its Ethernet address in a reply packet back to A. Once A receives this reply packet, it updates its
table and uses the Etherne
t address to direct A's packet to C. ARP table entries may be stored statically
in some cases, or it keeps entries in its table until they are "stale" in which case they are flushed.

Consider now two separate Ethernet networks that are joined by a PC, C,
acting as an IP router (for
instance, if you have two Ethernet segments on your server).

Device C is acting as a

between these two networks. A r
outer is a device that chooses different
paths for the network packets, based on the addressing of the IP frame it is handling. Different routes
connect to different networks. The router will have more than one address as each route is part of a

Since there are two separate Ethernet segments, each network has its own Class C network number.
This is necessary because the router must know which network interface to use to reach a specific
node, and each interface is assigned a network numbe
r. If A wants to send a packet to E, it must first
send it to C who can then forward the packet to E. This is accomplished by having A use C's Ethernet
address, but E's IP address. C will receive a packet destined to E and will then forward it using E's
hernet address. These Ethernet addresses are obtained using ARP as described earlier.

If E was assigned the same network number as A, 200.1.2, A would then try to reach E in the same
way it reached C in the previous example

by sending an ARP request and

hoping for a reply.
However, because E is on a different physical wire, it will never see the ARP request and so the packet
cannot be delivered. By specifying that E is on a different network, the IP module in A will know that
E cannot be reached without
having it forwarded by some node on the same network as A.

What is Routing Table?

eferring to a database on a router
. S
tore that routers' information

in the database. D
forwarding by matching destination addresses to the network paths used to reach


Network destination

The network destination is used with the netmask to match the destination IP address. The
network destination can range from for the default route through for the
limited broadcast, which is a spec
ial broadcast address to all hosts on the same network segment.


The netmask is the subnet mask that is applied to the destination IP address when matching it
to the value in the network destination. When netmask is written in binary, a "1" must
match and a "0"
need not match. For example, a default route uses a netmask that translates to the binary value, so bits need not match. A host route
a route that matches an IP address
uses a netmask that translates to the

binary value 11111111.11111111.11111111.11111111,
so all of the bits must match.


The gateway address is the IP address that the local host uses to forward IP datagrams to other
IP networks. This is either the IP address of a local network adapte
r or the IP address of an IP router
(such as a default gateway router) on the local network segment.


The interface is the IP address that is configured on the local computer for the local network
adapter that is used when an IP datagram is forw
arded on the network.


A metric indicates the cost of using a route, which is typically the number of hops to the IP
destination. Anything on the local subnet is one hop, and each router crossed after that is an additional
hop. If there are multipl
e routes to the same destination with different metrics, the route with the
lowest metric is selected.

For information about adding routes to the IP routing table, see Add a static IP route. For
information about deleting routes in the IP routing table, se
e Remove a static IP route.


A router is a computer networking device that buffers and forwards data packets across an
internetwork toward their destinations, through a process known as routing. Routing occurs at layer 3
(the Network layer e.g. IP) o
f the OSI seven
layer protocol stack.

A router acts as a junction between two or more networks to buffer and transfer data packets
among them. A router is different from a switch and a hub: a router is working on layer 3 of OSI
model, a switch on layer 2 a
nd a hub on layer 1. This makes them work for different situations: a
switch connects devices to form a Local area network (LAN) (which might, in turn, be connected to
another network via a router).

So for example, a router at home connects the Internet Se
rvice Provider's (ISP) network
(usually on an Internet address) together with the LAN in the home (typically using a range of private
IP addresses, see network address translation) and a single broadcast domain. The switch connects
devices together to form

the LAN. Sometimes the switch and the router are combined together in one
single package sold as a multiple port router.

In order to route packets, a router communicates with other routers using routing protocols and
using this information creates and mai
ntains a routing table. The routing table stores the best routes to
certain network destinations, the "routing metrics" associated with those routes, and the path to the
next hop router. See the routing article for a more detailed discussion of how this wo

Routing is most commonly associated with the Internet Protocol, although other less
routed protocols are in use.

Router means Connection between different networks... sample example: to

Classes of routing protocols

ding on the relationship of the router relative to other autonomous systems, various
classes of routing protocols exist:

Interior Gateway Protocols (IGPs) exchange routing
information within a single autonomous
system. Common examples include:

IGRP (Inter
ior Gateway Routing Protocol)

EIGRP (Enhanced Interior Gateway Routing Protocol)

OSPF (Open Shortest Path First)

RIP (Routing Information Protocol)

IS (Intermediate System to Intermediate System)

Open Shortest Path First (OSPF)

The Open Shortest Pa
th First (OSPF) protocol is a link
state, hierarchical interior gateway
protocol (IGP) for network routing. Dijkstra's algorithm is used to calculate the shortest path tree. It
uses path cost as its routing metric. Path cost is determined generally by the
speed (aka bandwidth) of
the interface addressing the given route. A link state database (LSDB) is constructed as a tree
image of
the network topology, and identical copies of the LSDB are periodically updated on all routers in each
aware area (region

of the network included in an OSPF area type
see "Area types" below). By
convention, area 0 represents the core or "backbone" region of an OSPF
enabled network, and other
OSPF area numbers may be designated to serve other regions of an enterprise (large,

however every additional OSPF area must have a direct connection to the backbone or 0
OSPF area.

OSPF is perhaps the most widely
used IGP in large networks. The most widely
used (EGP)
exterior gateway protocol is BGP. OSPF Protocol can
operate (communicate with other routers about
path" routes to save in their LSDBs) securely, using MD5 to authenticate peers before forming
adjacencies, and before accepting link
state advertisements (LSA). A natural successor to the Routing
ion Protocol (RIP), it was VLSM
capable or classless from its inception. A newer version of
OSPF (OSPFv3) now supports IPv6 as well. Multicast extensions to OSPF, the Multicast Open
Shortest Path First (MOSPF) protocols, have been defined, but these are no
t widely used at present.
OSPF can "tag" routes, and propagate the tags along with the routes.

An OSPF network can be broken up into smaller networks. A special area called the backbone
area forms the core of the network, and other areas are connected to i
t. Inter
area routing goes via the
backbone. All areas must connect to the backbone; if no direct connection is possible, a virtual link
may be established

Routing Information Protocol (RIP)

The Routing Information Protocol (RIP) is one of the most common
ly used interior gateway
protocol (IGP) routing protocols on internal networks (and to a lesser extent, networks connected to
the Internet), which helps routers dynamically adapt to changes of network connections by
communicating information about which ne
tworks each router can reach and how far away those
networks are.

Although RIP is still actively used, it is generally considered to have been made obsolete by
routing protocols such as OSPF and IS
IS. Nonetheless, a somewhat more capable protocol in the
ame basic family (distance
vector routing protocols), was Cisco's proprietary (IGRP) Interior
Gateway Routing Protocol. IGRP in turn has been 'enhanced' by Cisco to EIGRP.

RIP is sometimes said to stand for Rest in Pieces in reference to the reputation tha
t RIP has for
breaking unexpectedly, rendering a network unable to function.

Intermediate system to intermediate system (IS

Intermediate system to intermediate system (IS
IS), is a protocol used by network devices
(routers) to determine the best way to

forward datagrams or packets through a packet
based network, a
process called routing.

IS is an Interior Gateway Protocol (IGP) meaning that it is intended for use within an
administrative domain or network. It is not intended for routing between netwo
rks or administrative
domains, a job which is the purpose of an Exterior Gateway Protocol, such as Border Gateway
Protocol (BGP).

IS is a link
state routing protocol, meaning that it operates by reliably flooding topology
information throughout a networ
k of routers. Each router then independently builds a picture of the
network's topology. Packets or datagrams are forwarded based on the best topological path through the
network to the destination. IS
IS uses Dijkstra's algorithm for identifying the best
path through the

Interior Gateway Routing Protocol (IGRP)

Interior Gateway Routing Protocol (IGRP) is a kind of IGP which is a distance
vector routing
protocol invented by Cisco, used by routers to exchange routing data within an autonomous system.

IGRP was created in part to overcome the limitations of RIP (maximum hop count of only 16,
and a single routing metric) when used within large networks. IGRP supports multiple metrics for each
route, including bandwidth, load, delay, MTU, and reliability;

to compare two routes these metrics are
combined together into a single metric, using a formula which can be adjusted through the use of pre
set constants. The maximum hop count of IGRP
routed packets is 255 (default 100).

IGRP is considered a classful ro
uting protocol. As the protocol has no field for a subnet mask
the router assumes that all interface addresses have the same subnet mask as the router itself. This
contrasts with classless routing protocols that can use variable length subnet masks. Classf
ul protocols
have become less popular as they are wasteful of IP address space.

The protocol is unique in its treatment of default routes, or gateways of last resort. Rather than
configuring a specific default gateway route, a network administrator must fl
ag preexisting static
routes as candidates for a default route. If two or more default route candidates exists, IGRP calculates
the optimal default route based each route's metrics.

Enhanced Interior Gateway Routing Protocol (EIGRP)

Enhanced Interior Gatew
ay Routing Protocol (EIGRP) is a Cisco proprietary routing protocol
loosely based on their original IGRP. EIGRP is an advanced distance
vector routing protocol, with
optimizations to minimize both the routing instability incurred after topology changes, as

well as the
use of bandwidth and processing power in the router.

Most of the routing optimizations are based on the Diffusing Update Algorithm (DUAL) work
from SRI, which guarantees loop
free operation. In particular, DUAL avoids the "count to infinity"
ehaviour common in distance
vector routing protocols when a destination becomes completely
unreachable. The maximum hop count of EIGRP
advertised routes (i.e. destination networks) is 220.
EIGRP has a lower maximum hop count than IGRP, 220 for EIGRP and 25
5 for IGRP.


TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication
language or protocol of the Internet. It can also be used as a communications protocol in a private
network (either an intranet or an extranet). When yo
u are set up with direct access to the Internet, your
computer is provided with a copy of the TCP/IP program just as every other computer that you may
send messages to or get information from also has a copy of TCP/IP.

TCP/IP is a two
layer program. The h
igher layer, Transmission Control Protocol, manages the
assembling of a message or file into smaller packets that are transmitted over the Internet and received
by a TCP layer that reassembles the packets into the original message. The lower layer, Interne
Protocol, handles the address part of each packet so that it gets to the right destination. Each gateway
computer on the network checks this address to see where to forward the message. Even though some
packets from the same message are routed differentl
y than others, they'll be reassembled at the

TCP/IP uses the client/server model of communication in which a computer user (a client)
requests and is provided a service (such as sending a Web page) by another computer (a server) in the
k. TCP/IP communication is primarily point
point, meaning each communication is from
one point (or host computer) in the network to another point or host computer. TCP/IP and the higher
level applications that use it are collectively said to be "statele
ss" because each client request is
considered a new request unrelated to any previous one (unlike ordinary phone conversations that
require a dedicated connection for the call duration). Being stateless frees network paths so that
everyone can use them con
tinuously. (Note that the TCP layer itself is not stateless as far as any one
message is concerned. Its connection remains in place until all packets in a message have been

Many Internet users are familiar with the even higher layer application

protocols that use
TCP/IP to get to the Internet. These include the World Wide Web's Hypertext Transfer Protocol
(HTTP), the File Transfer Protocol (FTP), Telnet (Telnet) which lets you logon to remote computers,
and the Simple Mail Transfer Protocol (SMT
P). These and other protocols are often packaged together
with TCP/IP as a "suite."

What is VOIP?

Voice over IP

the transmission of voice over packet
switched IP networks

is one of

the most important emerging trends in telecommunications. As with many

new technologies, VOIP
introduces both security risks and opportunities. Lower cost and greater flexibility are among the
promises of VOIP for the enterprise, but the technology presents security administrators with
significant security challenges. Admini
strators may mistakenly assume that since digitized voice
travels in packets, they can simply plug VOIP components into their already
secured networks and
remain secure. Unfortunately,the process is not that simple. This publication explains the challenges

VOIP security for agency and commercial users of VOIP, and outlines steps needed to help secure an
organization’s VOIP network. VOIP security considerations for the public switched network are
largely outside the scope of this document.

VOIP systems ta
ke a wide variety of forms, including traditional telephone handsets,
conferencing units, and mobile units. In addition to end
user equipment, VOIP systems include a
variety of other components, including call processors/call managers, gateways,routers, fi
rewalls, and
protocols. Most of these components have counterparts used in data networks, but the performance
demands of VOIP mean that ordinary network software and hardware must be supplemented with
special VOIP components. Not only does VOIP require hig
her performance than most data systems,
critical services, such as Emergency 911 must be accommodated. One of the main sources of
confusion for those new to VOIP is the (natural) assumption that because digitized voice travels in
packets just like other da
ta, existing network architectures and tools can be used without change.

Packet networks depend for their successful operation on a large number of configurable

parameters: IP and MAC (physical) addresses of voice terminals, addresses of routers and firewa
and VOIP specific software such as call processing components (Call Managers) and other programs
used to place and route calls. Many of these network parameters are established dynamically every
time network components are restarted, or when a VOIP te
lephone is restarted or added to the
network. Because there are so many places in a network with dynamically configurable parameters,
intruders have a wide array of potentially vulnerable points to attack.

Overview of VoIP

Many readers who have a good und
erstanding of the Internet and data communications
technology may have little background in transmitting voice or real
time imaging in a packet
environment. One of the main sources of confusion for those new to VOIP is the (natural) assumption
t because digitized voice travels in packets just like other data, existing network architectures and
tools can be used without change for voice transmission. Unfortunately, VOIP adds a number of
complications to existing network technology, and these prob
lems are complicated by security
considerations. Most of this report is focused on how to overcome the complications introduced by
security requirements for VOIP.

For several years, VOIP was a technology prospect, something on the horizon for the “future
orks” segment of telephony and networking papers. Now, however, telecommunications companies
and other organizations have already or are in the process of moving their telephony infrastructure to
their data networks. The VOIP solution provides a cheaper an
d clearer alternative to traditional PSTN
phone lines.Unfortunately, although its implementation is widespread, the technology is still very
much in its adolescence. It is growing in quick spurts throughout North America and Europe, but it is
still awkward
ly implemented on most legacy networks, and often lacks compatibility and continuity
with existing systems. Nevertheless, VOIP will capture a significant portion of the telephony market,
given the fiscal savings and flexibility that it can provide.



Security concerns are nothing new for voice. Legacy phone systems have had trouble with toll
fraud for decades.

Businesses of all sizes adopting IP telephony need to seriously consider its security
implications. But while a
number of threats exist
, three stand out as the most dangerous, particularly to
smaller organisations: denial of service, spit and fraud.

VOIP Security (Another expln)


the combination of these networks comes an interesting convergence of the attacks

against them. Just as the two networks are amalgamating into one, so are two branches of the hacking
community. In the past, “phone phreaks” devised and implemented attacks
against the public
telephone system, exploiting features that allowed them to make long distance calls for free, eavesdrop
on conversations, and conduct other malicious activities. Phreaking developed according to the same
principle as hacking, that the be
st way to learn about a system is to exploit it. The tools developed by
these early attackers often exploited the phone company’s use of in
band signaling, that is, using the

same lines and protocols for signaling information as for voice communication. On
e of the most
famous of these devices was use of a whistle from a Captain Crunch cereal box that produced a
frequency (2600 Hz) that enabled the phreaker to make free calls.

With the introduction of VOIP, the need for security is compounded because now we
protect two invaluable assets, our data and our voice. Federal government agencies are required by law
to protect a great deal of information, even if it is unclassified. Both privacy
sensitive and financial
data must be protected, as well as other go
vernment information that is categorized as sensitive but
unclassified. Protecting the security of conversations is thus required. In a conventional office
telephone system, security is a more valid assumption. Intercepting conversations requires physical
access to telephone lines or compromise of the office private branch exchange (PBX). Only
particularly security
sensitive organizations bother to encrypt voice traffic over traditional telephone

lines. The same cannot be said for Internet
based connections
. For example, when ordering
merchandise over the phone, most people will read their credit card number to the person on the other
end. The numbers are transmitted without encryption to the seller. In contrast, the risk of sending
unencrypted data across t
he Internet is more significant. Packets sent from a user’s home computer to
an online retailer may pass through 15
20 systems that are not under the control of the user’s ISP or
the retailer.Because digits are transmitted using a standard for transmitting

digits out of band as

special messages, anyone with access to these systems could install software that scans packets for
credit card information. For this reason, online retailers use encryption software to protect a user’s
information and credit card nu
mber. So it stands to reason that if we are to transmit voice over the
Internet Protocol, and specifically across the Internet, the same security measures utilized in this
scenario must be applied.The current Internet architecture does not provide the same

physical wire
security as the phone lines. The key to securing VOIP is to use the security mechanisms already

deployed in data networks (firewalls, encryption, etc.) to emulate the security level currently enjoyed
by PSTN network users. This report invest
igates the attacks and defenses relevant to VOIP and
explores ways to close the security gap between today’s telephones and data networks.