THE INTERNET AND THE WEB

HOW THE INTERNET AND THE WEB FIND STUFF



IP ADDRESSES - any computer running TCP/IP on a

network needs a unique address. These addresses

are often viewed by humans in ―dotted decimal‖

format: 192.168.0.1 – as you can see there are 4

groups of numbers with ―dots‖ in between them.



Each group is known as an ―octet‖ because it is

represented in the computer as one byte – there are

eight bits in a byte hence the ―oct‖ part of octet.

Note that a single byte can represent quantities from

0 to 255. Thus these groups will never contain a

number greater than 255 (or less than 0).

Your computer may be assigned a public IP address

(which can be seen by anyone on the internet) or a

private IP address

(which can be seen by

only those on your local

network). There are lots

of rules that govern what

the combinations might

look like and how your

network translates one

to the other.



Devices called routers determine the optimum way

for your data to go from one IP address to another.

So how do I find out my IP address?

Click on start / run, type CMD and press enter. At the

prompt type:

c:\>ipconfig /all



Windows IP Configuration



Host Name . . . . . . . . . . . . : g8way

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : mshome.net



Ethernet adapter Pro100:



Connection-specific DNS Suffix . : mshome.net

Description . . . . . . . . . . . : Intel(R) PRO/100+ Management Adapter

Physical Address. . . . . . . . . : 00-03-47-09-81-A2

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168. 0 .104

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Thursday, October 21, 2004 3:37:39 PM

Lease Expires . . . . . . . . . . : Thursday, October 28, 2004 3:37:39 PM







o The physical address is a unique number burned

into your network device

o Part of your IP address is the network you are on

o The other part is what address you are – on that

network

o How do we know? The subnet mask tells us so!

o The Gateway is the computer that links you to the

Internet.

Ethernet adapter Pro100:



Connection-specific DNS Suffix . : mshome.net

Description . . . . . . . . . . . : Intel(R) PRO/100+ Management Adapter

Physical Address. . . . . . . . . : 00-03-47-09-81-A2

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168. 0 .104

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Thursday, October 21, 2004 3:37:39 PM

Lease Expires . . . . . . . . . . : Thursday, October 28, 2004 3:37:39 PM







o The DHCP server is the computer that assigns you

your IP address

o The DNS server associates the names you type

into your browser with the actual IP address of the

site

PORTS – there are 64K

available ports on

computers running TCP/IP.

Data is assigned a port

number and sent from your

computer and then is taken

in by another computer

(usually on a different port) 11341

someplace else.



An apartment building is a good analogy

 The apartment building has an address

 You have a apartment # in that building



The combination of IP address and Port is known as

an end-point or socket



List of ports

http://www.iana.org/assignments/port-numbers

OK, so how do I know what ports I have open on

my computer right now?

Click on start / run, type CMD and press enter. At the

prompt type: netstat – the result may look similar to

this:

D:\>netstat



Active Connections

Proto Local Address Foreign Address State

TCP gateway8:11334 baker.bcc.ctc.edu:1025 ESTABLISHED

TCP gateway8:11341 hawk.bcc.ctc.edu:28705 ESTABLISHED

TCP gateway8:11347 eagle.bcc.ctc.edu:1968 ESTABLISHED

TCP gateway8:12477 64.233.171.105:http ESTABLISHED





 Strange, open ports could be an indication of a

Trojan horse virus or spyware

 Port Sniffers are programs that will search

computers for open ports

 Let’s use Shields Up! to test our ports

Reformatting

 Data is broken up into packets and may be sent

along various pathways to a common destination

 Reassembled at destination



OK, so how do I see which way my data goes?

Click on start / run, type CMD and press enter. At the

prompt type: tracert www.berkeley.edu









Another useful command is ping www.berkeley.edu

PRIVACY AND SECURITY



Maximize the positive

effects of connectivity

while minimizing the

negative. Concerns

involve:

 Privacy

 Security







The bad guys

Hackers – anyone who attempts to gain access to

unauthorized resources on a network.

Crackers – hackers that try and detect passwords

and remove copy protection from software.









Script kiddies – computer users that use existing

tools to spread viruses and malicious scripts.

Packet monkeys – mischievous hackers that try to

block access to web servers by hijacking computers

and using DDoS (distributed denial of service)

attacks. Clog up communication channels.

Security - Safe computing begins at the local level



 Install latest patches and updates from MSFT

o Service Pack 2 for Windows XP

o Service Packs for Office XP

o System Properties – Automatic Updates

 Learn and use System restore

o Right click My Computer select Properties

o Programs / Accessories / System Tools / System Restore

 There are simple things you can do…

o Show extensions - a malicious executable file

named ―readme.txt.exe" is displayed as

"readme.txt" in Windows Explorer

o Show hidden files and folders – great place for

stuff to hide

o Set Internet Explorer

Security policies higher

o Adjust and modify Macro

Security in Office 97, 2000,

and Office XP/2002

o Strong password policy

o Install antivirus software

o Use a firewall

Viruses

Parasitic program

written intentionally to

enter a computer

without the user's

permission or

knowledge





 The word parasitic is used because a virus may

attach to files or boot sectors and replicate itself,

thus continuing to spread

 Though some viruses do little but replicate, others

can cause serious damage or affect program and

system performance

 A virus should never be assumed harmless and left

on a system

Malware – malicious software.



Not all malicious programs are

viruses. The term malware refers

to any malicious or unexpected

program or code such as viruses,

Trojans, spyware and keystroke

loggers.









Types of Malware and Virus Infection



 E-mail viruses - An e-mail virus moves around in e-

mail messages, and usually replicates itself by

automatically mailing itself to dozens of people in

the victim's e-mail address book.



 Worms - A worm is a small piece of software that

uses computer networks and security holes to

replicate itself. A copy of the worm scans the

network for another machine that has a specific

security hole. It copies itself to the new machine

using the security hole, and then starts replicating

from there, as well.

 Trojan horses – A Trojan horse virus claims to do

one thing but instead does damage when you run it

(it may erase your hard disk or open up your

computer’s resources to the Internet). Trojan horses

have no way to replicate automatically.



 Boot sector virus – Boot sector viruses infect the

boot sector or partition table of a disk. Once the

system is infected (usually via the floppy drive), the

boot sector virus will attempt to infect every disk

that is accessed by that computer.

 Script - Active X, script and macro exploits



 Root Kits – the new terror on the block

Roots kits can hide themselves inside the OS kernel

and make things invisible to the OS and even

standard virus checking software.

 null.sys, HE4Hook, HackerDefender etc…

 Sony DRM distributed in several CD

 RootKitRevealer

Virus Checking Software



Free Online

McAfee free scan

TrendMicro HouseCall

Symantec Security Check





Free Offline

AVG Anti-Virus

Avast

ClamWin



Pay Offline

McAfee

Norton Antivirus



and many more…

Safer Networking…



The Internet and the web

Illusion of anonymity – everything is traceable to its

source







Cookies – small items of data that are

stored on your computer when you

visit a web site.

 Cookies are used to make on-line

catalogs and shopping carts work. It

makes the ordering process and web site

customization easier for the user and web site

owner

 However cookies can also be used in certain

instances to track a user's web surfing habits, the

information is then used to deliver targeted

marketing – DoubleClick.com (do not accept 3rd

party cookies)

 Note that cookies rarely have anything to do with all

annoying SPAM (unsolicited email)

You can see active cookies for web sites you visit by

typing: javascript:alert("Cookies: "+document.cookie)

into your browser’s address bar. You can control in

via your browser’s ―options‖ menu.



Cookie bottom line

 Good cookies – used to store preferences for web

sites. Do not fear these cookies if your computer

supports individual logons…

 Bad cookies – used to monitor activities across all

sites you visit

 Programs to monitor and manage cookies

o Internet Explorer / Tools

 Compact Privacy Policy – (P3P is the Privacy

Preference Project)

 A user may decide to reject cookies from a site

that does not have a P3P policy or has a policy

they do not agree with, such as selling/sharing

their information with third parties for marketing

purposes.

o Firefox

 Tools / Options / Privacy / Cookies

Adware & Spyware



These programs ―phone home‖ and bring files into

your computer.

 They may also send out data about your use of the

computer

 They may also hijack your home page forcing you

to go to a specific web site each time you start your

web browser

 They might modify your system settings so that you

can not change your system settings

 They might also record your keystrokes…



These programs often disguise themselves as

browser helper objects (tools that integrate

themselves into your browser). Got a mysterious new

toolbar in Internet Exploder?



They are right now the BIGGEST PITA for network

managers everywhere.

The clues that spyware is on a computer include:

 A barrage of pop-up ads

 A hijacked browser — that is, a browser that takes

you to sites other than those you type into the

address box

 A sudden or repeated change in your computer’s

Internet home page

 New and unexpected toolbars

 New and unexpected icons on the system tray at

the bottom of your computer screen

 Keys that don’t work (for example, the ―Tab‖ key

that might not work when you try to move to the

next field in a Web form)

 Random error messages

 Sluggish or downright slow performance when

opening programs or saving files

Courtesy FTC

Ways to find and fix

o start / run / msconfig









o http://www.lavasoftusa.com

o http://www.safer-networking.org/index.php?page=download

o http://www.tomcoyote.org/hjt/

o Autoruns by SysInternals





 Popups and popunders (a popunder launches a

new window behind the current window) -

o Google toolbar http://toolbar.google.com/

o Windows XP Service Pack 2

Spam - Unsolicited commercial email



Typically, an email

spammer buys a list of

email addresses from a

list broker, who compiles

it by "harvesting"

addresses from the

Internet





Ways they find addresses and send spam

 If your email address appears in a newsgroup

posting, on a website, in a chat room, or in an

online service's membership directory, it may find

its way onto these lists

 The marketer then uses special software that can

send hundreds of thousands - even millions - of

email messages to the addresses at the click of a

mouse

Solutions (yeah right)

 Read all privacy policies - opt out

o bugmenot.com

o mailinator.com

 Have several email accounts and keep your

personal one private

 Create a unique email address – spammers use

dictionary attacks to sort through users of large

ISPs

 Anonymize chat and newsgroup sessions

 Use the filters in your email client

o Mozilla Thunderbird

 Send a copy of unwanted or deceptive messages

to spam@uce.gov.





Phishing - Internet scammers casting about for

people’s financial information have a new way to lure

unsuspecting victims: They go ―phishing.‖

 Phishing uses spam or pop-up messages to

deceive you into disclosing your credit card

numbers, bank account information, Social

Security number, passwords, or other sensitive

information.

 FTC hints on how to avoid phishing

Use whois to determine ownership of IP address. Try

this site for more IP tools.



Other measures to protect privacy



Encryption

 Encrypt files, data and email

 http://www.pgp.com/products/freeware.html

Firewalls - restrict access to computer TCP/IP ports.

You should not enable a firewall on any connection

that does not directly connect to the Internet…



 Zone Alarm

 Sygate Personal Firewall

 Internet Connection Firewall

o If you have SP2

 Click Start and then click Control Panel

 In the control panel, click Windows

Security Center

 Click Windows Firewall

o If you don’t (and you have Windows => 98SE)

 Get properties on

Network Places

 Get properties on

your NIC

SECURITY

Threats to an organization’s computer security

include:

 Employees

 Outside users – clients with some access to system

 Hackers / crackers

 Organized crime – counterfeiting, automating

criminal activity. Finding vulnerabilities.

 Terrorists