What is IP?
An IP address (Internet Protocol address) is a unique address that certain electronic devices
use in order to identify and communicate with each other on a computer network utilizing the Internet
Protocol standard (IP)—in simpler terms, a computer address. Any participating network device—
including routers, computers, time-servers, printers, Internet fax machines, and some telephones—can
have their own unique address.
An IP address can also be thought of as the equivalent of a street address or a phone number
(compare: VoIP (voice over (the) internet protocol)) for a computer or other network device on the
Internet. Just as each street address and phone number uniquely identifies a building or telephone, an
IP address can uniquely identify a specific computer or other network device on a network.
IP addresses can appear to be shared by multiple client devices either because they are part of
a shared hosting web server environment or because a proxy server (e.g., an ISP or anonymizer
service) acts as an intermediary agent on behalf of its customers, in which case the real originating IP
addresses might be hidden from the server receiving a request. The analogy to telephone systems
would be the use of predial numbers (proxy) and extensions (shared).
What is IP?(another explan.)
The Internet Protocol (IP) is a data-oriented protocol used for communicating data across a
IP is a network layer protocol in the internet protocol suite and is encapsulated in a data link
layer protocol (e.g., Ethernet). As a lower layer protocol, IP provides the service of communicable
unique global addressing amongst computers
IP addressing and routing
Perhaps the most complex aspects of IP are IP addressing and routing. Addressing refers to
how end hosts become assigned IP addresses and how subnetworks of IP host addresses are divided
and grouped together. IP routing is performed by all hosts, but most importantly by internetwork
routers, which typically use either interior gateway protocols (IGPs) or external gateway protocols
(EGPs) to help make IP datagram forwarding decisions across IP connected networks.
In computer networking the term routing (or routeing) refers to selecting paths in a computer
network along which to send data.
Routing directs forwarding, the passing of logically addressed packets from their source
network, toward their ultimate destination through intermediary nodes; typically hardware devices
called routers. The routing process usually directs forwarding on the basis of routing tables which
maintain a record of the best routes to various network destinations. Thus constructing routing tables,
which are held in the routers' memory, becomes very important for efficient routing.
Routing differs from bridging in its assumption that address-structures imply the proximity of
similar addresses within the network, thus allowing a single routing-table entry to represent the route
to a group of addresses. Therefore, routing outperforms bridging in large networks, and it has become
the dominant form of path-discovery on the Internet.
Small networks may involve manually configured routing tables, while larger networks
involve complex topologies and may change constantly, making the manual construction of routing
tables very problematic. Nevertheless, most of the public switched telephone network (PSTN) uses
pre-computed routing tables, with fallback routes if the most direct route becomes blocked; see routing
in the PSTN. Dynamic routing attempts to solve this problem by constructing routing tables
automatically, based on information carried by routing protocols, and allowing the network to act
nearly autonomously in avoiding network failures and blockages.
Dynamic routing dominates the Internet. However, the configuration of the routing protocols
often requires a skilled touch; one should not suppose that networking technology has developed to the
point of the complete automation of routing.
Packet-switched networks, such as the Internet, split data up into packets, each labeled with
the complete destination address and each routed individually. Circuit switched networks, such as the
voice telephone network, also perform routing, in order to find paths for circuits (such as telephone
calls) over which they can send large amounts of data without continually repeating the complete
Traditional IP routing stays relatively simple because it uses next-hop routing where the router
only needs to consider where it sends the packet, and does not need to consider the subsequent path of
the packet on the remaining hops. However, more complex routing strategies can be, and are, often
used in systems such as MPLS, ATM or Frame Relay, which are sometimes used as underlying
technologies to support IP networks.
Classed IP Addressing and the Use of ARP
Consider a small internal TCP/IP network consisting of one Ethernet segment and three nodes. The IP
network number of this Ethernet segment is 200.1.2. The host numbers for A, B, and C are 1, 2, and 3
respectively. These are Class C addresses, and therefore allow for up to 254 nodes on this network
Each of these nodes have corresponding Ethernet addresses, which are six bytes long. They are
normally written in hexadecimal form separated by dashes (02-FE-87-4A-8C-A9 for example).
In the diagram above and subsequent diagrams, we have emphasized the network number portion of
the IP address by showing it in red.
Suppose that A wanted to send a packet to C for the first time, and that it knows C's IP address. To
send this packet over Ethernet, A would need to know C's Ethernet address. The Address Resolution
Protocol (ARP) is used for the dynamic discovery of these addresses .
ARP keeps an internal table of IP address and corresponding Ethernet address. When A attempts to
send the IP packet destined to C, the ARP module does a lookup in its table on C's IP address and will
discover no entry. ARP will then broadcast a special request packet over the Ethernet segment, which
all nodes will receive. If the receiving node has the specified IP address, which in this case is C, it will
return its Ethernet address in a reply packet back to A. Once A receives this reply packet, it updates its
table and uses the Ethernet address to direct A's packet to C. ARP table entries may be stored statically
in some cases, or it keeps entries in its table until they are "stale" in which case they are flushed.
Consider now two separate Ethernet networks that are joined by a PC, C, acting as an IP router (for
instance, if you have two Ethernet segments on your server).
Device C is acting as a router between these two networks. A router is a device that chooses different
paths for the network packets, based on the addressing of the IP frame it is handling. Different routes
connect to different networks. The router will have more than one address as each route is part of a
Since there are two separate Ethernet segments, each network has its own Class C network number.
This is necessary because the router must know which network interface to use to reach a specific
node, and each interface is assigned a network number. If A wants to send a packet to E, it must first
send it to C who can then forward the packet to E. This is accomplished by having A use C's Ethernet
address, but E's IP address. C will receive a packet destined to E and will then forward it using E's
Ethernet address. These Ethernet addresses are obtained using ARP as described earlier.
If E was assigned the same network number as A, 200.1.2, A would then try to reach E in the same
way it reached C in the previous example - by sending an ARP request and hoping for a reply.
However, because E is on a different physical wire, it will never see the ARP request and so the packet
cannot be delivered. By specifying that E is on a different network, the IP module in A will know that
E cannot be reached without having it forwarded by some node on the same network as A.
What is Routing Table?
Referring to a database on a router. Store that routers' information in the database. Direct
forwarding by matching destination addresses to the network paths used to reach them.
The network destination is used with the netmask to match the destination IP address. The
network destination can range from 0.0.0.0 for the default route through 255.255.255.255 for the
limited broadcast, which is a special broadcast address to all hosts on the same network segment.
The netmask is the subnet mask that is applied to the destination IP address when matching it
to the value in the network destination. When netmask is written in binary, a "1" must match and a "0"
need not match. For example, a default route uses a 0.0.0.0 netmask that translates to the binary value
0.0.0.0, so bits need not match. A host route--a route that matches an IP address--uses a
255.255.255.255 netmask that translates to the binary value 11111111.11111111.11111111.11111111,
so all of the bits must match.
The gateway address is the IP address that the local host uses to forward IP datagrams to other
IP networks. This is either the IP address of a local network adapter or the IP address of an IP router
(such as a default gateway router) on the local network segment.
The interface is the IP address that is configured on the local computer for the local network
adapter that is used when an IP datagram is forwarded on the network.
A metric indicates the cost of using a route, which is typically the number of hops to the IP
destination. Anything on the local subnet is one hop, and each router crossed after that is an additional
hop. If there are multiple routes to the same destination with different metrics, the route with the
lowest metric is selected.
For information about adding routes to the IP routing table, see Add a static IP route. For
information about deleting routes in the IP routing table, see Remove a static IP route.
A router is a computer networking device that buffers and forwards data packets across an
internetwork toward their destinations, through a process known as routing. Routing occurs at layer 3
(the Network layer e.g. IP) of the OSI seven-layer protocol stack.
A router acts as a junction between two or more networks to buffer and transfer data packets
among them. A router is different from a switch and a hub: a router is working on layer 3 of OSI
model, a switch on layer 2 and a hub on layer 1. This makes them work for different situations: a
switch connects devices to form a Local area network (LAN) (which might, in turn, be connected to
another network via a router).
So for example, a router at home connects the Internet Service Provider's (ISP) network
(usually on an Internet address) together with the LAN in the home (typically using a range of private
IP addresses, see network address translation) and a single broadcast domain. The switch connects
devices together to form the LAN. Sometimes the switch and the router are combined together in one
single package sold as a multiple port router.
In order to route packets, a router communicates with other routers using routing protocols and
using this information creates and maintains a routing table. The routing table stores the best routes to
certain network destinations, the "routing metrics" associated with those routes, and the path to the
next hop router. See the routing article for a more detailed discussion of how this works.
Routing is most commonly associated with the Internet Protocol, although other less-popular
routed protocols are in use.
Router means Connection between different networks... sample example: 192.168.0.1 to
Classes of routing protocols
Depending on the relationship of the router relative to other autonomous systems, various
classes of routing protocols exist:
Interior Gateway Protocols (IGPs) exchange routing-information within a single autonomous
system. Common examples include:
IGRP (Interior Gateway Routing Protocol)
EIGRP (Enhanced Interior Gateway Routing Protocol)
OSPF (Open Shortest Path First)
RIP (Routing Information Protocol)
IS-IS (Intermediate System to Intermediate System)
Open Shortest Path First (OSPF)
The Open Shortest Path First (OSPF) protocol is a link-state, hierarchical interior gateway
protocol (IGP) for network routing. Dijkstra's algorithm is used to calculate the shortest path tree. It
uses path cost as its routing metric. Path cost is determined generally by the speed (aka bandwidth) of
the interface addressing the given route. A link state database (LSDB) is constructed as a tree-image of
the network topology, and identical copies of the LSDB are periodically updated on all routers in each
OSPF-aware area (region of the network included in an OSPF area type--see "Area types" below). By
convention, area 0 represents the core or "backbone" region of an OSPF-enabled network, and other
OSPF area numbers may be designated to serve other regions of an enterprise (large, business)
network--however every additional OSPF area must have a direct connection to the backbone or 0
OSPF is perhaps the most widely-used IGP in large networks. The most widely-used (EGP)
exterior gateway protocol is BGP. OSPF Protocol can operate (communicate with other routers about
"best-path" routes to save in their LSDBs) securely, using MD5 to authenticate peers before forming
adjacencies, and before accepting link-state advertisements (LSA). A natural successor to the Routing
Information Protocol (RIP), it was VLSM-capable or classless from its inception. A newer version of
OSPF (OSPFv3) now supports IPv6 as well. Multicast extensions to OSPF, the Multicast Open
Shortest Path First (MOSPF) protocols, have been defined, but these are not widely used at present.
OSPF can "tag" routes, and propagate the tags along with the routes.
An OSPF network can be broken up into smaller networks. A special area called the backbone
area forms the core of the network, and other areas are connected to it. Inter-area routing goes via the
backbone. All areas must connect to the backbone; if no direct connection is possible, a virtual link
may be established.
Routing Information Protocol (RIP)
The Routing Information Protocol (RIP) is one of the most commonly used interior gateway
protocol (IGP) routing protocols on internal networks (and to a lesser extent, networks connected to
the Internet), which helps routers dynamically adapt to changes of network connections by
communicating information about which networks each router can reach and how far away those
Although RIP is still actively used, it is generally considered to have been made obsolete by
routing protocols such as OSPF and IS-IS. Nonetheless, a somewhat more capable protocol in the
same basic family (distance-vector routing protocols), was Cisco's proprietary (IGRP) Interior
Gateway Routing Protocol. IGRP in turn has been 'enhanced' by Cisco to EIGRP.
RIP is sometimes said to stand for Rest in Pieces in reference to the reputation that RIP has for
breaking unexpectedly, rendering a network unable to function.
Intermediate system to intermediate system (IS-IS)
Intermediate system to intermediate system (IS-IS), is a protocol used by network devices
(routers) to determine the best way to forward datagrams or packets through a packet-based network, a
process called routing.
IS-IS is an Interior Gateway Protocol (IGP) meaning that it is intended for use within an
administrative domain or network. It is not intended for routing between networks or administrative
domains, a job which is the purpose of an Exterior Gateway Protocol, such as Border Gateway
IS-IS is a link-state routing protocol, meaning that it operates by reliably flooding topology
information throughout a network of routers. Each router then independently builds a picture of the
network's topology. Packets or datagrams are forwarded based on the best topological path through the
network to the destination. IS-IS uses Dijkstra's algorithm for identifying the best path through the
Interior Gateway Routing Protocol (IGRP)
Interior Gateway Routing Protocol (IGRP) is a kind of IGP which is a distance-vector routing
protocol invented by Cisco, used by routers to exchange routing data within an autonomous system.
IGRP was created in part to overcome the limitations of RIP (maximum hop count of only 16,
and a single routing metric) when used within large networks. IGRP supports multiple metrics for each
route, including bandwidth, load, delay, MTU, and reliability; to compare two routes these metrics are
combined together into a single metric, using a formula which can be adjusted through the use of pre-
set constants. The maximum hop count of IGRP-routed packets is 255 (default 100).
IGRP is considered a classful routing protocol. As the protocol has no field for a subnet mask
the router assumes that all interface addresses have the same subnet mask as the router itself. This
contrasts with classless routing protocols that can use variable length subnet masks. Classful protocols
have become less popular as they are wasteful of IP address space.
The protocol is unique in its treatment of default routes, or gateways of last resort. Rather than
configuring a specific default gateway route, a network administrator must flag preexisting static
routes as candidates for a default route. If two or more default route candidates exists, IGRP calculates
the optimal default route based each route's metrics.
Enhanced Interior Gateway Routing Protocol (EIGRP)
Enhanced Interior Gateway Routing Protocol (EIGRP) is a Cisco proprietary routing protocol
loosely based on their original IGRP. EIGRP is an advanced distance-vector routing protocol, with
optimizations to minimize both the routing instability incurred after topology changes, as well as the
use of bandwidth and processing power in the router.
Most of the routing optimizations are based on the Diffusing Update Algorithm (DUAL) work
from SRI, which guarantees loop-free operation. In particular, DUAL avoids the "count to infinity"
behaviour common in distance-vector routing protocols when a destination becomes completely
unreachable. The maximum hop count of EIGRP-advertised routes (i.e. destination networks) is 220.
EIGRP has a lower maximum hop count than IGRP, 220 for EIGRP and 255 for IGRP.
TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication
language or protocol of the Internet. It can also be used as a communications protocol in a private
network (either an intranet or an extranet). When you are set up with direct access to the Internet, your
computer is provided with a copy of the TCP/IP program just as every other computer that you may
send messages to or get information from also has a copy of TCP/IP.
TCP/IP is a two-layer program. The higher layer, Transmission Control Protocol, manages the
assembling of a message or file into smaller packets that are transmitted over the Internet and received
by a TCP layer that reassembles the packets into the original message. The lower layer, Internet
Protocol, handles the address part of each packet so that it gets to the right destination. Each gateway
computer on the network checks this address to see where to forward the message. Even though some
packets from the same message are routed differently than others, they'll be reassembled at the
TCP/IP uses the client/server model of communication in which a computer user (a client)
requests and is provided a service (such as sending a Web page) by another computer (a server) in the
network. TCP/IP communication is primarily point-to-point, meaning each communication is from
one point (or host computer) in the network to another point or host computer. TCP/IP and the higher-
level applications that use it are collectively said to be "stateless" because each client request is
considered a new request unrelated to any previous one (unlike ordinary phone conversations that
require a dedicated connection for the call duration). Being stateless frees network paths so that
everyone can use them continuously. (Note that the TCP layer itself is not stateless as far as any one
message is concerned. Its connection remains in place until all packets in a message have been
Many Internet users are familiar with the even higher layer application protocols that use
TCP/IP to get to the Internet. These include the World Wide Web's Hypertext Transfer Protocol
(HTTP), the File Transfer Protocol (FTP), Telnet (Telnet) which lets you logon to remote computers,
and the Simple Mail Transfer Protocol (SMTP). These and other protocols are often packaged together
with TCP/IP as a "suite."
What is VOIP?
Voice over IP – the transmission of voice over packet-switched IP networks – is one of
the most important emerging trends in telecommunications. As with many new technologies, VOIP
introduces both security risks and opportunities. Lower cost and greater flexibility are among the
promises of VOIP for the enterprise, but the technology presents security administrators with
significant security challenges. Administrators may mistakenly assume that since digitized voice
travels in packets, they can simply plug VOIP components into their already-secured networks and
remain secure. Unfortunately,the process is not that simple. This publication explains the challenges of
VOIP security for agency and commercial users of VOIP, and outlines steps needed to help secure an
organization’s VOIP network. VOIP security considerations for the public switched network are
largely outside the scope of this document.
VOIP systems take a wide variety of forms, including traditional telephone handsets,
conferencing units, and mobile units. In addition to end-user equipment, VOIP systems include a
variety of other components, including call processors/call managers, gateways,routers, firewalls, and
protocols. Most of these components have counterparts used in data networks, but the performance
demands of VOIP mean that ordinary network software and hardware must be supplemented with
special VOIP components. Not only does VOIP require higher performance than most data systems,
critical services, such as Emergency 911 must be accommodated. One of the main sources of
confusion for those new to VOIP is the (natural) assumption that because digitized voice travels in
packets just like other data, existing network architectures and tools can be used without change.
Packet networks depend for their successful operation on a large number of configurable
parameters: IP and MAC (physical) addresses of voice terminals, addresses of routers and firewalls,
and VOIP specific software such as call processing components (Call Managers) and other programs
used to place and route calls. Many of these network parameters are established dynamically every
time network components are restarted, or when a VOIP telephone is restarted or added to the
network. Because there are so many places in a network with dynamically configurable parameters,
intruders have a wide array of potentially vulnerable points to attack.
Overview of VoIP
Many readers who have a good understanding of the Internet and data communications
technology may have little background in transmitting voice or real-time imaging in a packet-switched
environment. One of the main sources of confusion for those new to VOIP is the (natural) assumption
that because digitized voice travels in packets just like other data, existing network architectures and
tools can be used without change for voice transmission. Unfortunately, VOIP adds a number of
complications to existing network technology, and these problems are complicated by security
considerations. Most of this report is focused on how to overcome the complications introduced by
security requirements for VOIP.
For several years, VOIP was a technology prospect, something on the horizon for the ―future
works‖ segment of telephony and networking papers. Now, however, telecommunications companies
and other organizations have already or are in the process of moving their telephony infrastructure to
their data networks. The VOIP solution provides a cheaper and clearer alternative to traditional PSTN
phone lines.Unfortunately, although its implementation is widespread, the technology is still very
much in its adolescence. It is growing in quick spurts throughout North America and Europe, but it is
still awkwardly implemented on most legacy networks, and often lacks compatibility and continuity
with existing systems. Nevertheless, VOIP will capture a significant portion of the telephony market,
given the fiscal savings and flexibility that it can provide.
Security concerns are nothing new for voice. Legacy phone systems have had trouble with toll
fraud for decades.
Businesses of all sizes adopting IP telephony need to seriously consider its security
implications. But while a number of threats exist, three stand out as the most dangerous, particularly to
smaller organisations: denial of service, spit and fraud.
VOIP Security (Another expln)
From the combination of these networks comes an interesting convergence of the attacks
against them. Just as the two networks are amalgamating into one, so are two branches of the hacking
community. In the past, ―phone phreaks‖ devised and implemented attacks against the public
telephone system, exploiting features that allowed them to make long distance calls for free, eavesdrop
on conversations, and conduct other malicious activities. Phreaking developed according to the same
principle as hacking, that the best way to learn about a system is to exploit it. The tools developed by
these early attackers often exploited the phone company’s use of in-band signaling, that is, using the
same lines and protocols for signaling information as for voice communication. One of the most
famous of these devices was use of a whistle from a Captain Crunch cereal box that produced a
frequency (2600 Hz) that enabled the phreaker to make free calls.
With the introduction of VOIP, the need for security is compounded because now we must
protect two invaluable assets, our data and our voice. Federal government agencies are required by law
to protect a great deal of information, even if it is unclassified. Both privacy-sensitive and financial
data must be protected, as well as other government information that is categorized as sensitive but
unclassified. Protecting the security of conversations is thus required. In a conventional office
telephone system, security is a more valid assumption. Intercepting conversations requires physical
access to telephone lines or compromise of the office private branch exchange (PBX). Only
particularly security-sensitive organizations bother to encrypt voice traffic over traditional telephone
lines. The same cannot be said for Internet-based connections. For example, when ordering
merchandise over the phone, most people will read their credit card number to the person on the other
end. The numbers are transmitted without encryption to the seller. In contrast, the risk of sending
unencrypted data across the Internet is more significant. Packets sent from a user’s home computer to
an online retailer may pass through 15-20 systems that are not under the control of the user’s ISP or
the retailer.Because digits are transmitted using a standard for transmitting digits out of band as
special messages, anyone with access to these systems could install software that scans packets for
credit card information. For this reason, online retailers use encryption software to protect a user’s
information and credit card number. So it stands to reason that if we are to transmit voice over the
Internet Protocol, and specifically across the Internet, the same security measures utilized in this
scenario must be applied.The current Internet architecture does not provide the same physical wire
security as the phone lines. The key to securing VOIP is to use the security mechanisms already
deployed in data networks (firewalls, encryption, etc.) to emulate the security level currently enjoyed
by PSTN network users. This report investigates the attacks and defenses relevant to VOIP and
explores ways to close the security gap between today’s telephones and data networks.