IP DNS Password

4/1/24
Chapter:
IP & DNS
32
What is an IP Address?
• An IP address is a unique global address for a network interface
• An IP address:
- is a 32 bit long identifier
- encodes a network number (network prefix)
and a host number
33
Digitally signed by
Dr. Nirmalya Dr. Nirmalya Kar 1
Kar Date: 2024.04.01
10:39:26 +05'30'
4/1/24
IP addresses use hierarchy to scale routing
• Postal envelopes should show clearly delineated NJ
zip codes.
• Q: How to identify the prefix from a 32-bit IP

address?
• Two methods:
• Old: Classful addressing
• New: Classless addressing (also called
classless inter-domain routing, or CIDR)
34
Example: Telephone Numbers
1-617-373-1234
35 3278
Very General
West Village
West Village G
H
Room1234
Room 256
Updates are Local Very Specific

35
2
4/1/24
Dotted Decimal Notation
• IP addresses are written in a so-called dotted decimal notation

• Each byte is identified by a decimal number in the range [0..255]:
• Example:
10000000 10001111 10001001 10010000

1st Byte 2nd Byte 3rd Byte 4th Byte
= 128 = 143 = 137 = 144
128.143.137.144
36
IP Addressing and Forwarding

qRouting Table Requirements
37 o For every possible IP, give the next hop
o But for 32-bit addresses, 232 possibilities!
o Too slow: 48GE ports and 4x10GE needs 176Gbps
bandwidth
DRAM: ~1-6 Gbps; TCAM is fast, but 400x cost of DRAM
qHierarchical address scheme
• Separate the address into a network and a host
0 31
Pfx Network Host
Known by Known by edge

all routers (LAN) routers
37
3
4/1/24
Network prefix and Host number
• The network prefix identifies a network and the host number identifies a
specific host (actually, interface on the network).
network prefix host number
• How do we know how long the network prefix is?

• The network prefix is implicitly defined (see class-
based addressing)
• The network prefix is indicated by a netmask.
38
Example
• Example: ellington.cs.virginia.edu
128.143 137.144
• Network id is: 128.143.0.0

• Host number is: 137.144
• Network mask is: 255.255.0.0 or ffff0000
• Prefix notation: 128.143.137.144/16

• Network prefix is 16 bits long
39
4
4/1/24
The old way: Classful IP Adresses
• When Internet addresses were standardized (early 1980s), the Internet

address space was divided up into classes:
• Class A: Network prefix is 8 bits long
• Class B: Network prefix is 16 bits long
• Class C: Network prefix is 24 bits long
• Each IP address contained a key which identifies the class:

• Class A: IP address starts with “0”
• Class B: IP address starts with “10”
• Class C: IP address starts with “110”
40
The old way: Internet Address Classes
bit # 0 1 7 8 31
Class A 0
Network Prefix Host Number
8 bits 24 bits
bit # 0 1 2 15 16 31
Class B 10 network id host

16 bits 16 bits
bit # 0 1 2 3 23 24 31
Class C 110 network id host

24 bits 8 bits
41
5
4/1/24
The old way: Internet Address Classes
bit # 0 1 2 3 4 31
Class D 1110 multicast group id
bit # 0 1 2 3 4 5 31
Class E 11110 (reserved for future use)
• We will learn about multicast addresses later in this course.
42
Classful IPv4 addressing

Class 32 bits
A 0 Net Host 0.x.x.x – 127.x.x.x

Unicast: single endpoint dest
B 10 Net Host 128.x.x.x – 191.x.x.x

C 110 Net Host 192.x.x.x – 223.x.x.x

D 1110 Multicast address 224.x.x.x – 239.x.x.x
Destination is a group of hosts
E 1111 Reserved 240.x.x.x – 255.x.x.x
8 bit 16 bit 24 bit First octet of IP address gives
prefix prefix prefix you the prefix length.
43
6
4/1/24
Classful IPv4 addressing

• Class A:
• For very large organizations
• 224 = 16 million hosts allowed
• Class B:
• For large organizations
• 216 = 65 thousand hosts allowed
• Class C
• For small organizations
• 28 = 255 hosts allowed
• Class D
• Multicast addresses
• No network/host hierarchy
45
How Do You Get IPs?
• IP address ranges controlled by IANA

46
• Internet Assigned Number Authority

• Roots go back to 1972, ARPANET, UCLA
• Today, part of ICANN
• IANA grants IPs to regional authorities
• ARIN (American Registry of Internet Numbers) may grant you a range of
IPs
• You may then advertise routes to your new IP range
• There are now secondary markets, auctions, …
46
7
4/1/24
Two Level Hierarchy
47
Networ
Pfx Host
k
Subtree size
determined by …
network class
47
Class Sizes
48
Way too big
Class Prefix Network Number of Classes Hosts per Class
Bits Bits
A 1 7 27 – 2 = 126 224 – 2 = 16,777,214
(0 and 127 are (All 0 and all 1 are reserved)
reserved)
B 2 14 214 = 16,398 216 – 2 = 65,534
(All 0 and all 1 are reserved)
C 3 21 221 = 2,097,512 28 – 2 = 254
(All 0 and all 1 are reserved)
Total: 2,114,036
Too many Too small to

network IDs be useful
48
8
4/1/24
Class Sizes
49
49
Problems with Classful IP Addresses
• The original classful address scheme had a number of

problems
Problem 1. Too few network addresses for large

networks
• Class A and Class B addresses are gone
Problem 2. Two-layer hierarchy is not appropriate for

large networks with Class A and Class B
addresses.
• Fix #1: Subnetting
50
9
4/1/24
Problem 3. Inflexible. Assume a company requires 2,000

addresses
• Class A and B addresses are overkill
• Class C address is insufficient (requires 8
Class C addresses)
• Fix #2: Classless Interdomain Routing

(CIDR)
51
Problem 4: Exploding Routing Tables: Routing on the

backbone Internet needs to have an entry for each network
address. In 1993, the size of the routing tables started to
outgrow the capacity of routers.
• Fix #2: Classless Interdomain Routing

(CIDR)
52
10
4/1/24
Problem 5. The Internet is going to outgrow the 32-

bit addresses
• Fix #3: IP Version 6
53
Subnetting
• Problem: Organizations have

multiple networks which are
University Network
independently managed
ü Solution 1: Allocate one or Engineering Medical
more Class C address for School School
each network
• Difficult to manage Library
• From the outside of the
organization, each network
must be addressable.
ü Solution 2: Add another level of
hierarchy to the IP addressing Subnetting
structure
54
11
4/1/24
Basic Idea of Subnetting
• Split the host number portion of an IP address into a subnet number

and a (smaller) host number.
• Result is a 3-layer hierarchy
network prefix host number
network prefix subnet number host number
extended network
prefix
• Then:
• Subnets can be freely assigned within the organization
• Internally, subnets are treated as separate networks
• Subnet structure is not visible outside the organization
55
Subnet Masks
• Routers and hosts use an extended network prefix (subnet mask) to identify
the start of the host numbers
Class B 10 network host

16 bits
Network Prefix (16 bits)
with 10 network subnet host

subnetting
Extended Network Prefix (24 bits)
Subnet
mask 1111111111111111111111100000000
(255.255.255.0)
* There are different ways of subnetting. Commonly used netmasks for university networks with /16 prefix
(Class B) are 255.255.255.0 and 255.255.0.0
56
12
4/1/24
N-Level Subnet Hierarchy
57
Pfx Network Subnet Host
…
• Tree does not have a fixed depth
…
• Increasingly specific subnet masks
Subtree size
determined by length …
of subnet mask
57
Example Routing Table
58 Address Pattern Subnet Mask Destination Router

0.0.0.0 0.0.0.0 Router 4
18.0.0.0 255.0.0.0 Router 2
128.42.0.0 255.255.0.0 Router 3
128.42.128.0 255.255.128.0 Router 5
128.42.222.0 2555.255.255.0 Router 1
¨ Question: 128.42.222.198 matches four rows

¤ Which router do we forward to?
¨ Longest prefix matching
¤ Use the row with the longest number of 1’s in the mask
¤ This is the most specific match
58
13
4/1/24
Subnetting Revisited
• Question: does subnetting solve all the problems of class-based routing?

59
NO
• Classes are still too coarse

• Class A can be subnetted, but only 126 available
• Class C is too small
• Class B is nice, but there are only 16,398 available
• Routing tables are still too big
• 2.1 million entries per router
59
Classless Inter Domain Routing
• CIDR, pronounced ‘cider’

60
• Key ideas:
• Get rid of IP classes
• Use bitmasks for all levels of routing
• Aggregation to minimize FIB (forwarding information base)
• Arbitrary split between network and host
• Specified as a bitmask or prefix length
• Example: Northeastern
• 129.10.0.0 with netmask 255.255.0.0
• 129.10.0.0 / 16
60
14
4/1/24
CIDR Example
• CIDR notation of a network address:

192.0.2.0/18
• "18" says that the first 18 bits are the network part of the
address (and 14 bits are available for specific host addresses)
• The network part is called the prefix
• Assume that a site requires a network address with 1000 addresses

• With CIDR, the network is assigned a continuous block of 1024 addresses with a 22-bit long
prefix
61
Example CIDR Routing Table
62
Address Netmask Third Byte Byte Range

207.46.0.0 19 000xxxxx 0 – 31
207.46.32.0 19 001xxxxx 32 – 63
207.46.64.0 19 010xxxxx 64 – 95
207.46.128.0 18 10xxxxxx 128 – 191
207.46.192.0 18 11xxxxxx 192 – 255
Hole in the Routing Table: No coverage for 96 – 127

207.46.96.0/19
62
15
4/1/24
CIDR Rules
q Address should be contiguous

63
q No of addresses in a block must be in power of 2
q First address of every block must be evenly divisible with size of block
63
We had a special day this summer!
• 512K day – August 12, 2014

64
• Default threshold size for IPv4 route data in older Cisco routers à 512K routes
• Some routers failed over to slower memory
• RAM vs. CAM (content addressable memory)
• Some routes dropped
• Cisco issues update in May anticipating this issue
• Reallocated some IPv6 space for IPv4 routes
• http://cacm.acm.org/news/178293-internet-routing-failures-bring-architecture-changes-
back-to-the-table/fulltext
64
16
4/1/24
Causes and solutions
• Traffic engineering
65 • Sometimes I want to announce different prefixes to different
neighbors (e.g., use multiple longer prefixes)
• Security
• E.g., announce two /9s in addition to a /8 to help prevent
dark-space hijacks
• New markets
• New networks in regions like Africa, Middle East, etc. with
their own prefixes
• Solutions
• Stop-gap: update router to reallocate IPv6 memory
• Route aggregation/prefix filtering
• Upgrade routers with more memory ($$$$)
65
Takeaways
66 • Hierarchical addressing is critical for scalability

• Not all routers need all information
• Limited number of routers need to know
about changes
• Non-uniform hierarchy useful for heterogeneous networks
• Class-based addressing is too course
• CIDR improves scalability and granularity
• Implementation challenges
• Longest prefix matching is more difficult than
schemes with no ambiguity
66
17
4/1/24
IP addresses: how to get one?
Q: How does a host get IP address?

A: Gets allocated portion of its provider ISP’s address space
• hard-coded by system admin in a file

• Windows: control-panel->network->configuration->tcp/ip->properties
• UNIX: /etc/rc.config
• DHCP: Dynamic Host Configuration Protocol: dynamically get address

from as server
• “plug-and-play”
67
The IPv4 Address Space Network Layer 4-67
68
68
18
4/1/24
DHCP: Dynamic Host Configuration Protocol
goal: allow host to dynamically obtain its IP address from

network server when it joins network
• can renew its lease on address in use
• allows reuse of addresses (only hold address while
connected/“on”)
• support for mobile users who want to join network (more
shortly)
DHCP overview:
• host broadcasts “DHCP discover” msg [optional]
• DHCP server responds with “DHCP offer” msg [optional]
• host requests IP address: “DHCP request” msg
• DHCP server sends address: “DHCP ack” msg
69
DHCP client-server scenario Network Layer 4-69
DHCP server: 223.1.2.5 DHCP discover arriving

client
src : 0.0.0.0, 68
Broadcast: is there a
dest.: 255.255.255.255,67
DHCPyiaddr:
server 0.0.0.0
out there?
transaction ID: 654
DHCP offer
src: 223.1.2.5, 67
Broadcast: I’m a DHCP
dest: 255.255.255.255, 68
server!
yiaddrr:Here’s an IP
223.1.2.4
transaction ID: 654
address you can use
lifetime: 3600 secs
DHCP request
src: 0.0.0.0, 68
dest:: 255.255.255.255, 67
Broadcast: OK. I’ll take
yiaddrr: 223.1.2.4
that IP address!
transaction ID: 655
lifetime: 3600 secs
DHCP ACK
src: 223.1.2.5, 67
dest: 255.255.255.255,
Broadcast: 68
OK. You’ve
yiaddrr: 223.1.2.4
got that IP address!
transaction ID: 655
lifetime: 3600 secs
71
19
Transport Layer 3-71
4/1/24
DHCP
client-server
scenario
72
DHCP: more than IP addresses Transport Layer 3-72
DHCP can return more than just allocated IP address on subnet:
§ address of first-hop router for client
§ name and IP address of DNS sever
§ network mask (indicating network versus host portion of

address)
73
20
Network Layer 4-73
4/1/24
DHCP: example
DHCP DHCP v connecting laptop needs
DHCP UDP its IP address, addr of
DHCP IP
DHCP Eth
first-hop router, addr of
Phy DNS server: use DHCP
DHCP
v DHCP request encapsulated in
UDP, encapsulated in IP,
DHCP DHCP 168.1.1.1 encapsulated in 802.1 Ethernet
DHCP UDP
DHCP IP
Eth
v Ethernet frame broadcast
DHCP router with DHCP
Phy server built into (dest: FFFFFFFFFFFF) on LAN,
router received at router running
DHCP server
v Ethernet demuxed to IP
demuxed, UDP demuxed
to DHCP
74
DHCP: example Network Layer 4-74
DHCP DHCP
• DCP server formulates
DHCP UDP DHCP ACK containing
DHCP IP client’s IP address, IP
DHCP Eth address of first-hop router
Phy
for client, name & IP
address of DNS server
v encapsulation of DHCP
DHCP DHCP server, frame forwarded
DHCP UDP to client, demuxing up
DHCP IP to DHCP at client
DHCP Eth router with DHCP
DHCP
Phy server built into v client now knows its IP
router address, name and IP
address of DSN server,
IP address of its first-
hop router
75
21
Network Layer 4-75
4/1/24
Dealing with scale

Question: what are the advantages of large scale?
r Take advantage of having to do similar things for others (caching)
r Fault tolerance:
m Large number of servers
m We have redundancy; multiple routes between sites
r Metcalfe’s law:
m “Value” of a network is proportional to square of number of things connected (bigger is better)
r Law of large numbers
m Allocation of resources based on average usage rather than peak
r Amortizing upgrade maintenance over a large population
m Popular network and services likely to be upgraded/improved
r Denial of service:
m Size/replication makes it harder to attack
m More generally, a system with replicated components is more survivable
76
Dealing with scale

Discussion: “For every type of animal there is a most convenient size, and a
large change in size inevitably carries with it a change of form.”
Question: True for networks? Why? How so? Examples?
r Ethernet doesn’t scale up: Geographical distance, speed of light delays
degrade performance of random access protocols. (geographic scaling).
Maybe scale with # users in geographically narrow net if bandwidth scales
with users
r As number of communicants scales, need to change/improve manner in
which to access communication channel
m Example: small number of students, versus 500-class lecture. Keeping bandwidth
fixed as # users scales
r Email versus HTTP
m Push systems work ok when small number of sender (email)
m Pull is better with large number of senders (http)
77
22
4/1/24
Dealing with scale

Discussion: “For every type of animal there is a most convenient size, and a large
change in size inevitably carries with it a change of form.”
Question: True for networks? Why? How so? Examples?
r Routing:
m Large number of users and optimal routes => requires lots of info to compute routes,
etc...
m Doesn’t scale
r Certain services become necessary when you get big
m Name storage/translation: DNS, phone books
r A single centralized site eventually breaks
m Need replication or other form of distribution
q As network gets bigger flooding breaks
o Use limited flooding, caching (Gnutella)
r Switched vs. routed networks
m Change from layer 2 switched networks to layer 3 routed networks as # users gets
bigger
78
IP addressing: the last word...
Q: how does an ISP get block of addresses?

A: ICANN: Internet Corporation for Assigned
Names and Numbers http://www.icann.org/
§ allocates addresses
§ manages DNS
§ assigns domain names, resolves disputes
79
23
Network Layer 4-79
4/1/24
IP Datagrams
q IP Datagrams are like a letter
81 o Totally self-contained
o Include all necessary addressing information
o No advanced setup of connections or circuits
0 4 8 12 16 19 24 31
Version HLen DSCP/ECN Datagram Length
Identifier Flags Offset
TTL Protocol Checksum
Source IP Address
Destination IP Address
Options (if any, usually not)
Data
81
IP Header Fields: Word 1

o Version: 4 for IPv4
82 o Header Length: Number of 32-bit words (usually 5)
o Type of Service: Priority information + Delay, Throughput, Reliability etc)
o Datagram Length: Length of header + data in bytes
0 4 8 12 16 19 24 31
TTL Protocol
Limits
Checksum
Source IP Address
packets to
65,535 bytes
Data
82
24
4/1/24

• Identifier: a unique number for the original datagram
83 • Flags: M flag, i.e. this is the last fragment
• Offset: byte position of the first byte in the fragment
• Divided by 8
0 4 8 12 16 19 24 31
Version HLen TOS Datagram Length
Source IP Address
Data
83

• Time to Live: decremented by each router
• Used to kill looping packets
84
• Protocol: ID of encapsulated protocol
• 6 = TCP, 17 = UDP
• Checksum
0 4 8 12 16 19 24 31
Source IP Address
Used to Destination IP Address
implement Options (if any, usually not)
trace route Data

84
25
4/1/24
IP Header Fields: Word 4 and 5
85 • Source and destination address

§ In theory, must be globally unique
§ In practice, this is often violated
0 4 8 12 16 19 24 31
Source IP Address
Data
85
Problem: Fragmentation
86
MTU = 4000 MTU = 2000 MTU = 1500
Datagram Dgram1 Dgram2 1 2 3 4
• Problem: each network has its own MTU

• DARPA principles: networks allowed to be heterogeneous
• Minimum MTU may not be known for a given path
• IP Solution: fragmentation
• Split datagrams into pieces when MTU is reduced
• Reassemble original datagram at the receiver
86
26
4/1/24
Fragmentation Example
87
MTU = 4000 MTU = 2000 MTU = 1500
Length = 2000, M = 1
Offset = 0
IP Data
Length = 3820, M = 0
20 1980
IP Hdr Data
20 3800 1980
Length = 1840, M = 0 + 1820
Offset = 1980 = 3800
IP Data
20 1820
87
Fragmentation Example
88
MTU = 2000 MTU = 1500
Length = 2000, M = 1 Length = 1500, M = 1

Offset = 0 Offset = 0
IP Data IP Data Length = 1500, M = 1
20 1980 20 1480 Offset = 1980
IP Data
Length = 520, M = 1
20 1480
1480
Offset = 1480 + 500
Length = 1840, M = 0
Offset = 1980 IP Data Length = 360, M = 0
= 1980
Offset = 3460
IP Data 20 500
IP Data
20 1820
20 340
88
27
4/1/24
IP Fragment Reassembly
89 Length = 1500, M = 1, Offset = 0 • Performed at destination

IP Data • M = 0 fragment gives us total data size
20 1480
• 360 – 20 + 3460 = 3800
Length = 520, M = 1, Offset = 1480
• Challenges:
IP Data
20 500 • Out-of-order fragments
Length = 1500, M = 1, Offset = 1980 • Duplicate fragments
IP Data • Missing fragments
20 1480
• Basically, memory management
Length = 360, M = 0, Offset = 3460 nightmare
IP Data
20 340
89
Fragmentation Concepts
• Highlights many key Internet characteristics

90
• Decentralized and heterogeneous
• Each network may choose its own MTU
• Connectionless datagram protocol
• Each fragment contains full routing information
• Fragments can travel independently, on different paths
• Best effort network
• Routers/receiver may silently drop fragments
• No requirement to alert the sender
• Most work is done at the endpoints
• i.e. reassembly
90
28
4/1/24
Fragmentation in Reality
• Fragmentation is expensive
91 • Memory and CPU overhead for datagram reconstruction

• Want to avoid fragmentation if possible
• MTU discovery protocol
• Send a packet with “don’t fragment” bit set
• Keep decreasing message length until one arrives
• May get “can’t fragment” error from a router, which will
explicitly state the supported MTU
• Router handling of fragments
• Fast, specialized hardware handles the common case
• Dedicated, general purpose CPU just for handling
fragments
91
The IPv4 Address Space Crisis

• Problem: the IPv4 address space is too small
92 • 232 = 4,294,967,296 possible addresses
• Less than one IP per person
• Parts of the world have already run out of addresses
• IANA assigned the last /8 block of addresses in 2011
Regional Internet
Region Registry (RIR) Exhaustion Date
Asia/Pacific APNIC April 19, 2011
Europe/Middle East RIPE September 14, 2012
North America ARIN 13 Jan 2015
South America LACNIC 13 Jan 2015
Africa AFRINIC 17 Jan 2022
92
29
4/1/24
IPv6
93 • IPv6, first introduced in 1998(!)

• 128-bit addresses
• 4.8 * 1028 addresses per person
• Address format
• 8 groups of 16-bit values, separated by ‘:’
• Leading zeroes in each group may be
omitted
• Groups of zeroes can be omitted using ‘::’
2001:0db8:0000:0000:0000:ff00:0042:8329
2001:0db8:0:0:0:ff00:42:8329
2001:0db8::ff00:42:8329
93
IPv6 Trivia
• Who knows the IP for localhost?

94
• 127.0.0.1
• What is localhost in IPv6?

• ::1
94
30
4/1/24
IPv6 Header
95 • Double the size of IPv4 (320 bits vs. 160 bits)
0 4 8 12 16 19 24 31
Version DSCP/ECN Flow Label
Datagram Length Next Header Hop Limit
VersionSame
= 6 as IPv4 Groups
Same as IPv4 Same as into Same as TTL
packets
Source IP Address
Protocol
flows, in
used in IPv4
IPv4
for QoS
95
Differences from IPv4 Header
• Several header fields are missing in IPv6

96
• Header length – rolled into Next Header field
• Checksum – was useless, so why keep it
• Identifier, Flags, Offset
• IPv6 routers do not support fragmentation
• Hosts are expected to use path MTU discovery
• Reflects changing Internet priorities
• Today’s networks are more homogeneous
• Instead, routing cost and complexity dominate
96
31
4/1/24
Performance Improvements
• No checksums to verify
97
• No need for routers to handle fragmentation
• Simplified routing table design
• Address space is huge
• No need for CIDR (but need for aggregation)
• Standard subnet size is 264 addresses
• Simplified auto-configuration
• Neighbor Discovery Protocol
• Used by hosts to determine network ID
• Host ID can be random!
97
Additional IPv6 Features
• Source Routing
98
• Host specifies the route to wants packet to take
• Mobile IP
• Hosts can take their IP with them to other networks
• Use source routing to direct packets
• Privacy Extensions
• Randomly generate host identifiers
• Make it difficult to associate one IP to a host
• Jumbograms
• Support for 4Gb datagrams
98
32
4/1/24
Deployment Challenges
99
HTTP, FTP, SMTP, RTP, IMAP, …
TCP, UDP, ICMP
IPv4
Ethernet, 802.11x, DOCSIS, …
Fiber, Coax, Twisted Pair, Radio, …
• Switching to IPv6 is a whole-Internet upgrade

• All routers, all hosts
• ICMPv6, DHCPv6, DNSv6
• 2013: 0.94% of Google traffic was IPv6, 2.5% today
99
Transitioning to IPv6
100 • How do we ease the transition from IPv4 to IPv6?

• Today, most network edges are IPv6 ready
• Windows/OSX/iOS/Android all support IPv6
• Your wireless access point probably supports
IPv6
• The Internet core is hard to upgrade
• … but a IPv4 core cannot route
IPv4
IPv6 traffic
IPv6
IPv6
Ready Only :( Ready
IPv6 Packets
Home Core Business
Network Internet Network
100
33
4/1/24
Transition Technologies
• How do you route IPv6 packets over an IPv4 Internet?

101
• Transition Technologies
• Use tunnels to encapsulate and route IPv6 packets
over the IPv4 Internet
• Several different implementations
• 6to4
• IPv6 Rapid Deployment (6rd)
• Teredo
• … etc.
101
6to4 Basics
• Problem: you’ve been assigned an IPv4 address, but you want an IPv6
102 address
• Your ISP can’t or won’t give you an IPv6 address
• You can’t just arbitrarily choose an IPv6 address
• Solution: construct a 6to4 address
• 6to4 addresses always start with 2002::
• Embed the 32-bit IPv4 inside the 128-bit IPv6
address
207 192
IPv4: 46. 0
. .
IPv6: 20 02: CF 2E: C0 00: 0000

102
34
4/1/24
Routing from 6to4 to 6to4
103 • How does a host using 6to4 send a packet to another host
using 6to4?
Dest: 2002:104F:0800::
Dest: 16.79.8.0
IPv4
Internet
IPv4 – 207.46.192.0 IPv4 – 16.79.8.0

IPv6 – 2002:CF2E:C000:: IPv6 – 2002:104F:0800::
103
Routing from 6to4 to Native IPv6

Special, anycasted
104
IPv4 address for
Dest: 1893:92:13:99:: 6to4 Relay Routers
Dest: 192. 88.99.1
IPv4
Internet
IPv4 – 192.88.99.1
IPv6 – 2002:: /16
IPv4 – 207.46.192.0
IPv6 – 2002:CF2E:C000::
IPv6
Many ISPs Internet
provide 6to4
relay routers
IPv6 – 1893:92:13:99::
104
35
4/1/24
Routing from Native IPv6 to 6to4
105
IPv4
Internet
IPv4 – 192.88.99.1
IPv6 – 2002:: /16
IPv4 – 207.46.192.0
IPv6 – 2002:CF2E:C000::
Dest: 207.46.192.0
IPv6
Dest: 2002:CF2E:C000::
Use normal IPv6 Internet
routing to reach
a 6to4 relay
router
IPv6 – 1893:92:13:99::
105
Problems with 6to4
• Uniformity
106
• Not all ISPs have deployed 6to4 relays
• Quality of service
• Third-party 6to4 relays are available
• …but, they may be overloaded or unreliable
• Reachability
• 6to4 doesn’t work if you are behind a NAT
• Possible solutions
• IPv6 Rapid Deployment (6rd)
• Each ISP sets up relays for its customers
• Does not leverage the 2002:: address space
• Teredo
• Tunnels IPv6 packets through UDP/IPv4 tunnels
• Can tunnel through NATs, but requires special relays
106
36
4/1/24
NAT: network address translation
rest of local network

Internet (e.g., home network)
10.0.0/24 10.0.0.1
10.0.0.4
10.0.0.2
138.76.29.7
10.0.0.3
all datagrams leaving local datagrams with source or

network have same single destination in this network
source NAT IP address: have 10.0.0/24 address for
138.76.29.7,different source source, destination (as usual)
port numbers
107
NAT: network address translation Network Layer 4-107
motivation: local network uses just one IP address as far as

outside world is concerned:
• range of addresses not needed from ISP: just one IP
address for all devices
• can change addresses of devices in local network without
notifying outside world
• can change ISP without changing addresses of devices in
local network
• devices inside local net not explicitly addressable, visible by
outside world (a security plus)
108
37
Network Layer 4-108
4/1/24
109
implementation: NAT router must:
• outgoing datagrams: replace (source IP address, port #) of

every outgoing datagram to (NAT IP address, new port #)
. . . remote clients/servers will respond using (NAT IP address,
new port #) as destination addr
• remember (in NAT translation table) every (source IP address,

port #) to (NAT IP address, new port #) translation pair
• incoming datagrams: replace (NAT IP address, new port #) in

dest fields of every incoming datagram with corresponding
(source IP address, port #) stored in NAT table
110
38
Network Layer 4-110
4/1/24

NAT translation table 1: host 10.0.0.1
2: NAT router WAN side addr LAN side addr
changes datagram sends datagram to
source addr from 138.76.29.7, 5001 10.0.0.1, 3345 128.119.40.186, 80
10.0.0.1, 3345 to …… ……
138.76.29.7, 5001,
updates table S: 10.0.0.1, 3345
D: 128.119.40.186, 80
10.0.0.1
1
S: 138.76.29.7, 5001
2 D: 128.119.40.186, 80 10.0.0.4
10.0.0.2
138.76.29.7 S: 128.119.40.186, 80
D: 10.0.0.1, 3345 4
S: 128.119.40.186, 80
D: 138.76.29.7, 5001 3 10.0.0.3
4: NAT router
3: reply arrives changes datagram
dest. address: dest addr from
138.76.29.7, 5001 138.76.29.7, 5001 to 10.0.0.1, 3345
111
NAT: network address translation Network Layer 4-111
112
39
Network Layer 4-112
4/1/24

• 16-bit port-number field:
• 60,000 simultaneous connections with a single LAN-side
address!
• NAT is controversial:
• routers should only process up to layer 3
• violates end-to-end argument
• NAT possibility must be taken into account by app designers, e.g., P2P
applications
• address shortage should instead be solved by IPv6
113
Network Layer 4-113

NAT traversal problem
v client wants to connect to server
with address 10.0.0.1
10.0.0.1
• server address 10.0.0.1 client
local to LAN (client can’t ?
use it as destination addr) 10.0.0.4
• only one externally visible
138.76.29.7 NAT
NATed address: 138.76.29.7
router
v solution1: statically configure
NAT to forward incoming
connection requests at given port
to server
• e.g., (123.76.29.7, port
2500) always forwarded to
10.0.0.1 port 25000
114
40
4/1/24

• solution 2: Universal Plug and
Play (UPnP) Internet Gateway 10.0.0.1
Device (IGD) Protocol. Allows
NATed host to: IGD
v learn public IP address
(138.76.29.7)
NAT
v add/remove port mappings router
(with lease times)
i.e., automate static NAT port

map configuration
115

• solution 3: relaying (used in Skype)
• NATed client establishes connection to relay
• external client connects to relay
• relay bridges packets between to connections
2. connection to
relay initiated 1. connection to 10.0.0.1
by client relay initiated
by NATed host
3. relaying
client established
138.76.29.7 NAT
router
116
41
4/1/24
Chapter : outline
4.1 introduction 4.5 routing algorithms
• link state
4.2 virtual circuit and datagram
networks • distance vector
• hierarchical routing
4.3 what’s inside a router
4.6 routing in the Internet
4.4 IP: Internet Protocol • RIP
• datagram format • OSPF
• IPv4 addressing
• BGP
• ICMP
• IPv6
4.7 broadcast and multicast routing
117
ICMP: internet control message protocol

Network Layer 4-117
• used by hosts & routers to

Type Code description
communicate network-level 0 0 echo reply (ping)
information 3 0 dest. network unreachable
• error reporting: unreachable 3 1 dest host unreachable
host, network, port, protocol 3 2 dest protocol unreachable
• echo request/reply (used by 3 3 dest port unreachable
ping) 3 6 dest network unknown
3 7 dest host unknown
• network-layer “above” IP: 4 0 source quench (congestion
control - not used)
• ICMP msgs carried in IP 8 0 echo request (ping)
datagrams 9 0 route advertisement
• ICMP message: type, code 10 0 router discovery
11 0 TTL expired
plus first 8 bytes of IP 12 0 bad IP header
datagram causing error
118
42
Network Layer 4-118
4/1/24
Tunneling
A B IPv4 tunnel E F
connecting IPv6 routers
logical view:
IPv6 IPv6 IPv6 IPv6
A B C D E F
physical view:
IPv6 IPv6 IPv4 IPv4 IPv6 IPv6
120
Tunneling Network Layer 4-120
A B IPv4 tunnel E F
connecting IPv6 routers
logical view:
IPv6 IPv6 IPv6 IPv6
A B C D E F
physical view:
IPv6 IPv6 IPv4 IPv4 IPv6 IPv6
flow: X src:B src:B flow: X

src: A dest: E src: A
dest: F
dest: E
dest: F
Flow: X Flow: X
Src: A Src: A
data Dest: F Dest: F data
data data
A-to-B: E-to-F:
B-to-C: B-to-C:
IPv6 IPv6
IPv6 inside IPv6 inside
IPv4 IPv4
121
43
Network Layer 4-121
4/1/24
MAC addresses and ARP

v 32-bit IP address:
• network-layer address for interface
• used for layer 3 (network layer) forwarding
v MAC (or LAN or physical or Ethernet) address:
• function: used ‘locally” to get frame from one interface to
another physically-connected interface (same network, in IP-
addressing sense)
• 48 bit MAC address (for most LANs) burned in NIC ROM, also
sometimes software settable
• e.g.: 1A-2F-BB-76-09-AD
hexadecimal (base 16) notation
(each “number” represents 4 bits)
123
LAN addresses and ARP Data Link Layer5-123
each adapter on LAN has unique LAN address
1A-2F-BB-76-09-AD
LAN
(wired or adapter
wireless)
71-65-F7-2B-08-53
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
124
44
Data Link Layer5-124
4/1/24
LAN addresses (more)
v MAC address allocation administered by IEEE

v manufacturer buys portion of MAC address space (to assure
uniqueness)
v analogy:
§ MAC address: like Aadhaar Number
§ IP address: like postal address
v MAC flat address ➜ portability
§ can move LAN card from one LAN to another
v IP hierarchical address not portable
§ address depends on IP subnet to which node is attached
125
ARP: address resolution protocol Data Link Layer5-125
Question: how to determine

interface’s MAC address,
knowing its IP address? ARP table: each IP node (host, router) on
LAN has table
137.196.7.78
§ IP/MAC address mappings for
some LAN nodes:
1A-2F-BB-76-09-AD
137.196.7.23 < IP address; MAC address; TTL>
137.196.7.14
§ TTL (Time To Live): time after which
LAN address mapping will be forgotten
71-65-F7-2B-08-53 (typically 20 min)
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
137.196.7.88
126
45
4/1/24
ARP protocol: same LAN

v A wants to send datagram to B v A caches (saves) IP-to-MAC
o B’s MAC address not in A’s address pair in its ARP table
ARP table. until information becomes old
v A broadcasts ARP query (times out)
packet, containing B's IP • soft state: information that times
address out (goes away) unless
refreshed
• dest MAC address = FF-FF-FF-
FF-FF-FF v ARP is “plug-and-play”:
• all nodes on LAN receive ARP • nodes create their ARP tables
query without intervention from net
administrator
v B receives ARP packet, replies
to A with its (B's) MAC address
• frame sent to A’s MAC address
(unicast)
127
ARP protocol in action Data Link Layer5-127
example: A wants to send datagram to B

• B’s MAC address not in A’s ARP table, so A uses ARP to find B’s MAC address
A broadcasts ARP query, containing B's IP addr

• destination MAC address = FF-FF-FF-FF-FF-FF Ethernet frame (sent to FF-FF-FF-FF-FF-FF)
1 • all nodes on LAN receive ARP query
C Source MAC: 71-65-F7-2B-08-53
Source IP: 137.196.7.23
Target IP address: 137.196.7.14
ARP table in A …
IP MAC TTL
TTL
addr addr A B
1
71-65-F7-2B-08-53 58-23-D7-FA-20-B0
137.196.7.23 137.196.7.14
128
46
4/1/24
ARP protocol in action

ARP message into Ethernet frame

(sent to 71-65-F7-2B-08-53)
C Target IP address: 137.196.7.14

Target MAC address:
58-23-D7-FA-20-B0
ARP table in A …
IP MAC TTL
TTL
addr addr A B
2
71-65-F7-2B-08-53 58-23-D7-FA-20-B0
137.196.7.23 137.196.7.14
2 B replies to A with ARP

response, giving its MAC
D address
129
ARP protocol in action

C
ARP table in A
IP addr MAC addr TTL
TTL
137.196. 58-23-D7-FA-20-B0 500
A B
7.14
71-65-F7-2B-08-53 58-23-D7-FA-20-B0
137.196.7.23 137.196.7.14
3 A receives B’s reply, adds B

entry into its local ARP table
D
130
47
4/1/24
Addressing: routing to another LAN

walkthrough: send datagram from A to B via R
• focus on addressing – at IP (datagram) and MAC layer (frame)
• assume A knows B’s IP address
• assume A knows IP address of first hop router, R (how?)
• assume A knows R’s MAC address (how?)
A B
R
111.111.111.111
222.222.222.222
74-29-9C-E8-FF-55
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B
111.111.111.112 111.111.111.110 222.222.222.221

CC-49-DE-D0-AB-7D E6-E9-00-17-BB-4B 88-B2-2F-54-1A-0F
131
Addressing: routing to another LAN Data Link Layer5-131
v A creates IP datagram with IP source A, destination B

v A creates link-layer frame with R's MAC address as dest, frame contains A-to-B IP
datagram
MAC src: 74-29-9C-E8-FF-55
MAC dest: E6-E9-00-17-BB-4B
IP src: 111.111.111.111
IP dest: 222.222.222.222
IP
Eth
Phy
A B
R
111.111.111.111
222.222.222.222
74-29-9C-E8-FF-55
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B
111.111.111.112 111.111.111.110 222.222.222.221

132
48
4/1/24
Routing to another subnet: addressing

walkthrough: sending a datagram from A to B via R
§ focus on addressing – at IP (datagram) and MAC layer (frame) levels
§ assume that:
• A knows B’s IP address
• A knows IP address of first hop router, R (how?)
• A knows R’s MAC address (how?)
A B
R
111.111.111.111
74-29-9C-E8-FF-55 222.222.222.222
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B
111.111.111.112 111.111.111.110
CC-49-DE-D0-AB-7D E6-E9-00-17-BB-4B 222.222.222.221
88-B2-2F-54-1A-0F
133

§ A creates IP datagram with IP source A, destination B
§ A creates link-layer frame containing A-to-B IP datagram
• R's MAC address is frame’s destination
MAC src: 74-29-9C-E8-FF-55
IP src: 111.111.111.111
IP dest: 222.222.222.222
IP
Eth
Phy
A B
R
111.111.111.111
74-29-9C-E8-FF-55 222.222.222.222
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B
111.111.111.112 111.111.111.110
CC-49-DE-D0-AB-7D E6-E9-00-17-BB-4B 222.222.222.221
88-B2-2F-54-1A-0F
134
49
4/1/24

§ frame sent from A to R
§ frame received at R, datagram removed, passed up
to IP
MAC src: 74-29-9C-E8-FF-55
IP src: 111.111.111.111
IP dest: 222.222.222.222
IP src: 111.111.111.111
IP dest: 222.222.222.222
IP IP
Eth Et
Phy h
Ph
A y
B
R
111.111.111.111
74-29-9C-E8-FF-55 222.222.222.222
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B
111.111.111.112 111.111.111.110
CC-49-DE-D0-AB-7D E6-E9-00-17-BB-4B 222.222.222.221
88-B2-2F-54-1A-0F
135

§ R determines outgoing interface, passes datagram with IP source A,
destination B to link layer
§ R creates link-layer frame containing A-to-B IP datagram. Frame destination
address: B's MAC address
MAC src: 1A-23-F9-CD-06-9B
MAC dest: 49-BD-D2-C7-56-2A
IP src: 111.111.111.111
IP dest: 222.222.222.222
IP
Et
h
Ph
A y
B
R
111.111.111.111
74-29-9C-E8-FF-55 222.222.222.222
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B
111.111.111.112 111.111.111.110
CC-49-DE-D0-AB-7D E6-E9-00-17-BB-4B 222.222.222.221
88-B2-2F-54-1A-0F
136
50
4/1/24

§ R determines outgoing interface, passes datagram with IP source A,
destination B to link layer
§ R creates link-layer frame containing A-to-B IP datagram. Frame destination
address: B's MAC address
§ transmits link-layer MAC dest: 49-BD-D2-C7-56-2A
IP src: 111.111.111.111
frame IP dest: 222.222.222.222
IP
IP Eth
Et Phy
h
Ph
A y
B
R
111.111.111.111
74-29-9C-E8-FF-55 222.222.222.222
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B
111.111.111.112 111.111.111.110
CC-49-DE-D0-AB-7D E6-E9-00-17-BB-4B 222.222.222.221
88-B2-2F-54-1A-0F
137

§ B receives frame, extracts IP datagram destination B
§ B passes datagram up protocol stack to IP
IP src: 111.111.111.111
IP dest: 222.222.222.222
IP
IP Eth
Et Phy
h
Ph
A y
B
R
111.111.111.111
74-29-9C-E8-FF-55 222.222.222.222
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B
111.111.111.112 111.111.111.110
CC-49-DE-D0-AB-7D E6-E9-00-17-BB-4B 222.222.222.221
88-B2-2F-54-1A-0F
138
51
4/1/24

v frame sent from A to R
v frame received at R, datagram removed, passed up to IP
MAC src: 74-29-9C-E8-FF-55

IP src: 111.111.111.111
IP dest: 222.222.222.222
IP src: 111.111.111.111
IP dest: 222.222.222.222
IP IP
Eth Et
Phy h
Ph
A y B
R
111.111.111.111
222.222.222.222
74-29-9C-E8-FF-55
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B
111.111.111.112 111.111.111.110 222.222.222.221

139
v R forwards datagram with IP source A, destination B

v R creates link-layer frame with B's MAC address as dest, frame contains A-
to-B IP datagram
IP src: 111.111.111.111
IP dest: 222.222.222.222
IP
IP Eth
Et Phy
h
Ph
A y B
R
111.111.111.111
222.222.222.222
74-29-9C-E8-FF-55
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B
111.111.111.112 111.111.111.110 222.222.222.221

140
52
4/1/24

v R creates link-layer frame with B's MAC address as dest, frame contains
A-to-B IP datagram
IP src: 111.111.111.111
IP dest: 222.222.222.222
IP
IP Eth
Et Phy
h
Ph
A y B
R
111.111.111.111
222.222.222.222
74-29-9C-E8-FF-55
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B
111.111.111.112 111.111.111.110 222.222.222.221

141

v R creates link-layer frame with B's MAC address as dest, frame contains A-to-
B IP datagram MAC src: 1A-23-F9-CD-06-9B
IP src: 111.111.111.111
IP dest: 222.222.222.222
IP
Eth
Phy
A B
R
111.111.111.111
222.222.222.222
74-29-9C-E8-FF-55
49-BD-D2-C7-56-2A
222.222.222.220
1A-23-F9-CD-06-9B
111.111.111.112 111.111.111.110 222.222.222.221

142
53
4/1/24
Chapter : outline
2.1 principles of network 2.6 P2P applications

applications 2.7 socket programming
• app architectures with UDP and TCP
• app requirements
2.2 Web and HTTP
2.3 FTP
2.4 electronic mail
• SMTP, POP3, IMAP
2.5 DNS
143
DNS: domain name system Application Layer 2-143
people: many identifiers: Domain Name System:

• SSN, name, passport # • distributed database
Internet hosts, routers: implemented in hierarchy of
• IP address (32 bit) - many name servers
used for addressing • application-layer protocol: hosts,
datagrams name servers communicate to
• “name”, e.g., resolve names (address/name
www.yahoo.com - translation)
used by humans • note: core Internet
function, implemented as
Q: how to map between IP application-layer protocol
address and name, and vice
• complexity at network’s
versa ?
“edge”
144
54
Application Layer 2-144
4/1/24
DNS: services, structure

DNS services why not centralize DNS?
• hostname to IP address • single point of failure
translation • traffic volume
• host aliasing • distant centralized database
• canonical, alias names
• maintenance
• mail server aliasing
• load distribution A: doesn’t scale!
• replicated Web
servers: many IP
addresses
correspond to one
name
145
DNS: a distributed, hierarchical database Application Layer 2-145

Root DNS Servers
… …
com DNS servers org DNS servers edu DNS servers
pbs.org poly.edu umass.edu

yahoo.com amazon.com
DNS servers DNS serversDNS servers
DNS servers DNS servers
client wants IP for www.amazon.com; 1st approx:

• client queries root server to find com DNS server
• client queries .com DNS server to get amazon.com DNS server
• client queries amazon.com DNS server to get IP address for
www.amazon.com
146
55
4/1/24
DNS: root name servers

• contacted by local name server that can not resolve name
• root name server:
• contacts authoritative name server if name mapping not known
• gets mapping
• returns mapping to local name server
c. Cogent, Herndon, VA (5 other sites)
d. U Maryland College Park, MD k. RIPE London (17 other sites)
h. ARL Aberdeen, MD
j. Verisign, Dulles VA (69 other sites ) i. Netnod, Stockholm (37 other sites)
e. NASA Mt View, CA m. WIDE Tokyo

f. Internet Software C. (5 other sites)
Palo Alto, CA (and 48 other
sites)
a. Verisign, Los Angeles CA 13 root name

(5 other sites)
b. USC-ISI Marina del Rey, CA
“servers”
l. ICANN Los Angeles, CA
(41 other sites)
worldwide
g. US DoD Columbus,
OH (5 other sites)
147
TLD, authoritative servers Application Layer 2-147
top-level domain (TLD) servers:

• responsible for com, org, net, edu, aero, jobs, museums, and all top-
level country domains, e.g.: uk, fr, ca, jp
• Network Solutions maintains servers for .com TLD
• Educause for .edu TLD
authoritative DNS servers:
• organization’s own DNS server(s), providing authoritative hostname
to IP mappings for organization’s named hosts
• can be maintained by organization or service provider
148
56
4/1/24
Local DNS name server

• does not strictly belong to hierarchy
• each ISP (residential ISP, company, university) has one
• also called “default name server”
• when host makes DNS query, query is sent to its local DNS server
• has local cache of recent name-to-address translation pairs
(but may be out of date!)
• acts as proxy, forwards query into hierarchy
149
DNS name root DNS server Application Layer 2-149
resolution example
2
• host at cis.poly.edu 3
TLD DNS server
wants IP address for 4
gaia.cs.umass.edu
5
local DNS server

iterated query: dns.poly.edu
v contacted server 7 6
replies with name of 1 8
server to contact
v “I don’t know this authoritative DNS server
dns.cs.umass.edu
name, but ask this requesting host
server” cis.poly.edu
gaia.cs.umass.edu
150
57
4/1/24
DNS name root DNS server

resolution example
2 3
recursive query: 7
6
v puts burden of TLD DNS
name resolution on server
contacted name
local DNS server
server dns.poly.edu 5 4
v heavy load at upper 1 8
levels of hierarchy?
authoritative DNS server
dns.cs.umass.edu
requesting host
cis.poly.edu
gaia.cs.umass.edu
151
DNS: caching, updating records Application Layer 2-151
• once (any) name server learns mapping, it caches

mapping
• cache entries timeout (disappear) after some time
(TTL)
• TLD servers typically cached in local name servers
• thus root name servers not often visited
• cached entries may be out-of-date (best effort

name-to-address translation!)
• if name host changes IP address, may not be known
Internet-wide until all TTLs expire
• update/notify mechanisms proposed IETF standard
• RFC 2136
152
58
4/1/24
DNS records
DNS: distributed db storing resource records (RR)
RR format: (name, value, type, ttl)
type=A type=CNAME
§ name is hostname § name is alias name for some
§ value is IP address “canonical” (the real) name
§ www.ibm.com is really
type=NS
• name is domain (e.g., servereast.backup2.ibm.
foo.com) com
§ value is canonical name
• value is hostname of
authoritative name type=MX
server for this domain § value is name of mailserver
associated with name
153
DNS protocol, messages Application Layer 2-153
• query and reply messages, both with same message

format 2 bytes 2 bytes
msg header identification flags
v identification: 16 bit # for # questions # answer RRs

query, reply to query uses
same # # authority RRs # additional RRs
v flags:
questions (variable # of questions)
§ query or reply
§ recursion desired
§ recursion available answers (variable # of RRs)
§ reply is authoritative
authority (variable # of RRs)
additional info (variable # of RRs)
154
59
4/1/24
DNS protocol, messages
2 bytes 2 bytes
identification flags
# questions # answer RRs
# authority RRs # additional RRs
name, type fields

questions (variable # of questions)
for a query
RRs in response answers (variable # of RRs)
to query
records for
authority (variable # of RRs)
authoritative servers
additional “helpful” additional info (variable # of RRs)
info that may be used
155
Inserting records into DNS Application Layer 2-155
• example: new startup “Network Utopia”

• register name networkuptopia.com at DNS registrar (e.g.,
Network Solutions)
• provide names, IP addresses of authoritative
name server (primary and secondary)
• registrar inserts two RRs into .com TLD
server:
(networkutopia.com, dns1.networkutopia.com, NS)
(dns1.networkutopia.com, 212.212.212.1, A)
• create authoritative server type A record for

www.networkuptopia.com; type MX record for
networkutopia.com
156
60
4/1/24
Attacking DNS
DDoS attacks Redirect attacks
• Bombard root servers with • Man-in-middle
traffic • Intercept queries
• Not successful to date
• DNS poisoning
• Traffic Filtering
• Send bogus relies to DNS
• Local DNS servers cache IPs of server, which caches
TLD servers, allowing root
server bypass Exploit DNS for DDoS
• Bombard TLD servers • Send queries with spoofed
• Potentially more dangerous source address: target IP
• Requires amplification
157
158
61
4/1/24
Password
Authentication
& Protection
159
Passwords
Why Are They Important?
• Passwords are cheap to deploy, but also act as the first
line of defense in a security arsenal.
• They are also often the weakest link.
• Examples of what they protect:

• ATMs and bank accounts
• Nuclear power and other critical infrastructure systems
• Company proprietary information and systems
• Email accounts (Gmail, Hotmail, Yahoo, AOL, etc.)
• Student information (e.g. MyUalbany & WebCT)
160
62
Sanjay Goel & Damira Pon
University at Albany, School of Business/ NYS Center for Information Forensics and Assurance 160
4/1/24
Passwords
Authentication
• Passwords have been used for centuries, e.g. guards and
sentries
• Passwords = secret authentication code used for access.
αυθεντικός = real or genuine, from 'authentes' = author
• Answers the question: How do you prove to someone that
you are who you claim to be?
• Authentication methods:
• What you know (Passwords, Secret keys)
• Where you are (IP Addresses)
• What you are (Biometrics)
• What you have (Secure tokens)
161
Passwords
AAA of Password Security
• Authentication (& Identification)
• Establishes that the user is who they say they are
(credentials).
• Authorization
• The process used to decide if the authenticated person is
allowed to access specific information or functions.
• Access Control
• Restriction of access (includes authentication &
authorization)
162
63
4/1/24
Passwords
How Can Passwords Be Stored?
Filing System
Clear text
Dedicated Authentication Server

Clear text
Encrypted
Password + Encryption = bf4ee8HjaQkbw
Hashed
Password + Hash function =
aad3b435b51404eeaad3b435b51404ee
Salted Hash
(Username + Salt + Password) + Hash function =
e3ed2cb1f5e0162199be16b12419c012
163
Passwords
How Are Passwords Stored? - Hashing
• Usually stored as hashes (not plain text)
• Plain-text is converted into a message
digest through use of a hashing
algorithm (i.e. MD5, SHA)
164
64
4/1/24
Passwords
How Are Passwords Stored? - Hashing
• Hash function H must have some properties:

– One-way: given H(password), hard to find
password
• No known algorithm better than trial and error
– Collision-resistant: given H(password1), hard to

find password2 such that: H(password1) =
H(password2)
– It should even be hard to find any pair p1,p2 s.t.
H(p1)=H(p2)
165
Passwords
How Are Passwords Stored? – Early UNIX Systems
• In past UNIX systems, password used modified DES (encryption

algorithm) as if it were a hash function
• Encrypts NULL string using password as the key (truncates passwords to 8 characters!)
• Caused artificial slowdown: ran DES 25 times
• Also stored password file in directory: /etc/passwd/

• World-readable (anyone who accessed the machine would be able to copy the
password file to crack at their leisure)
• Contained userIDs/groupIDs used by many system programs
• Can instruct modern UNIXes to use MD5 hash function
166
65
4/1/24
Passwords
How Are Passwords Stored? - Newer UNIX Systems
• Password hashes stored in /etc/shadow directory (or similar)

• only readable by system administrator (root)
• Less sensitive information still in /etc/password
• Added expiration dates for passwords
• Early “shadow” implementations on Linux called the login program which

had a buffer overflow!
167
Passwords
How Are Passwords Stored? – Windows NT/2k/XP/Vista
• Uses 2 functions for “hashing” passwords:
1. LAN Manager hash (LM hash)
– Password is padded with zeros until there are 14 characters.
– It is then converted to uppercase and split into two 7-character pieces
– Each half is encrypted using an 8-byte DES (data encryption standard) key
– Result is combined into a 16-byte, one way hash value
2. NT hash (NT hash)
– Converts password to Unicode and uses MD4 hash algorithm to obtain a 16-byte value
• Hashes stored in Security Accounts Manager (SAM)

– Locked within system kernel when system is running.
– Location - C:\WINNT\SYSTEM32\CONFIG
• SYSKEY
– Utility which moves the encryption key for the SAM database off of the computer
168
66
4/1/24
Passwords
Impact on Security
• Simple hacking tools are available to anyone who looks for them on the
Internet.
• Tools such as LOphtCrack allow admittance into almost anyone's account
if a simple eight-digit password is used.
People are frightened when they learn that using only an eight-digit password with
standard numbers and letters will allow anyone to figure out their passwords in less than
two minutes when one downloads a publicly available tool like LOphtCrack from the
Internet. This was the kind of tool which we found
(in Al Qaeda’s arsenal), nothing terribly sophisticated.
- Richard Clark, Presidents Advisor on Cyber Security (2001-2003)
• Sometimes even hacking tools aren’t even necessary
169
Passwords
Threats to Password Security, Part 1
• Disclosure
• Voluntary disclosure of information
• Inadequate guarding of system passwords
• Inference
• Known pattern to creation of passwords
• Use of generated passwords with predictable algorithm
• Exposure
• Accidental release of password
• Loss
• Forgetting to remember passwords
• Can lead to creation of easy passwords
170
67
4/1/24
Passwords
Threats to Password Security, Part 2
• Snooping/Eavesdropping
• Keyloggers
• Network sniffing (intercepting of network
communication where a password is submitted)
• Guessing
• Limited amount of choices which can be figured out
through process of elimination
• Use of blank/common passwords, passwords which
can be figured out by knowing name of relatives,
pets, etc.
• Cracking
• Automated “guessing”
171
Passwords
Why Cracking is Possible
• Passwords are NOT truly random

– 52 upper/lowercase letters, 10 digits, and 32 punctuation
symbols equals » 6 quadrillion possible 8-character
passwords
– People like to use dictionary words, relative and pet names
equaling » 1 million common passwords
– On average, each person has 8-12 passwords:
– Different systems impose different password requirements.
– Passwords need to be changed often.
– Some passwords are only used occasionally.
172
68
4/1/24
Passwords
Types of Password Cracking
• Dictionary Attack
– Quick technique that tries every word in a specific dictionary
• Hybrid Attack
– Adds numbers or symbols to the end of a word
• Brute Force Attack

• Tries all combinations of letters, numbers & symbols
• Popular programs for Windows password cracking

– LophtCrack (discontinued by Symantec when acquired @stake)
– Cain & Abel (UNIX)
– John the Ripper (UNIX)
– Sam Inside
173
Passwords
Cracking Protection - Salting
• Salting requires adding a random piece of data and to the password
before hashing it.
• This means that the same string will hash to different values at different
times
• Users with same password have different entries in the password file
• Salt is stored with the other data as a complete hash
• Hacker has to get the salt add it to each possible word and then
rehash the data prior to comparing with the stored password.
174
69
4/1/24
175
Passwords
Cracking Protection - Salting Advantages
• Without salt, attacker can • With salt, attacker

precompute hashes of all must compute
dictionary words once for hashes of all
all password entries dictionary words once
• Same hash function on all for each password
UNIX machines entry
• Identical passwords hash – With 12-bit random
to identical values; one salt, same password
table of hash values can be can hash to 212
used for all password files different hash values
– Attacker must try all
dictionary words for
each salt value in the
password file
176
70
4/1/24
177
Passwords
Cracking Protection - Iteration Count
• The same password can be rehashed many times over to
make it more difficult for the hacker to crack the password.
• This means that the precompiled dictionary hashes are not
useful since the iteration count is different for different
systems
• Dictionary attack is still possible!
178
71
4/1/24
Passwords • TIME STAMP

– The authentication from
Authentication Protocols the client to server must
have time-stamp
embedded
• TRANSFORMED PASSWORD – Server checks if the time
is reasonable
• Password transformed using – Protects against replay
one way function before – Depends on
transmission synchronization of clocks
• Prevents eavesdropping but on computers
not replay
• ONE-TIME PASSWORD
– New password obtained
• CHALLENGE-RESPONSE by passing user-
• Server sends a random value password through one-
(challenge) to the client along way function n times
with the authentication request. which keeps
This must be included in the incrementing
response – Protects against replay
as well as eavesdropping
• Protects against replay
179
Passwords
Challenge Response
• User and system share a – Freshness: if challenge is

secret key fresh and unpredictable,
attacker on the network
• Challenge: system cannot replay an old
presents user with some response
string – For example, use a
• Response: user computes fresh random
response based on secret number for each
challenge
key and challenge
• Good for systems with
• Secrecy: difficult to recover
key from response pre-installed secret keys
– One-way hashing or – Car keys; military friend-
symmetric encryption or-foe identification
work well
180
72
4/1/24
Passwords
Personal Token Authentication
• Personal Tokens are hardware – Storage Token: A secret value
devices that generate unique that is stored on a token and
strings that are usually used in is available after the token has
conjunction with passwords for been unlocked using a PIN
authentication – Synchronous One-time
Password Generator:
• A variety of different physical
Generate a new password
forms of tokens exist
periodically (e.g. each minute)
• e.g. hand-held devices, Smart
based on time and a secret
Cards, PCMCIA cards, USB
tokens code stored in the token
– Challenge-response: Token
• Different types of tokens exist: computes a number based on
a challenge value sent by the
server
– Digital Signature Token:
Contains the digital signature
private key and computes a
computes a digital signature
on a supplied data value
181
Passwords
Improving Security
• Password complexity • Single sign-on
– Case-sensitivity • User only has to remember
– Use of special characters, one password at a time and
numbers, and both upper yet can access all/most of their
and lower-case letters resources
– Minimum length • AKA Enterprise Reduced Sign-
requirements On (almost impossible to have
• Security questions one password used for
– Ask personal questions everything due to integration
which need to be verified issues)
– Some questions are very
easy to discover answers • Centralized password
• Virtual keyboard storage management
– Person clicks on-screen • Online sites accessible
keyboard to enter Single point through one password which
password (prevents of failure, but
contain all other passwords
easier to
keylogging)
remember
182
73
4/1/24
Passwords
Improving Security
• Graphical passwords • Other examples
• Goal: increase the size of – Click on a series of pictures in order
memorable password space – Drawing a picture
– Clicking four correct points on a
• Rely on the difficulty of picture
computer vision • Reading graphical text
• Face recognition is easy for – Requires user to input text based on
humans, harder for machines what is seen in the graphic. Attempts
to curb automated password crackers
• Present user with a sequence due to difficulty in distinguishing
of faces, he must pick the right letters/numbers
face several times in a row to – Scheme where users had to input text
log in based on graphics shown to “undress”
a picture
183
Passwords
Biometric/Behaviometric Authentication
• Uses certain biological

• Biological Examples
or behavioral – Fingerprint, Iris,
characteristics for Retina, Face, & Hand
authentication Recognition
• Biometric reader • Behavioral Examples
measures physiological
– Handwriting, Gait,
indicia and compares
them to specified values Typing Rhythm,
Mouse Gesture
• It is not capable of
securing information Recognition
over the network
184
74
4/1/24
Passwords
Biometric Considerations
Universality How commonly biometric is found

Uniqueness How well biometric distinguishes between others
Permanence How well biometric resists aging
Collectability How easy biometric is to acquire
Performance Accuracy, speed, and robustness of system
capturing biometric
Acceptability Degree of approval by the public for use
Circumvention How hard it is to fool authentication system
185
Passwords
Protection/Detection
Protection:
• Disable storage of LAN Manager hashes.
• Configure both Local and Domain Account Policies
(Password & Account Lockout Policies).
• Audit access to important files.
• Implement SYSKEY security on all systems.
• Set BIOS to boot first from the hard drive.
• Password-protect the BIOS.
• Enforce strong passwords!
• Change your passwords frequently.
• Use two or three factor authentication.
• Use one time passwords.
186
75
4/1/24
Passwords
Ten Common Mistakes
1. Leaving passwords blank or unchanged from default value.

2. Using the letters p-a-s-s-w-o-r-d as the password.
3. Using a favorite movie star name as the password.
4. Using a spouse’s name as the password.
5. Using the same password for everything.
6. Writing passwords on post-it notes.
7. Pasting a list of passwords under the keyboard.
8. Storing all passwords in an Excel spreadsheet on a PDA or inserting
passwords into a rolodex.
9. Writing all passwords in a personal diary/notebook.
10. Giving the password to someone who claims to be the system administrator.
187

188
76

IP DNS Password

Uploaded by

Copyright:

Available Formats

IP DNS Password

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IP DNS Password

Uploaded by

Copyright:

Available Formats

4/1/24

• An IP address is a unique global address for a network interface

IP addresses use hierarchy to scale routing

• Postal envelopes should show clearly delineated NJ

• Q: How to identify the prefix from a 32-bit IP

Example: Telephone Numbers

Updates are Local Very Specific

Dotted Decimal Notation

• IP addresses are written in a so-called dotted decimal notation

10000000 10001111 10001001 10010000

IP Addressing and Forwarding

Known by Known by edge

Network prefix and Host number

network prefix host number

• How do we know how long the network prefix is?

• Network id is: 128.143.0.0

• Prefix notation: 128.143.137.144/16

The old way: Classful IP Adresses

• When Internet addresses were standardized (early 1980s), the Internet

• Each IP address contained a key which identifies the class:

The old way: Internet Address Classes

Class B 10 network id host

Network Prefix Host Number

Class C 110 network id host

Network Prefix Host Number

The old way: Internet Address Classes

Class D 1110 multicast group id

Class E 11110 (reserved for future use)

• We will learn about multicast addresses later in this course.

Classful IPv4 addressing

A 0 Net Host 0.x.x.x – 127.x.x.x

B 10 Net Host 128.x.x.x – 191.x.x.x

C 110 Net Host 192.x.x.x – 223.x.x.x

Classful IPv4 addressing

How Do You Get IPs?

• IP address ranges controlled by IANA

• Internet Assigned Number Authority

Two Level Hierarchy

Too many Too small to

Problems with Classful IP Addresses

• The original classful address scheme had a number of

Problem 1. Too few network addresses for large

Problem 2. Two-layer hierarchy is not appropriate for

Problems with Classful IP Addresses

Problem 3. Inflexible. Assume a company requires 2,000

• Fix #2: Classless Interdomain Routing

Problems with Classful IP Addresses

Problem 4: Exploding Routing Tables: Routing on the

• Fix #2: Classless Interdomain Routing

Problems with Classful IP Addresses

Problem 5. The Internet is going to outgrow the 32-

• Fix #3: IP Version 6

• Problem: Organizations have

Basic Idea of Subnetting

• Split the host number portion of an IP address into a subnet number

network prefix subnet number host number

Class B 10 network host

with 10 network subnet host

N-Level Subnet Hierarchy

Example Routing Table