Design  | SFC  |  NOS  |  Code |  Diary  | WWW |  Essay |  Cisco | [Home]



[Bill's Home Page]
[ Old page]


Top financial losses due to security breaches:

1. Theft of equipment.
2. Financial fraud.
3. Viruses.
4. Insider net abuse.
5. Sabotage.
6. Unauthorized insider access.
7. Laptop theft.
8. Denial of service.
9. Active wiretapping.
10. Telecoms eavesdropping.

2000, CSI/FBI Computer Crime and Security Survey.
A week of DOS (Denial-of-Service) attacks:

1. Yahoo. 7 Feb 2000. The site was hit by a DOS attack which made it unavailable for up to three hours.
2., eBay, CNN and Amazon. 8 Feb 2000. eBay reached a 9% available for a few hours; only 5% of users could access the CNN site; Amazon's site was attacked for 30 minutes, where it took up to 5 minutes to access a page.
3. and Excite. 9 Feb 2000. The ZDNet site was down for two hours; the Excite site availability dropt to less than 50% for over two hours.

Do you have a comment on this essay? Send it here....


Click on me, if you just want to see the magazine

Date: Wednesday, 12 August 2001
Ed: Billatnapier
Source: Chapter 12, Mastering Computing
Price: £12 (UK)/ $16 (US) - Sorry about the increase in price
This is a special edition of the Internet Agent, and presents some of the most asked questions relating to the Internet. More information can be found in Mastering Computing.
[Show only magazine] [Previous edition]
Question: I'm confused, if a new server is switched on, how do all the computers in the world know how to connect to it?
Well every computer that connects to the Internet must have a unique IP address. Devices called routers intercommunicate with each other, and tell each other the best way to get to a destination. This is done dynamically, thus a new computer with a new IP address will be found, after the routers have had time to pass their information on.
It would be too difficult to remember all the IP addresses for all the sites that you require to access, thus a technique called Domain Name Services (DNS) is run on special servers. It is their task to resolve domain names (such as to IP addresses. As with routers, they act dynamically and pass information about new domain names, and changes in domains, onto each other. Thus they will update their information over time.

Question: Can a worm virus be resident on my computer, and try to spread itself to other computers that I connect to? Is so, how can I find it?
Yes. It is extremely difficult to stop worm vi-ruses spreading over a network. And now with the global Internet, viruses can spread around the world by the minute. An example of this is the W32/QAZ.worm virus which listens on TCP port 7597 for instructions from a remote client. It also communicates with the IP address of (which is physically located somewhere in China). These connections could allow a remote user to upload and run any program, which could be used to install a more complex backdoor or password-stealing pro-gram.
The worm spreads itself by browsing network connections to other machines that allow write access to their Windows folders over NetBIOS, without a password. It then copies itself with in notepad.exe program, and infects the connected computer when it is next booted.
In order to detect these ports, users should run the netstat program, to determine if there are any ports open, which are not meant to be open.

Question: Can devices have more than one IP address?
Yes. Many devices have more than one IP ad-dress. In fact each port that connects to a network must have an IP address. A good example of this is with routers, as they con-nect to two or more networks. Each of the ports of the router must have an IP address which relates to the network to which it con-nects to. For example if a router connects to three networks of:
then one IP address from each of the networks must be assigned to the router. Thus it could be assigned the following addresses for its ports:

Question: Can these addresses be used again for one of the hosts on the connected networks?
No way. No two ports on the Internet can have the same address.

Question: If I move my computer from one net-work to another, does the IP and MAC address stay the same, and what do I need to change?
The MAC address will not change as the network card stays with the computer. If the computer is moved to a different subnet or onto a completely different network, the IP address must change, or the data will be routed back to the wrong network. Data would leave the relocated computer, and would arrive at the destination, but any data coming back would be routed to the previ-ously attached network (and thus get lost). Another thing that is likely to change is the gateway. Nodes cannot communicate with the hosts outside their network if they do not know the IP address of the gateway (normally a router), thus if the network changes then the gateway is likely to be different.
The user may also have to set a new Domain Name Server (although a host can have several DNS entries). The first one listed in the DNS entries should be the one that is the most reliable and, possibly, the fastest.
Other changes may be to change the subnet mask (on a Class B network, with a subnet this is typically

Question: How does my computer know how to connect to these DNS thingies?
Your computer is typically automatically setup with the address of the DNS server that it should connect to. In many organizations this is set to a local one. In fact DNS is so important that you will typically have another server as a backup, just in case that the main one crashes. If you connect to an ISP it is typical not to have an address set for the DNS server. In this case the computer sends a broadcast message for a DNS request into the local network connection, and the closest DNS server responds.

Question: My local network connection is Ethernet, but I hear that ATM is used to provide a good deal of the backbone for the Internet. Explain what ATM does that Ethernet doesn't do.
Well Ethernet basically just sends out data frames onto the network without even knowing if the data is going to be received. There's no connection between the sender and the receiver. Also there's no guarantee that it will get to the destination in the required time. ATM does it differently as it will go and make a connection with the destination, and then determine the best route through the net-work to support the required quality of service, such as for latency, bandwidth requirement, and maximum error rate. ATM really works like the phone server. When you phone someone you do not make a connection until they answer the phone. Once they have answered the phone the connection has been made, and the path between the initiator and the acceptor has been defined.
Outside LANs, ATM is becoming is most widely used networking technology, as it integrates many forms of data. Ethernet was only really designed for computer-type data. It thus provides for reliable error-free communications, as this is the main requirement for computer data. When it comes to delays on the network, it cannot guarantee anything, as all the nodes on the network must contend to get onto it. Thus it is easy for the network to become swamped with data frames. ATM does not allow this as it will reserve the correct route for the data, and will not assign other data routes to the same route if they are likely to swamp any of the existing connections.
Also Ethernet sometimes uses rather large data frame sizes (up to 1500 bytes), where ATM uses small 53 byte cells, which should be easier to route through a network.

Question: Apart from increasing the number of IP addresses, why change the format, The Internet works, doesn't it, so why change it?
Ah. Your perception of the Internet is based on what's available now. Few technologies have expanded so fast, and without virtually any inputs from the governments of the world. Look at the world-wide telephone system infrastructure, if it was based on the system that we had thirty years ago there's no way we could communicate as efficiently as we do. The Internet must do the same, if it is to keep pace with the increase in users, devices and the amount of information that can be transferred. At present, you possibly imagine that the Internet is an infrastructure of computers that have big boxes and sit on your desk, and are congregated around servers, and ISPs. In ten or twenty years this perception will change, and com-puters will almost become invisible, as will the Internet. To cope with this change we need a different infrastructure. To do this we need to identify its weaknesses:
The Internet and its addressing structure was never really designed to be a global infrastruc-ture and is constraining the access to resources and information.
Information and databases tend to be static, and fixed to location.
Difficult to group individual objects into larger objects.
Difficult to add resources to the Internet (requires an ISP and a valid IP address).
Search engines are not very good at gathering relevant information. On the WWW, typically users get pages of irrelevant information, which just happens to have the keyword which they are searching for.
Resources are gathered around local servers.
Resources are tied to locations with an IP address.
IP addresses are not logically organized. The IP address given does not give any information about the geographical location of the destination. This then requires complex routing protocols in which routers pass on information about how to get to remote networks.

Question: The Internet seems to be moving so fast. How do they manage to move so fast?
I suppose you mean: How do they manage to develop new methods and techniques to quickly, on a world-wide basis? Well if they left it up to In-ternational Standards organizations, it would take years to standardize anything, as many companies would have to come together, and all the countries of the world would also have to agree on the standard. The Internet has a better way. Basically an expert is asked to draft a specification on a particular area, and then the post an RFC (Request For Comment) on the Internet. These are then read by anyone who has an interest, who can make a comment on the document. Finally the standard can be adopted, as many companies are keen to make their systems comply with the RFC standard. For example if you wanted to find-out about the POP-3 protocol, then you would search on the Internet for RFC1939.

Question: If IP has been such a success, why do we need a new address scheme?
IP has been a victim of its own success. No-one could have imagined how popu-lar it would be. As it has a 32-bit address it can only support up to 4 billion addresses. Unfortunately not all these addresses can be used, as network addresses are allocated to organizations for their maximum requirement. Also, if an organization uses subnets, then it is unlikely that every subnet has its maximum capacity of hosts.
There are possibly enough IP addresses for all the computers in the world, but the next big wave is going to come from granting IP addresses to virtually every electronic device, such as mobile phones, faxes, printers, traffic lights, telephones, and so on. The stage after this is to grant every object in the world an IP address. This could include cars, trains, people, and even our pets.

Question: So what addresses cannot be used for the ports, or the hosts?
All zeros in the host field, as this identifies the network, and all 1's in the host field as this identifies the broadcast address. Thus in the example above, and could not be used (these addresses use a Class B address with a subnet in the third field).

Question: Sometimes when I connect to the Internet everything seems fine, but I cannot access WWW sites, and it seems to load pages from a WWW cache?
This is a common problem, and it is likely that you are connected to the Internet, but the Domain Name Server is not reachable. This means that you cannot resolve domain names into IP addresses. The way to check this is to use the IP address in the URL. For example: index.html
could be accessed with:
If you can get access with this, you should investigate your DNS. Remember you can normally specify several DNS's, thus find out the address of a remote DNS, just in case your local one goes off-line.

Question: When I connect to an ISP, what is my IP address, and my domain name? Can I have the same IP address each time, and the same domain name?
When you connect to your ISP you will be granted an IP address from a pool of assigned IP addresses. There is no guarantee that this will be the same each time you connect. Your domain name will also change, as it is bound to the IP address. It is possible to be allocated a static IP address, but you would have to pay some money to your ISP for the privilege. The advantage of this is that remote computers could connect to you when you connected via your ISP.
You can determine your current IP address if you use the command WINIPCFG (or IPCONFIG). This is particularly useful if you are playing games over the Internet.

Question: So why do you only have to specify the IP address of the gateway?
Because the host uses an ARP request to determine the MAC address of the gateway.