IT Students Learning Corner
MAC Address (Media Access Control)
MAC (Media Access Control) addresses are permanent by design, several mechanisms allow modification, or "spoofing", of the MAC address that is reported by the operating system. This can be useful for privacy reasons, for instance when connecting to a Wi-Fi hotspot, or to ensure interoperability. Some internet service providers bind their service to a specific MAC address; if the user then changes their network card or intends to install a router, the service won't work anymore. Changing the MAC address of the new interface will solve the problem. Similarly, some software licenses are bound to a specific MAC address. Changing the MAC address in this way is not permanent: after a reboot, it will revert to the MAC address physically stored in the card. A MAC address is 48 bits in length.
A MAC address is a physical hardware address assigned to each device that has the capability of connecting to a network. The internet is nothing more than a large network. The MAC address is something that is assigned in the chip on the device and is not something the user can change.
As a MAC address can be changed, it can be unwise to rely on this as a single method of authentication. IEEE 802.1x is an emerging standard better suited to authenticating devices at a low level.Types of MAC address:
Unicast address : An address for a specific computer.
Multicast address : An address for a specific group of computers in
network.
Broadcast address : An address for all computers in network.
HOw Can U Change MAC Address:
Windows
Under Windows XP, the MAC address can be changed in the Ethernet adapter's Properties menu, in the Advanced tab, as "MAC Address", "Locally Administered Address", "Ethernet Address" or "Network Address". The exact name depends on the Ethernet driver used; not all drivers support changing the MAC address in this way.
However, a better solution - requiring Administrative User Rights - is to pass over the System Registry Keys under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}. Here settings for each network interface can be found. The contents of the string value called 'NetworkAddress' will be used to set the MAC address of the adapter when next it is enabled. Resetting the adapter can be accomplished in script with the freely available command line utility devcon from Microsoft, or from the adapters context menu in the Network Connections control panel applet.
There is a nice tool to change the MAC address for all cards (even those that can't be changed through the adapter's Properties menu): SMAC MAC Address Changer
Note: to check your MAC address easily on a Windows XP box, go to Run, type CMD, then type "ipconfig /all" without quotation in the command prompt. The number under physical address is the MAC address. If multiple IP are displayed, you should look under the label "Ethernet adapter x", where x is the name of your connection (which is Local Area Connection by default).Windows
Under Windows XP, the MAC address can be changed in the Ethernet adapter's Properties menu, in the Advanced tab, as "MAC Address", "Locally Administered Address", "Ethernet Address" or "Network Address". The exact name depends on the Ethernet driver used; not all drivers support changing the MAC address in this way.
However, a better solution - requiring Administrative User Rights - is to pass over the System Registry Keys under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}. Here settings for each network interface can be found. The contents of the string value called 'NetworkAddress' will be used to set the MAC address of the adapter when next it is enabled. Resetting the adapter can be accomplished in script with the freely available command line utility devcon from Microsoft, or from the adapters context menu in the Network Connections control panel applet.
There is a nice tool to change the MAC address for all cards (even those that can't be changed through the adapter's Properties menu): SMAC MAC Address Changer
Note: to check your MAC address easily on a Windows XP box, go to Run, type CMD, then type "ipconfig /all" without quotation in the command prompt. The number under physical address is the MAC address. If multiple IP are displayed, you should look under the label "Ethernet adapter x", where x is the name of your connection (which is Local Area Connection by default).Router
The method to change the MAC address of a router varies with the router. Not all routers have the ability to change their MAC address. The feature is often referred to as "clone MAC address". This take the MAC address of one of the machine on your network and replaces the router's existing MAC address with it. Some support the option to manually enter the MAC address.
How to change a MAC address in Linux
To change your MAC address in Linux (and most *nix system) is easy. All it takes is two easy to script commands:
ifconfig eth0 down hw ether 00:00:00:00:00:01
ifconfig eth0 up
These two little commands would set your eth0 interface to use the MAC 00:00:00:00:00:01. Just plug in the NIC you want to set and the MAC address you want to use into the commands above and your done. Changing your MAC address is one of those things that is much easier to do in Linux then under Windows.
Cryptography:
By definition cryptography is the process of converting recognizable data into an encrypted code for transmitting it over a network (either trusted or untrusted). Data is encrypted at the source, i.e. sender's end and decrypted at the destination, i.e. receiver's end.
In all cases, the initial unencrypted data is referred to as plain text. It is encrypted into cipher text, which will in turn (usually) be decrypted into usable plaintext using different encryption algorithms.
Plaintext =>Ciphertext=> Plaintext=>Encryption=> Decryption
The Purpose :-
* Authentication : The process of proving one's identity.
* Privacy/confidentiality : Ensuring that no one can read the message except the intended receiver.
* Integrity : Assuring the receiver that the received message has not been altered in any way from the original.
* Non-repudiation : A mechanism to prove that the sender really sent this message.
In general cryptographic algorithms are classified into three categories as follows :
1) Secret Key Cryptography (SKC) : Uses a single key for both encryption and decryption.
2) Public Key Cryptography (PKC) : Uses one key for encryption and another for decryption.
3) Hash Functions : Uses a mathematical transformation to irreversibly "encrypt" information.
Secret Key Cryptography :-
With secret key cryptography, a single key is used for both encryption and decryption. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.
Secret key cryptography algorithms that are in use today include :
1) Data Encryption Standard (DES) : DES is a block-cipher employing a 56-bit key that operates on 64-bit blocks. DES uses a key of only 56 bits, and thus it is now susceptible to "brute force" attacks.
Triple-DES (3DES) and DESX are the two important variants that strengthen DES.
2) Advanced Encryption Standard (AES ) : The algorithm can use a variable block length and key length; the latest specification allowed any combination of keys lengths of 128, 192, or 256 bits and blocks of length 128, 192, or 256 bits.
3 ) International Data Encryption Algorithm (IDEA) : Secret-key cryptosystem written by Xuejia Lai and James Massey, in 1992 and patented by Ascom; a 64-bit SKC block cipher using a 128-bit key. Also available internationally.
4) Rivest Ciphers : Named for Ron Rivest, a series of SKC algorithms.
RC1 : Designed on paper but never implemented.
RC2 : A 64-bit block cipher using variable-sized keys designed to replace DES. It's code has not been made public although many companies have licensed RC2 for use in their products. Described in RFC 2268.
RC3 : Found to be breakable during development.
RC4 : A stream cipher using variable-sized keys; it is widely used in commercial cryptography products, although it can only be exported using keys that are 40 bits or less in length.
RC5 : A block-cipher supporting a variety of block sizes, key sizes, and number of encryption passes over the data. Described in RFC 2040.
RC6 : An improvement over RC5, RC6 was one of the AES Round 2 algorithms.
5) Blowfish : A symmetric 64-bit block cipher invented by Bruce Schneier; optimized for 32-bit processors with large data caches, it is significantly faster than DES on a Pentium/PowerPC-class machine. Key lengths can vary from 32 to 448 bits in length. Blowfish, available freely and intended as a substitute for DES or IDEA, is in use in over 80 products.
Public-Key Cryptography :-
Generic PKC employs two keys that are mathematically related although knowledge of one key does not allow someone to easily determine the other key. One key is used to encrypt the plaintext and the other key is used to decrypt the ciphertext. No matter which key is applied first, but both the keys are required for the process to work. Because a pair of keys are required, this approach is also called asymmetric cryptography.
In PKC, one of the keys is designated the public key and may be advertised as widely as the owner wants. The other key is designated the private key and is never revealed to another party.
Public-key cryptography algorithms that are in use today for key exchange or digital signatures include :
1) RSA : One of the most popular encryption algorithm, invented in 1977 by three MIT scientists (Ronald Rivest, Adi Shamir, and Leonard Adleman)
The key-pair is derived from a very large number, n, that is the product of two prime numbers chosen according to special rules; these primes may be 100 or more digits in length each, yielding an n with roughly twice as many digits as the prime factors. The public key information includes n and a derivative of one of the factors of n; an attacker cannot determine the prime factors of n (and, therefore, the private key) from this information alone and that is what makes the RSA algorithm so secure.
Hash Functions :- Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, provide a measure of the integrity of a file.
Hash algorithms that are in common use today include:
1) Message Digest (MD) algorithms : A series of byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message.
MD2 : Designed for systems with limited memory, such as smart cards.
MD4 : Developed by Rivest, similar to MD2 but designed specifically for fast processing in software.
MD5 : Also developed by Rivest in 1991 after potential weaknesses were reported in MD4; this scheme is similar to MD4 but is slower because more manipulation is made to the original data.It accepts variable length message from the user and converts it into a fixed 128-bit message digest value.
One interesting and important aspect of the MD5 hash function is that it is a one way algorithm. This means you can produce the 128-bit fingerprint if the data chunk is available to you. You cannot, however, generate the entire data if only the fingerprint of the data is known.
2) Secure Hash Algorithm (SHA) : Algorithm for NIST's Secure Hash Standard (SHS). SHA-1 produces a 160-bit hash value and was originally published as FIPS 180-1 and RFC 3174. FIPS 180-2 describes five algorithms in the SHS: SHA-1 plus SHA-224, SHA-256, SHA-384, and SHA-512 which can produce hash values that are 224, 256, 384, or 512 bits in length, respectively. SHA-224, -256, -384, and -52 are also described in RFC 4634.
3) RIPEMD : A series of message digests that initially came from the RIPE (RACE Integrity Primitives Evaluation) project. RIPEMD-160 was designed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel, and optimized for 32-bit processors to replace the then-current 128-bit hash functions. Other versions include RIPEMD-256, RIPEMD-320, and RIPEMD-128.
4) HAVAL (HAsh of VAriable Length) : Designed by Y. Zheng, J. Pieprzyk and J. Seberry, a hash algorithm with many levels of security. HAVAL can create hash values that are 128, 160, 192, 224, or 256 bits in length.
5) Whirlpool : A relatively new hash function, designed by V. Rijmen and P.S.L.M. Barreto. Whirlpool operates on messages less than 2256 bits in length, and produces a message digest of 512 bits. The design of this hash function is very different than that of MD5 and SHA-1, making it immune to the same attacks as on those hashes.
6) Tiger : Designed by Ross Anderson and Eli Biham, Tiger is designed to be secure, run efficiently on 64-bit processors, and easily replace MD4, MD5, SHA and SHA-1 in other applications. Tiger/192 produces a 192-bit output and is compatible with 64-bit architectures; Tiger/128 and Tiger/160 produce the first 128 and 160 bits, respectively, to provide compatibility with the other hash functions.
Learn TCP/IP
-: IP Spoofing :-
The term IP (Internet Protocol) address spoofing refers to the creation of IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system.
For Check Your IP Address..
for see another IP address
Why it works ?
IP-Spoofing works because trusted services only rely on network address based authentication. Since IP is easily duped, address forgery is not difficult.
The main reason is security weakness in the TCP protocol known as sequence number prediction.
How it works ?
To completely understand how ip spoofing can take place, one must examine the structure of the TCP/IP protocol suite. A basic understanding of these headers and network exchanges is crucial to the process.
IP-Spoofing works because trusted services only rely on network address based authentication. Since IP is easily duped, address forgery is not difficult.
The main reason is security weakness in the TCP protocol known as sequence number prediction.
How it works ?
To completely understand how ip spoofing can take place, one must examine the structure of the TCP/IP protocol suite. A basic understanding of these headers and network exchanges is crucial to the process.
Internet Protocol (IP) :
It is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.
It is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.
Your Browser and Server use TCP/IP
Browsers and servers use TCP/IP to connect to the Internet.
A browser uses TCP/IP to access a server. A server uses TCP/IP to send HTML back to a browser.
Your E-Mail uses TCP/IP
Your e-mail program uses TCP/IP to connect to the Internet for sending and receiving e-mails.
Your Internet Address is TCP/IP
Your Internet address "192.168.10.14" is a part of the standard TCP/IP protocol (and so is your domain name).
What is TCP/IP?
TCP/IP is the communication protocol for communication between computers on the Internet.
TCP/IP stands for Transmission Control Protocol / Internet Protocol.
TCP/IP defines how electronic devices (like computers) should be connected to the Internet, and how data should be transmitted between them.
Inside TCP/IP
Inside the TCP/IP standard there are several protocols for handling data communication:
- TCP (Transmission Control Protocol) communication between applications
- UDP (User Datagram Protocol) simple communication between applications
- IP (Internet Protocol) communication between computers
- ICMP (Internet Control Message Protocol) for errors and statistics
- DHCP (Dynamic Host Configuration Protocol) for dynamic addressing
TCP Uses a Fixed Connection
TCP is for communication between applications.
If one application wants to communicate with another via TCP, it sends a communication request. This request must be sent to an exact address. After a "handshake" between the two applications, TCP will set up a "full-duplex" communication between the two applications.
The "full-duplex" communication will occupy the communication line between the two computers until it is closed by one of the two applications.
UDP is very similar to TCP, but simpler and less reliable.
IP is Connection-Less
IP is for communication between computers.
IP is a "connection-less" communication protocol.
IP does not occupy the communication line between two computers. IP reduces the need for network lines. Each line can be used for communication between many different computers at the same time.
With IP, messages (or other data) are broken up into small independent "packets" and sent between computers via the Internet.
IP is responsible for "routing" each packet to the correct destination.
IP Routers
When an IP packet is sent from a computer, it arrives at an IP router.
The IP router is responsible for "routing" the packet to the correct destination, directly or via another router.
The path the packet will follow might be different from other packets of the same communication. The router is responsible for the right addressing, depending on traffic volume, errors in the network, or other parameters.
Connection-Less Analogy
Communicating via IP is like sending a long letter as a large number of small postcards, each finding its own (often different) way to the receiver.
TCP/IP
TCP/IP is TCP and IP working together.
TCP takes care of the communication between your application software (i.e. your browser) and your network software.
IP takes care of the communication with other computers.
TCP is responsible for breaking data down into IP packets before they are sent, and for assembling the packets when they arrive.
IP is responsible for sending the packets to the correct destination.
IP Addresses
Each computer must have an IP address before it can connect to the Internet.
Each IP packet must have an address before it can be sent to another computer.
IP addess is the identity of computer or website.
Domain Names
A name is much easier to remember than a 12 digit number.
Names used for TCP/IP addresses are called domain names.
google.com is a domain name.
When you address a web site, like http://www.google.com, the name is translated to a number by a Domain Name Server (DNS).
All over the world, DNS servers are connected to the Internet. DNS servers are responsible for translating domain names into TCP/IP addresses.
When a new domain name is registered together with a TCP/IP address, DNS servers all over the world are updated with this information.
TCP - Transmission Control Protocol
TCP is used for transmission of data from an application to the network.
TCP is responsible for breaking data down into IP packets before they are sent, and for assembling the packets when they arrive.
IP - Internet Protocol
IP takes care of the communication with other computers.
IP is responsible for the sending and receiving data packets over the Internet.
HTTP - Hyper Text Transfer Protocol
HTTP takes care of the communication between a web server and a web browser.
HTTP is used for sending requests from a web client (a browser) to a web server, returning web content (web pages) from the server back to the client.
HTTPS - Secure HTTP
HTTPS takes care of secure communication between a web server and a web browser.
HTTPS typically handles credit card transactions and other sensitive data.
SSL - Secure Sockets Layer
The SSL protocol is used for encryption of data for secure data transmission.
SMTP - Simple Mail Transfer Protocol
SMTP is used for transmission of e-mails.
MIME - Multi-purpose Internet Mail Extensions
The MIME protocol lets SMTP transmit multimedia files including voice, audio, and binary data across TCP/IP networks.
IMAP - Internet Message Access Protocol
IMAP is used for storing and retrieving e-mails.
POP - Post Office Protocol
POP is used for downloading e-mails from an e-mail server to a personal computer.
FTP - File Transfer Protocol
FTP takes care of transmission of files between computers.
NTP - Network Time Protocol
NTP is used to synchronize the time (the clock) between computers.
DHCP - Dynamic Host Configuration Protocol
DHCP is used for allocation of dynamic IP addresses to computers in a network.
SNMP - Simple Network Management Protocol
SNMP is used for administration of computer networks.
LDAP - Lightweight Directory Access Protocol
LDAP is used for collecting information about users and e-mail addresses from the internet.
ICMP - Internet Control Message Protocol
ICMP takes care of error-handling in the network.
ARP - Address Resolution Protocol
ARP is used by IP to find the hardware address of a computer network card based on the IP address.
RARP - Reverse Address Resolution Protocol
RARP is used by IP to find the IP address based on the hardware address of a computer network card.
BOOTP - Boot Protocol
BOOTP is used for booting (starting) computers from the network.
PPTP - Point to Point Tunneling Protocol
PPTP is used for setting up a connection (tunnel) between private networks.
When you write an email, you don't use TCP/IP.
When you write an email, you use an email program like Lotus Notes, Microsoft Outlook or Netscape Communicator.
Your Email Program Does
Your email program uses different TCP/IP protocols:
- It sends your emails using SMTP
- It can download your emails from an email server using POP
- It can connect to an email server using IMAP
SMTP - Simple Mail Transfer Protocol
The SMTP protocol is used for the transmission of e-mails. SMTP takes care of sending your email to another computer.
Normally your email is sent to an email server (SMTP server), and then to another server or servers, and finally to its destination.
SMTP can only transmit pure text. It cannot transmit binary data like pictures, sounds or movies.
SMTP uses the MIME protocol to send binary data across TCP/IP networks. The MIME protocol converts binary data to pure text.
POP - Post Office Protocol
The POP protocol is used by email programs (like Microsoft Outlook) to retrieve emails from an email server.
If your email program uses POP, all your emails are downloaded to your email program (also called email client), each time it connects to your email server.
IMAP - Internet Message Access Protocol
The IMAP protocol is used by email programs (like Microsoft Outlook) just like the POP protocol.
The main difference between the IMAP protocol and the POP protocol is that the IMAP protocol will not automatically download all your emails each time your email program connects to your email server.
The IMAP protocol allows you to look through your email messages at the email server before you download them. With IMAP you can choose to download your messages or just delete them. This way IMAP is perfect if you need to connect to your email server from different locations, but only want to download your messages when you are back in your office.
No comments:
Post a Comment
Thank your your Comment replay as Soon as Possible