Tag Archives: Internet Protocol

An Introduction to Different IP Classes

With the explosive launch of the world’s mobile networks we were facing the prospect of imminent IP address exhaustion. Yes there were only so many IP addresses created and allocated to hosts, and Internet service providers. The long term solution to  address IP address depletion became a serious concern. What was needed was an IP address architecture that could span not just billions of connected devices but hundreds of billions of devices or more. Out of this effort came version 6 of the Internet Protocol, or IPv6.

A Primer on IPv4, IPv6 and Transition

A Primer on IPv4, IPv6 and Transition | How to Grow Your Business Online | Scoop.it

From www.circleid.com – 3 weeks ago

There is something badly broken in today’s Internet. At first blush that may sound like a contradiction in terms. After all, the Internet is a modern day technical marvel.

Juliana Payson‘s insight:

I need a few days to absorb the information in this article. It’s extensive, not so much a primer, but a very in-depth article about the way the internet stands to date in terms of size and transition to the new IPv6.

How and Why All Devices in Your Home Share One IP Address


Tech Go Simple: How and Why All Devices in Your Home Share One IP Address | How to Grow Your Business Online | Scoop.it

From Tech go simple – Today
If you’re like most people, your Internet service provider hands you a single Internet Protocol address and your router shares it amongst all the connected devices in your home. This actually violates the end-to-end principle, which the Internet was designed around. However, there are only so many IP addresses to go around – we’re running out.

Juliana Payson‘s insight:

There are less than 4.2 billion available IPv4 IP addresses. In other words, there are more people owning connected devices on the planet than there are unique, public IP addresses for the devices, let alone the fact that many people will own more than one device. The Internet is running out of IPv4 addresses, even though we’re rationing them. The only way we can have so many devices connected to the internet is to do with something called NAT.

In the following article, using a bit of technical ingenuity a sysadmin demonstrates how he can use his android phone as a connection to the internet for several devices routed through his Linux laptop.

Setting up NAT and MASQUERADE for sharing USB Tether connection over LAN


Setting up NAT and MASQUERADE for sharing USB Tether connection over LAN | How to Grow Your Business Online | Scoop.it

From tuxdna.wordpress.com – Yesterday

I the only source of Internet connection I have currently is my phone. I wanted to share this network with other systems, via a LAN/wireless router. So here is a basic setup: Android Phone with USB…

Juliana Payson‘s insight:

The Laptop, becomes a default gateway for rest of the machines connected to the router – his phone. Given the recent Syrian internet cut off ingenius skills like these may come in handy for those with difficult internet connections. Let me know if you’ve also tried using your phone as a hotspot for the internet. – Juliana

 

Using Your Server as a Proxy Browser

 

English: Illustrated concept of a proxy server...
English: Illustrated concept of a proxy server. A client ("Charles") asks a computer running a service ("Jonas") for the current time, using a proxy server as an intermediary. (Photo credit: Wikipedia)

Your IP address is stored by almost every online service you might visit. Is this always a good thing? Certainly not! Why would you think that? Big Brother is bad enough, but once Big Sister gets ahold of your information, she will share it with the whole family (she’s well-intentioned but, sadly, does not always prioritize your privacy).

You may want to use proxy browsing for such tasks as online banking, consultancy, or sales. We’ll get into other reasons it might be a valuable idea for you to consider. Surfing the Web undetected is something every superhero desires and some can implement without even trying (those whose superpower includes online invisibility). Even if you can’t be immediately invisible when you roll out of bed – which is incredibly frightening to your pets if you can anyway – you can become kinda-sorta invisible by using your server as a proxy to browse the Web.

Essentially what this allows is your IP to be concealed, making it look like your IP is located somewhere across the globe, such as the Kremlin or an Internet café at a Buddhist monastery in the Himalayas.

The below information details how proxy browsing via a server can be achieved. My sources were a piece on Wired by Jack Donovan,  instructions from Yale University IT, one by Benny Taylor for Salon, and a James Bruce piece for Make Use Of . I will discuss proxy access generally, why it might make sense, ways to use proxies and configurations, directions for the major browsers, and the SSH tunneling method.

Proxies – You Have Access

Note that you can use a proxy browser regardless if you have a hosting company, as per instructions from Jack’s Wired article. Obviously your own server via your hosting service, or your own in-house server, is preferable because you understand the company’s security credentials and you’re keeping everything contained within your current networking environment.

However, options are available for access to all. The servers you can use are publicly available, posted to Google freshly each day, just like soup (note that unlike soup-of-the-day, the proxies are unavailable in chowder form except at an additional cost). Wherever you are getting the server information, either from your own system, the hosting company, or online, what you need is this configuration of numbers to input into your browser of choice: XXX.XX.XX.XXX:XXXX.

You can either look up a proxy list through a search engine or go straight to this site. Do not opt for transparent options, and you don’t need to enter additional details the browser requests if you don’t have them: the IP address is sufficient. Also note that the proxy can be anywhere, though most people choose to operate directly out of the Pentagon so they can send some international peacekeeping tweets (how wars are won in the digital age).

Why Use a Proxy

Benny’s article for Salon mentioned several additional benefits of operating via a proxy. You can block employee access to specific websites (hurray!), log schedules of employee Internet usage (“What’s your obsession with the WWW, Horowitz?”), and get a better sense of where employees are going on the Web (“Monster.com? C’mon, Horowitz”).

Depending on the service and where it is installed, you can achieve a degree of online anonymity and look at websites that are typically inaccessible to outsiders. Benny specifically references the fact that people all over the world are able to use proxies based in the US to reach websites and materials censored in their home countries. Individuals using a proxy server for these reasons should check their nation’s laws to be aware of any they might be breaking (for example, in Guatemala, looking at a picture of a naked lady is considered third-degree manslaughter).

Also, note that SSH tunneling (described a few sections down) can be useful if you are unable to access common proxy sites due to restrictions in place in your country. Again, be aware that you are probably going beyond the bounds of laws in these cases. Also, put down the joint.

Ways to Use Proxies & Configuration

Benny also discusses the use of proxy browsing through one’s own server via software or a separate piece of hardware with the software pre-installed for use. Also note that hardware firewall solutions sometimes are configured to allow proxy server usage by default. Finally, you can subscribe to software as a service (SaaS) proxy capability. This last option allows you to externalize the operations to a third party, like we do with our garments (around these parts, mama no longer knits in the evenings … stop proving me wrong, mama!).

You will typically be able to pre-fetch (a.k.a. cache) Web data for easy access. There is also generally functionality to filter the data and monitor on a broad or case-by-case basis. Each individual device throughout your network will need to be configured to connect to the Web through the proxy. All interactivity with the Web will then flow through that server, on which you can place whatever parameters you like (lack of access to certain websites, mandatory corn chowder specials, etc.).

You also need to prevent all of the networked devices to disallow individual users from bypassing the server at any point. For legal purposes and also so that everyone understands the guidelines in place, issue a detailed description of what the proxy is doing – what data is gathering and in what ways you’re analyzing it (while stroking your beard, for instance).

Directions for the Major Browsers

Here are the directions from Yale IT on how to configure individual browsers to operate as proxies. These directions may be unnecessary if you have attained proxy software (as discussed above), and the software is integrated with your primary browser. The below is the standard manual solution – all you will need is the IP address, and desirably the port and SSL information, related to the server you’re using. Additionally you will need one large can of tomato paste, six dozen popsicle sticks, a Bunsen burner, and unwieldy scientific passion.

Mozilla Firefox:

  1. Open Firefox.
  2. On a Windows PC, go to Tools > Options. On a Mac, go to Firefox > Preferences.
  3. Enter the Advanced section and Network subsection.
  4. Go to Settings (which is positioned adjacent to “Connection: Configure …”)
  5. Choose Manual Proxy Configuration.
  6. Enter your Proxy credentials you have obtained next to HTTP Proxy. This is the IP address in the format XXX.XX.XX.XXX:XXXX.
  7. If you have port and/or SSL information, enter it. If not, per Wired, don’t worry about it.
  8. Enter OK on Windows, or Apply on Mac. Do this until all windows you have entered are closed, and you’re back to the original browser screen.
  9. You’ve done it. You can now get right to infiltrating NASA and redesigning the International Space Station’s spacious, open-air arboretum.

Internet Explorer:

  1. Open IE. Go to Tools > Options.
  2. Enter the Connections section.
  3. If you are using dial-up or standalone DSL (as is typical when accessing through a home connection), enter Dialup Settings.
  4. Click on the profile through which you connect to the Internet. Go to Settings.
  5. If you are using a Local Area Network (LAN), DSL router, or cable modem, enter LAN settings. Mark the checkbox under Proxy Server entitled “Use a Proxy Server.”
  6. Go to the Advanced window.
  7. In the text box adjacent to HTTP, enter the IP address specific to your server (or the public server IP you attained online) under Proxy Address to Use.
  8. If you have port and/or SSL information, enter it. If not, per Wired, don’t worry about it.
  9. Enter OK. Do this until all windows you have entered are closed, and you’re back to the original browser screen.
  10. You’ve done it. You can now send out your tweets to the Taliban from the Department of Defense (“@Taliban, please tone down the anger in your hate mail. #DODepression”).

Safari:

  1. Open Safari. Go to Safari > Preferences.
  2. Click on Advanced.
  3. Next to Proxies, enter Change Settings.
  4. Look under Show, and you should see the parameters with which you’re connecting.
  5. Click the checkbox adjacent to Web Proxy (HTTP). Enter the IP address specific to your server (or the public server IP you attained online) in the first text box.
  6. If you have port and/or SSL information, enter it. If not, per Wired, don’t worry about it.
  7. Enter Apply. Do this until all windows you have entered are closed, and you’re back to the original browser screen.
  8. You’ve done it. You can now surreptitiously sell your overpriced religious holiday baubles to the people of North Korea.

The SSH Tunneling Method

James Bruce’s article in Make Use Of focuses specifically on the SSH tunneling method to use a dedicated or virtual private server (VPS) as a proxy. This method, because it uses SSH, is typically inaccessible to those in shared hosting environments. However, if you search the support pages for your shared account, you may find it is possible.

** Word of warning: Remember at all times that this traffic still funnels directly through your hosting account (ie, it’s not fully anonymous); plus, it uses bandwidth, so if you have limitations, you don’t want to go overboard using it as a proxy.

Windows

  1. Download software to allow you to communicate via SSH. James suggests Putty and uses it for demonstration, so I will too. Note that Silly Putty can also be used for this purpose – much less effectively, but nonetheless, hilariously.
  2. When Putty asks for a domain, do not use your root account. Use any domain that is SSH-enabled.
  3. Click on SSH in the sidebar at left and ensure that “Enable compression” is checked.
  4. Expand SSH, and you will see “Tunnels.” Source Port should be 9090 and destination should be Dynamic.
  5. Return to the Sessions screen (at top on sidebar).
  6. Give a name to your settings and save it so that you can use them in the future.
  7. Click Open. Username and password cannot be saved, and you may find it difficult to enter your password. You also may need to ignore windows that pop up re: authentication (per James).
  8. Move onto your browser configuration as described below.
  9. Give a high-five to each of your six unpaid college interns.

Linux / OsX

  1. Enter the following command into a terminal: ssh -C2qTnN -D 9090 username@yourdomain.com.
  2. Supply your password.
  3. Move onto your browser configuration as described below.
  4. Give one low-five, to your Intern of the Week.

Change the Connection > Proxy to SOCK S5. The URL should be localhost, and the port should be 9090. If you need further instructions, you can visit James’ article here and search for “configuring the browser.” It gives instructions specific to FF and IE, as well as how to implement system-wide on Linux or OsX.

Summary

I’ve explained proxies generally, why to use them and ways to use and configure them, directions for the major browsers, and the alternate SSH tunneling method. Be careful, guys and gals. It’s a scary world out there. WWJD (“What Would Julian Assange Do?”) may not always be the best policy.

by Kent Roberts and Richard Norwood

How to Understand DNS & Everything Else

This image was selected as a picture of the we...

WWW. SEO. URL. SSL. FTP. DNS. The Internet loves it some three-letter acronyms. The Domain Name System (DNS) is no exception. Saying a bunch of words is no match for saying some letters that represent them. That way you can have this conversation with someone.

Them: “What’s DNS?

You: “Don’t worry your pretty little head about it. It’s technical jargon that would literally blow your head off your body, and they’d use my tax money to clean up the mess, so no thanks.”

Them: “Got it. Thank you for helping me preserve the structure of my body.”

DNS is not very complicated, but this article will review it in full detail – sort of a “more than you ever wanted to know” guide. This piece, then, is much like a long, excruciatingly painful story from your grandfather about a trip he went to buy undergarments during the Depression and ended up getting kidnapped and tortured by naked and obese witches. Typical!

For this article, I drew from pieces on How-To Geek, Applied Trust, Stack Overflow, and a Josh Halliday piece on The Guardian.

DNS – What is it? Huh? Oh.

The domain name system (DNS) is Web protocol that converts the names of sites – eg ilovericepudding.xxx or nowivedecidedilikepastapuddingbetter.tv — into numbers for reading by computers/servers. DNS specifically converts from the URL, eg puddingisdeliciousandeveryoneknowsit.cc, into an IP address. The IP address hooks the visitor of the website to the correct server so that the page loads correctly. DNS, then, is essentially the phone book that translates letters into numbers which are the server identification numbers.

When you think of a dedicated IP, typically you are in turn thinking of a dedicated server. In other words, having your own dedicated server for hosting – as opposed to using shared hosting – means that you have your own IP address specific to your own site. This “ownership” of an IP has obvious advantages regarding security and a minimization of and isolation of potential DNS-related errors. However, in shared hosting situations, a host header is used to access the correct site; that is the way that IP addresses can be shared without confusion.

DNS and Speed

Generally speaking, according to The Guardian, the connection between URL and IP is made via DNS almost instantaneously. The server is found and the data request by the visitor of the site – what any website visitor is doing when visiting any URL is making a request for data – is fulfilled. Once the DNS server makes the connection, it can move onto another request for URL/IP matching.

Most sites have DNS servers. DNS can be provided for free through a service such as everyDNS. However, solid DNS is crucial. When the DNS server does not function correctly, you can only get to a website through its IP address (the series of numbers that identify the server).

There are a couple of types of DNS problems worth looking at specifically:

  • DNS failure
  • DNS poisoning.

Failure is when a glitch makes the DNS system dysfunctional. This type of problem means that the site does not populate (with nothing populating its place).

Poisoning is a situation in which the information is purposely polluted with misinformation via a virus, other malware, or direct hacking interference. Because of this, the need for professionals such as a virus removal service, will be essential before any additional issues come up. This problem directs site visitors to an impostor website – typically one that is intending to draw credit card or other personal information from people, often creating the false assumption that the site to which they are directed is the site they were originally trying to pull up – i.e., a phishing scenario. A disappointing and cruel example of phishing is when you think you are putting your information into a sales portal to get a DDoS botnet, an army of malware-injected computers to bring down your competitor, and instead, it turns out to be an FBI site trying to stop you from doing that, even though you’ve struggled this quarter because your competitor has better products and service than you do.

What is an IP address?

An Internet Protocol (IP) address is the identifying numbers assigned to any piece of hardware. Your cell phone, for instance, has a particular IP. The same is true of your PC or of the server for a website.

An IP address is in a format known as a dotted quad – four numbers ranging from 0 to 255, separated by dots. Note that though IP addresses are unique, sites (as discussed above) can share an IP address. Similarly, a household or business network can have a single IP, if only one router is used (assuming all devices flow through that router’s IP).

Note that within a network – also called a “domain” in terms of IP – multiple devices will each have an IP so that the router can tell them apart. However, the outside Internet is not told anything about the IPs of the internal network. The router translates the internal IPs into its own IP when Internet requests are made by the network’s devices. When a response comes in from the Internet, the router translates back to the individual IP so that the information is sent to the correct network computer. It’s similar to how thoughts and sensations each get stored in your various multiple personalities so that Cecilia, Jack, and Dr. Blankenship can each have their own personal stories, friendships, and memories.

One good thing about URLs, beyond the fact that they are easier to remember and can be branded in ways that strings of numbers cannot, is that IP addresses are specific to hardware. If a website changes its hosting company, for example, its IP address will change. But that doesn’t really matter, because no one is typing in the IP. As soon as the DNS entry is updated with the new IP information, the site will populate accurately from the files located on the new hosting service’s machine.

Sample – Google.com

So you can get a better sense of how IP addresses work, try typing 173.194.39.78 into your address bar. You should see Google populate. That is Google’s IP address. As you can see, the IP and the URL are essentially synonymous. Data-wise, it’s all about the IP. But everything must be named so that we humans can remember more easily.

Typically you’re not typing in 173.194.39.78, but rather Google.com (unless you’re really into IP addresses – an IPP or Internet Protocol Purist, as they’re called in IT circles). Nonetheless, the DNS server translates into the appropriate IP so that the data between you and the servers which populate the various websites that comprise the Web know what servers they need to access to send and receive data.

DNS Servers and Caching

You type a web address into your address bar. Then your computer sends out a request to the DNS server. The DNS server lets it know what the correct IP address is and sends out to that address. Your computer then goes to the correct IP. The URL in the address bar stays the same. The IP lookup and connection occurs in the background without your knowledge (unless you decide to look up the technical details).

The DNS servers you use to access IP addresses via your home or business network are typically provided by your Internet service provider (ISP). Typically a computer will send a DNS request to a router, which in turn send out the message to the ISP. The ISP’s DNS servers then respond with the correct IP number and populate the page.

DNS caching allows a computer to remember what IP is associated with a particular URL. This means that your computer only needs to retrieve DNS information one time (until the cache is cleared). The speed with which pages will load is optimized by not needing to perform a DNS lookup every time a page loads. You go straight to requesting the site, rather than going to the DNS server first, because you have the information locally to tell you where the correct IP is for the URL. Again, Internet Protocol Purists never allow the DNS to cache. They believe it is important to anthropomorphize the DNS and allow it to perform “work” constantly, strengthening its muscles and mind for the DNS apocalypse.

DNS & Security

Speaking of malware and viruses, sometimes you can be infected with one that changes your DNS server to a different one run by people who have implanted false IP addresses for heavily trafficked websites. If you put the name of one of those common sites into your address bar, the browser then instead visits the phishing site – where the evildoer attempts to pull login credentials and other sensitive details from you.

Two solutions to help prevent DNS hijacking:

  1. Antivirus software – A quality antivirus application can help prevent your computer from accessing a faulty DNS server.
  2. SSL errors – I’ve written a couple of pieces on SSL security certificates lately – both on different types of validation and on different types of certificates/ functionalities. Security certificate error messages – a window that pops up and says that there is a problem with the security certificate for the site – should always be read and considered. SSL errors are fairly uncommon, so when you come across one, ensure that the certificate was issued to an organization you recognize – it may have been and just doesn’t directly match the particular subdomain you are viewing, etc. (which doesn’t mean it’s not encrypting, so you’re fine there). Sometimes the SSL certificate, though, may have been issued to a completely different site. If you don’t recognize the site, do the following:
  • Stop
  • Collaborate with a partner in security
  • Listen to what they have to say
  • Ice, ice, baby, to go.

Summary & Conclusion

DNS is a phonebook for Internet sites, a way of matching up the identification numbers, called IP addresses, related to specific devices – servers as regards websites – with particular URLs. This allow your computer browser to send a data request to the appropriate server to populate a website. Caching of DNS allows your computer to access the website more quickly – without having to look up the DNS record each time. DNS servers can sometimes be miscoded, either innocently or malevolently. Be sure you have a quality antivirus installed and that you pay attention to SSL security certificate errors so that you are less likely to become a victim of phishing schemes (unless that’s , like, totally your thing, being a victim, which I can completely respect, as can Mr. Blankenship).

by Kent Roberts and Richard Norwood