Illustration of "Internet security - Common protocols (RTP, DHCP, DNS)"
  • Real time protocols (RTP, RTCP, RTSP).
  • Naming service (DNS).
  • Address Resolution (ARP, DHCP).

RTP Packets

  • Based on UDP, heavy multicast ft.
  • Compression high so high sensitivity to errors.
  • Buffering to cope network variations.

Header: version, sequence number, timestamp, synchro source (for multiplexing)

RTCP (Real Time Transport Control Protocol)

  • Uses the port next to RTP (RTP+1).
  • Several RTCP packets are in the same UDP segment.
  • Synchronize media, include data (name, addresses, phone, ...).
  • QoS feedback (sender / receiver must synchronize the data-rate).

 RTSP (Real Time Streaming Protocol)

  • Streaming: Use the data before downloading everything.
  • Operations: DESCRIBE, SETUP, PLAY, PAUSE, ...

VOIP

  • Call Setup: SDP + SIP
  • Call Media: Codecs + RTP/RTCP

 SIP

  • REGISTER (name/number) to PBX (digest auth for security) to get a number
  • INVITE to start a call (with port numbers, ...)

UPnP

  • open port in the router
  • route mapping

Firewall

Block packets/datagram from going through a network. Rules based on: ports, ip, protocols

Proxies

  • Proxy can access external resources from internal computer.
  • Proxy can access internal resources from external computer. Used for authentication and filtering.

DMZ (De-Militarised Zones)

Internet | firewall | DMZ | firewall | LAN

DMZ can contains servers accessible from internet.


 Naming

 DNS (Domain Name Space)

Tree structure (hierarchical organisation with distributed authority) Each node has a label. Labels are written left to right (www.xxx.co.uk.) and end with a dot if absolute (like / in unix).

 Domain name resolution

  • by convention, 2 name servers min (primary and secondaries).
  • a zone name server knows the name servers below to him (immediately).
  • root name servers are redundant.
Recursive name resolution

The request is passed from one name server to another, reply passed back recursively.

Iterative name resolution

The replies passed immediately to the resolver with the domain server address (root, sub, ...).

 Mixed name resolution
  • Recursive: The resolver the the local name server.
  • Iterative: The local name server to the other name servers.
Authoritative replies & cache
  • AA bit set in the reply
  • means the reply comes from an Authoritative Name Server.
  • cache the authoritative replies (for TTL)
  • replies from a cache cannot be AA

Types of record

  • SOA
  • A (ip)
  • MX (mail)
  • NS (name server)
  • CNAME
  • PTR (reverse lookup)
  • HINFO
  • TXT

 Address Resolution

 ARP

  • need to find out the MAC address of the IP

  • mapping Originator MAC -> Originator IP

  • mapping Target MAC -> Target IP

RARP (obsolete)

  • need to find out the IP address of the MAC

 DHCP (Dynamic Host Conf Protocol)

  • static, automatic, dynamic allocation of IP (map ip - MAC)

  • client broadcast DHCPDISCOVER

  • server reply DHCPOFFER

  • client reply DHCPREQUEST

  • server confirm DHCPACK

It is possible to install Relay Agent to handle several network with ONE server.

Web Proxy Autodiscovery (WPAD)

Configuration of proxies, pushed by a third party to auto-configure the proxy settings