IP Addresses, Ports, and Protocols

Question 1

Types of Network Services

Answer 1

Client / Server
• Client requests resources or a service from a server
• Server does majority of the processing, client handles user
interaction
• Examples: VoIP, email, web, file transfer
Peer-to-peer
• No clear separation between client and server; most hosts do both
• Examples: File sharing like BitTorrent, and eDonkey
Multi-tier
• Distributed applications where complex process is spread out over
several specialized servers
• Example: web application front-end to database back-end

Question 2

DNS

Answer 2

Domain Name Service (T/U:53)
• Translates human friendly names to machine friendly addresses
• Hierarchical system: Root, Top Level Domain, Subdomains
• Potential attacks redirect, intercept, or deny other services
• No integrity, confidentiality or authentication by default

Question 3

LDAP

Answer 3

Lightweight Directory Access Protocol (T/U:389)
• Client-server directory query based on X.500
• Front-end system only, LDAP can interface with many back-ends
• Plain text by default, but can run over SSL

Question 4

NetBIOS

Answer 4

Network Basic Input Output System
(U:137,138,T:139)
• Predecessor to LDAP, has information on users, hosts, domains
• Ports are frequently targeted by worms, especially on Windows

Question 5

Instant Messaging

Answer 5

Peer-to-peer, server-oriented and brokered messaging systems

allow users to chat or send messages to each other

Question 6

IRC

Answer 6

Internet Relay Chat
• Client-server based chat system; plain text only
• Provides public and private channels
• Maliciously used for control of botnets

Question 7

NTP

Answer 7

Network Time Protocol (U:123)
• Synchronizes a host’s clock with a central source
• Simple Network Time Protocol (SNTP) provides less exact service
at a reduced resource usage
• Useful for keeping audit trails in synch across servers
• Later version of NTP introduced authentication security

Question 8

SMTP

Answer 8

Simple Mail, Transfer Protocol (T:25)
• Client/server protocol running over TCP port 25
• Sends email messages from client to server, and between servers
• No authentication by default; open relays used for SPAM

Question 9

POP

Answer 9

Post Office Protocol (T:110)
• Client/server protocol running on TCP port 110
• Client downloads messages and then deletes from server
• Basic authentication and no encryption unless run through SSL/TLS

Question 10

IMAP

Answer 10

Internet Message Access Protocol (T:143)
• Permits multiple devices to access the same mailbox and see the
same set of messages at any given time
• Authentication and encryption of data, but can do plain text

Question 11

CIFS

Answer 11

Common Internet File System & SMB – Server
Message Block (T:445)
• File sharing protocol; server hosts files that clients can download
• Various authentication methods can be used

Question 12

NFS

Answer 12

Network File System (T/U:111, 2049)
• Another file sharing system, common to *nix platforms
• Authentication and encryption through Secure RPC

Question 13

SNFS

Answer 13

Secure Network File System
• Authenticates each request; increased overhead from NFS
• Dependent on time synchronized servers

Question 14

iSCSI

Answer 14

Internet Small Computer System Interface
• IP based storage protocol (SCSI over networks)
• Hard drive accessed over the network
• Used in SAN (Storage Area Network)
• Low-cost alternative to Fibre Channel

Question 15

Fibre Channel

Answer 15

High-speed network storage technology
• Originally designed for dedicated fiber-optic cables
• More expensive – dedicated hardware/fiber
• Enterprise/geographically separated SANs

Question 16

FCoE – Fibre Channel over Ethernet

Answer 16

• Uses Ethernet, but not TCP/IP

* Requires special network adaptors

Question 17

FTP – File Transfer Protocol (T:20,21)

Answer 17

Transfers files from one host to another
• Control passed on TCP port 21, data over TCP port 20
• Plaintext authentication; credentials can be sniffed by attacker

Question 18

TFTP – Trivial File Transfer Protocol (U:69)

Answer 18

Simple version of FTP, running on UDP port 69
• Must know the filename exactly – no CD or DIR commands
available – only GET and PUT

Question 19

SFTP - Secure FTP

Answer 19

Uses SSH protocol to encrypt session between client and server
• Another option is FTPS - FTP with SSL/TLS encryption
• RFC 2228 “FTP Security Extensions” defines security extensions for
FTP to support
— Confidentiality
— Integrity
— Authentication
— Data channel protection

Question 20

HTTP

Answer 20

Hypertext Transfer Protocol (T:80)
• Built as a scaled down version of FTP to support exchange of HTML
• All transfers in plaintext unless using SSL or TLS

Question 21

HTTPS

Answer 21

– Hypertext Transfer Protocol over SSL or TLS
(T:443)
• Broadly supported service that provides confidentiality and
authentication of server, and optionally, the client

Question 22

RDP

Answer 22

Remote Desktop Protocol (T:3389)
• Microsoft technology that allows remote control
of Windows Vista and newer desktops and servers
• Client part of Windows
• Linux Clients available

Question 23

SNMP

Answer 23

Simple Network Management Protocol
Application-layer protocol for managing TCP/IP based
networks
Consists of a manager and agents that run as a service on
many devices from workstations, to routers, to printers
Uses “Community Strings” instead of passwords
• Read community strings allow a manager to read information from a
system; default read community string is “public”.
• Write community strings allow the manager to make changes to a
system; default write community string is “private”.

Question 24

SMB

Answer 24

Sever Message Block – Port 445
Microsoft’s protocol for network file sharing
Adopted by other operating systems
• Also know as Common Internet File System
• SAMBA allows file sharing using SMB between Linux/UNIX and
Windows