Tag Archives: protocols

Web Proxy Autodiscovery Protocol

Posted on by

The Web Proxy Auto-Discovery Protocol (WPAD) is a method used by clients to locate a URL of a configuration file using DHCP and/or DNS discovery methods. Once detection and download of the configuration file is complete it can be executed to determine the proxy for a specified URL. The WPAD protocol only outlines the mechanism for discovering the location of this file, but the most commonly deployed configuration file format is the Proxy auto-config format originally designed by Netscape in 1996 for Netscape Navigator 2.0.[1] The WPAD protocol was drafted by a consortium of companies including Inktomi Corporation, Microsoft Corporation, RealNetworks, Inc., and Sun Microsystems, Inc.. WPAD is documented in an INTERNET-DRAFT which expired in December 1999.[2] However WPAD is still supported by all major browsers.[3][4] WPAD was first included with Internet Explorer 5.0.

via Web Proxy Autodiscovery Protocol – Wikipedia, the free encyclopedia.

iSNS: Technical overview of discovery in IP SANs

Posted on by

The three main protocols for IP SANs are Fibre Channel over IP (FCIP), Internet Fibre Channel Protocol (iFCP), and Internet SCSI (iSCSI). As shown in Figure 1, the iSCSI, iFCP, and FCIP protocols support a serial SCSI-3 interface to the standard SCSI command set expected by the operating system and upper-layer applications. This allows conventional storage I/O to be performed over a high-performance gigabit transport. Serial SCSI-3 transactions are carried over TCP/IP, although only iFCP and iSCSI leverage native TCP/IP for each storage end device. Each IP storage protocol has unique requirements for discovery.

via iSNS: Technical overview of discovery in IP SANs.

Stanford researchers discover the ‘anternet’

Posted on by

On the surface, ants and the Internet don’t seem to have much in common. But two Stanford researchers have discovered that a species of harvester ants determine how many foragers to send out of the nest in much the same way that Internet protocols discover how much bandwidth is available for the transfer of data. The researchers are calling it the “anternet.”

via Stanford researchers discover the ‘anternet’.

Content-Centric Networking

Posted on by

CCN directly routes and delivers named pieces of content at the packet level of the network, enabling automatic and application-neutral caching in memory wherever it’s located in the network. The result? Efficient and effective delivery of content wherever and whenever it is needed.  Since the architecture enables these caching effects as an automatic side effect of packet delivery, memory can be used without building expensive application-level caching services.

via Content-Centric Networking – PARC, a Xerox company.

Dropbox – What is LAN sync?

Posted on by

Well, when you add a file to your computer’s Dropbox, the file is then synced with Dropbox servers. Dropbox will then initiate the syncing process as soon as it determines a change has been made to the file. All linked computers and shared folders will then download any new version of the file. With LAN syncing, Dropbox will look for the new file on your Local Area Network first, bypassing the need to download the file from Dropbox servers, thus speeding up the syncing process considerably.

via Dropbox – What is LAN sync? – Simplify your life.

I’m not quite sure if this is a good idea.

From: http://tools.cisco.com/security/center/viewAlert.x?alertId=23896

When synchronizing user data and communicating with the host service, a Dropbox client normally uses TCP port 443.  In addition, the application may also use UDP and TCP port 17500 for communication via the Dropbox LanSync Protocol.

And…

Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that could detect the presence of Dropbox in a network.

IPID

Posted on by

    The 16-bit IPID field carries a copy of the current value of a counter in a host’s IP stack. Many commercial operating systems (including various versions of Windows and Linux versions 2.2 and earlier) implement this counter as a global counter. That is, the host maintains a single IPID counter that is incremented (modulo 216 ) whenever a new IP packet is generated and sent. Other operating systems implement the IPID counter as a per-flow counter (as is done in the current version of Linux), as a random number, or as a constant, e.g., with a value of 0 ([1]).

From: ftp://gaia.cs.umass.edu/pub/Chen04_IPID.pdf

From: Fun with IP Identification Field Values

RFC 791 gives a description about the IP Identification field.

The identification field value is used to uniquely identify the fragments of
a particular datagram. Fragments of a particular datagram are assembled if
they have the same source, destination, protocol, and Identifier. The
identifier is being chosen to be unique for this “this source, destination
pair and protocol for the time the datagram (or any fragment of it) could be
alive in the internet”[1].

Intro to OpenFlow

Posted on by

In a classical router or switch, the fast packet forwarding (data path) and the high level routing decisions (control path) occur on the same device. An OpenFlow Switch separates these two functions. The data path portion still resides on the switch, while high-level routing decisions are moved to a separate controller, typically a standard server. The OpenFlow Switch and Controller communicate via the OpenFlow protocol, which defines messages, such as packet-received, send-packet-out, modify-forwarding-table, and get-stats.

via Intro to OpenFlow.

OpenFlow allows you to easily deploy innovative routing and switching protocols in your network. It is used for applications such as virtual machine mobility, high-security networks and next generation ip based mobile networks.

Not as SPDY as You Thought

Posted on by

Previous benchmarks tout great benefits, ranging from making pages load 2x faster to making mobile sites 23% faster using SPDY and HTTPS than over clear HTTP. However, when testing real world sites I did not see any such gains. In fact, my tests showed SPDY is only marginally faster than HTTPS and is slower than HTTP.

Why? Simply put, SPDY makes HTTP better, but for most websites, HTTP is not the bottleneck.

via Guy’s Pod » Blog Archive » Not as SPDY as You Thought.

If you’re a website owner, the first thing you should do is adjust your expectations. Switching your site to SPDY will move you forward, but it will not make your site much faster. To get the most out of SPDY, you should work to reduce the number of domains on your page, and to address other front-end bottlenecks. Doing so is a good move anyway, so you wouldn’t be wasting your time.

Flame Malware Hijacks Windows Update Mechanism

Posted on by

According to Symantec’s Security Response team, the Snack module sniffs NetBIOS requests on the local network. NetBIOS name resolution allows computers to find each other on a local network via peer-to-peer, opening up an avenue for spoofing.

“When clients attempt to resolve a computer name on the network, and in particular make WPAD (Web Proxy Auto-Discovery Protocol) requests, Flamer will claim it is the WPAD server and provide a rogue WPAD configuration file (wpad.dat),” Symantec noted. “NetBIOS WPAD hijacking is a well-known technique and many publicly available hack tools have implemented the technique.”

via Flame Malware Hijacks Windows Update Mechanism | SecurityWeek.Com.

This is why automatic Windows updates should always be off.  Only update manually when you know your network is secure.