Introduction
A powerful tool for network troubleshooting but also a potential weakness from an Information Assurance perspective is the ability to communicate directly with an application simply by addressing its well-known port. Unless the protocol being used includes provision for access control or access is restricted externally to the protocol (using a firewall, for example) the remote client can obtain any service specified by the protocol. Two such applications which use human readable protocols are HTTP and SMTP. For this assignment you will use telnet to establish the direct port connection and emulate a client using each of these two protocols.
Activities and Deliverables
A. Emulating a Web Browser
1. Use Telnet to connect to Google or other commonly available Internet address via port 80.
2. Send an HTTP GET request for the default page.
a. If you get a prompt for username and password that probably means you are not telnetting to port 80.
3. Include a copy of up to 25 lines of what is received back with your paper.
4. Answer the following questions in your submitted paper:
a. What is the last modified date of the object received?
b. What Web server process software is used by the host of the Web site?
C. Discussion
The protocols for both SMTP and HTTP have been designed as a structured syntactic dialogue, which makes programming and troubleshooting much easier because the protocols are both human- and machine-readable. Use of such a syntax has implications in the area of information assurance and this exercise is partially intended to make you aware of just how easy it is to take advantage of such a design. It is likewise arguable that making these protocols this "simple" is one of the reasons they have become widely adopted and fairly firmly entrenched from a practical viewpoint.
D. Written Assignment
Prepare a brief paper (suggested length of two to four pages) reporting on your activities in accomplishing these tasks and the level of difficulty you associate with them.
Include in your paper a discussion of the plusses and minuses of this structured syntactic dialogue as a means of standardizing a protocol. How many of the negatives that you identify exist for any protocol standardization and not just for this approach?
Include an analysis of the security and privacy implications of the "simple" nature of these protocols. What measures can be employed to mitigate the risks posed by the design? This part of your paper should be at least two or three paragraphs in length.
Appendix 1: HTTP and Conditional GET Message Syntax
Note that when using Telnet to connect to port 80, you must remember that HTTP was designed as a protocol for machine-to-machine communication. Because a carriage return by itself is interpreted as the end of a command stream and the connection is usually set up to close after executing one command stream, sending an extra return will usually terminate your Telnet session. Additionally, characters are.
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
IntroductionA powerful tool for network troubleshooting but also.docx
1. Introduction
A powerful tool for network troubleshooting but also a potential
weakness from an Information Assurance perspective is the
ability to communicate directly with an application simply by
addressing its well-known port. Unless the protocol being used
includes provision for access control or access is restricted
externally to the protocol (using a firewall, for example) the
remote client can obtain any service specified by the protocol.
Two such applications which use human readable protocols are
HTTP and SMTP. For this assignment you will use telnet to
establish the direct port connection and emulate a client using
each of these two protocols.
Activities and Deliverables
A. Emulating a Web Browser
1. Use Telnet to connect to Google or other commonly available
Internet address via port 80.
2. Send an HTTP GET request for the default page.
a. If you get a prompt for username and password that probably
means you are not telnetting to port 80.
3. Include a copy of up to 25 lines of what is received back
with your paper.
4. Answer the following questions in your submitted paper:
a. What is the last modified date of the object received?
b. What Web server process software is used by the host of the
Web site?
C. Discussion
The protocols for both SMTP and HTTP have been designed as
a structured syntactic dialogue, which makes programming and
troubleshooting much easier because the protocols are both
human- and machine-readable. Use of such a syntax has
implications in the area of information assurance and this
2. exercise is partially intended to make you aware of just how
easy it is to take advantage of such a design. It is likewise
arguable that making these protocols this "simple" is one of the
reasons they have become widely adopted and fairly firmly
entrenched from a practical viewpoint.
D. Written Assignment
Prepare a brief paper (suggested length of two to four pages)
reporting on your activities in accomplishing these tasks and the
level of difficulty you associate with them.
Include in your paper a discussion of the plusses and minuses of
this structured syntactic dialogue as a means of standardizing a
protocol. How many of the negatives that you identify exist for
any protocol standardization and not just for this approach?
Include an analysis of the security and privacy implications of
the "simple" nature of these protocols. What measures can be
employed to mitigate the risks posed by the design? This part of
your paper should be at least two or three paragraphs in length.
Appendix 1: HTTP and Conditional GET Message Syntax
Note that when using Telnet to connect to port 80, you must
remember that HTTP was designed as a protocol for machine-to-
machine communication. Because a carriage return by itself is
interpreted as the end of a command stream and the connection
is usually set up to close after executing one command stream,
sending an extra return will usually terminate your Telnet
session. Additionally, characters are not echoed by the
destination server. The specification of HTTP is covered in RFC
2616, which is available by one of the methods you've already
used this semester.
Note also that where command words are shown below as all
capitals they must be typed this way, not all lower case or
mixed case.
HTTP Request Message
Syntax:
request line::[method] [URL] [HTTP version]
header line:: [tag]: [value]
3. ...
{extra carriage-return line feed}
There is one request line and as many header lines as needed.
An example request follows. What you type is in bold, but you
should replace such things as the directory name and the
filename with appropriate entries.
GET /directory/file.html HTTP/1.1
Host: hostname.domain.root
Connection: Close
User-agent: Mozilla/4.0
Accept-language:en
Note that there is no response from the host during entry of the
command.
HTTP Response Message
Syntax:
status line::[HTTP version] [status code] [phrase]
header line::[tag]: [value]
{carriage-return line feed}
[Entity body]
By default, the connection is closed unless otherwise specified.
There is one status line and as many header lines as needed,
followed by a null line, followed by the object requested.
An example follows:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 07 Jan 2003 20:15:55 GMT
Content-length: 633
Content-type: text/html
[data, data, data, more data, even more data ...]
Conditional GET
Contains a header:
If-modified-since: date-time See format in HTTP response
example above