KONSEP SUBNETTING IP ADDRESS UNTUK EFISIENSI INTERNET

Jumlah IP Address sangat terbatas, apalagi jika harus memberikan alamat semua host di Internet. Oleh karena itu, perlu dilakukan efisiensi dalam penggunaan IP Address supaya dapat mengalamati semaksimal mungkin host yang ada dalam satu jaringan. Konsep subnetting dari IP Address merupakanteknik yang umum digunakan di Internet untuk mengefisienkan alokasi IP Address dalam sebuah jaringan supaya bisa memaksimalkan penggunaan IP Address. Routing & konsekuensi logis lainnya akan terjadi dengan lebih effisien dengan metoda subnetting yang baik. Tulisan ini akan menyorot secara seksamakonsep / cara melakukan subnetting pada IP Address

Adding Packet Radio to the Ultrix Kernel

This paper describes the results of a project in which the standard Amateur Packet Radio network link layer protocol, AX.25 (a modified version of X.25), was added to the Ultrix kernel. By implementing AX.25 under Ultrix, and by taking advantage of the IP implementations that already exist for PCs, it is possible for packet radio users with PCs to access IP-based services running on our server and on the Internet. A MicroVAX is being used as an IP gateway for an Amateur Packet Radio network that stretches from Seattle to Tacoma. 1. Introduction Packet Radio is an increasingly active area of experimentation among amateur radio operators. Stations consist of a radio transceiver connected to a terminal or a computer by means of a device known as a Terminal Node Controller (TNC). The TNC is essentially a modem. It "packetizes" data in a manner conforming to the AX.25 link layer protocol, provides a command interpreter, and has a primitive network layer protocol for use with terminals unab..

Network connection blocker, method, and computer readable memory for monitoring connections in a computer network and blocking the unwanted connections

A network connection blocker for monitoring connections between host computers in a network and blocking the unwanted connections. The host computers transmit connection packets between each other in accordance with a network protocol suite when seeking to establish, providing network services with, and close the connections. The network protocol suite includes a connection oriented transport layer protocol. The network connection blocker comprises a network interface that receives the connection packets transmitted between the host computers. It also comprises a blocking module that processes the received connection packets to detect the unwanted connections. The blocking module then generates connection packets in accordance with the network protocol suite to cause the detected unwanted connections to be closed by the corresponding host computers between which are the unwanted connections. The network interface then transmits the generated connection packets to these host computers

Truth of D-DoS Attacks in MANET

Network security is a weak link in wired and wireless network systems. Malicious attacks have caused tremendous loss by impairing the functionalities of the computer networks.Denial of Service (DoS) and Distributed DoS (DDoS) attacks are two of the most harmful threats to the network functionality. Mobile Ad Hoc Networks (MANET) are even more vulnerable to such attacks.. Denial of Service (DoS) is the degradation or prevention of legitimate use of network resources. The wireless ad hoc network is particularly vulnerable to DoS attacks due to its features of open medium, dynamic changing topology,cooperative algorithms,decentralization of the protocols, and lack of a clear line of defense is a growing problem in networks today. Many of the defense techniques developed on a fixed wired network are not applicable to this new mobile environment. How to thwart the DoS attacks differently and effectively and keep the vital security-sensitive ad hoc networks available for its intended use is essential

Privacy Protection and Mobility Enhancement in Internet

Indiana University-Purdue University Indianapolis (IUPUI)The Internet has substantially embraced mobility since last decade. Cellular data network carries majority of Internet mobile access traffic and become the de facto solution of accessing Internet in mobile fashion, while many clean-slate Internet mobility solutions were proposed but none of them has been largely deployed. Internet mobile users increasingly concern more about their privacy as both researches and real-world incidents show leaking of communication and location privacy could lead to serious consequences. Just the communication itself between mobile user and their peer users or websites could leak considerable privacy of mobile user, such as location history, to other parties. Additionally, comparing to ordinary Internet access, connecting through cellular network yet provides equivalent connection stability or longevity. In this research we proposed a novelty paradigm that leverages concurrent far-side proxies to maximize network location privacy protection and minimize interruption and performance penalty brought by mobility.To avoid the deployment feasibility hurdle we also investigated the root causes impeding popularity of existing Internet mobility proposals and proposed guidelines on how to create an economical feasible solution for this goal. Based on these findings we designed a mobility support system offered as a value-added service by mobility service providers and built on elastic infrastructure that leverages various cloud aided designs, to satisfy economic feasibility and explore the architectural trade-offs among service QoS, economic viability, security and privacy

A System to detect suspicious activities in network traffic

Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Technology (MSIT) at Strathmore UniversityModern enterprise networks have become targets of attacks from Internet malware including worms, self-propagating bots, spamming bots, client-side infects (drive-by downloads) and phishing attacks. The results of a cyber-attack which include loss of company information, theft of money, costs of repairing the affected systems and perhaps damage to the reputation of the organization, can be devastating. However, with the right tools, security can dissect suspicious traffic to detect these attacks. When a company institutes a good method of network security surveillance, security analysts could be alerted within minutes of problems occurring in good time. It is with this aim that this study sought to research and develop a simple and robust system that could be used to detect suspicious activities in network traffic. Specifically, the study sought to; Discuss and analyze suspicious activities in network traffic and devices; analyze the existing techniques used to detect suspicious activities in network traffic; develop a system for detecting suspicious activities in a network traffic; and validate the proposed system. The study adopted an experimental design. The experiment was conducted on an Ubuntu machine running 16.04 LTS where Snort was installed alongside PulledPork, Barnyard2 and BASE to act as the Web GUI. ICMP large packets were sent to the network for detection and the system was able to detect, analyze and report them on the BASE GUI. The target population for this study was network traffic. The researcher generated the network traffic through sending data packets across the networks. The network traffic was analyzed by using the network security tools analyzed by the researcher and chosen based on their availability and compatibility with one another to come with the desired setup. This research was not aimed at reinventing the wheel but offering major improvement through precise feedback on what network administrators across different organizations could identify as suspicious activities in their network

BloomCasting for publish/subscribe networks

Publish/subscribe has been proposed as a way of addressing information as the primary named entity in the network. In this thesis, we develop and explore a network architecture based on publish/subscribe primitives, based on our work on PSIRP project. Our work is divided into two areas: rendezvous and Bloomcasting, i.e. fast Bloom filter-based forwarding architecture for source-specific multicast. Taken together these are combined as a publish/subscribe architecture, where publisher and subscriber matching is done by the rendezvous and Bloom filter-based forwarding fabric is used for multicasting the published content. Our work on the inter-domain rendezvous shows that a combination of policy routing at edges and an overlay based on hierarchical distributed hash tables can overcome problems related to incremental deployment while keeping the stretch of queries small and that it can solve some policy related problems that arise from using distributed hash tables in inter-domain setting. Bloom filters can cause false positives. We show that false positives can cause network anomalies, when Bloom filters are used for packet forwarding. We found three such anomalies: packet storms, packet loops, and flow duplication. They can severely disrupt the network infrastructure and be used for denial-of-service attacks against the network or target services. These security and reliability problems can be solved by using the combination of three techniques. Cryptographically computed edge pair-labels ensure that an attacker cannot construct Bloom filter-based path identifiers for chosen path. Varying the Bloom filter parameters locally at each router prevents packet storms and using bit permutations on the Bloom filter locally at each router prevent accidental and malicious loops and flow duplications.Yksi Internetin puutteista on se, ettei ole mitään kaikille sovelluksille yhteistä tapaa nimetä informaatiota. Julkaisija/tilaaja-malli on yksi ehdotus, jolla Internet-arkkitehtuuria voisi muuttaa tämän puutteen korvaamiseksi. Väitöskirjassani kehitän julkaisija/tilaaja-malliin pohjautuvan verkkoarkkitehtuurin, joka pohjautuu työlleni PSRIP-projektissa. Arkkitehtuuri koostuu kohtaamisjärjestelmästä, joka yhdistää julkaisijat ja tilaajat, ja Bloom-suodattimiin pohjautuvasta monen vastaanottajan viestintäkanavasta, jolla julkaistu sisältö toimitetaan tilaajille. Internetin kattavalla kohtaamisjärjestelmällä on korkeat vaatimukset. Tutkin kahta erilaista menetelmää: paikallisiin reitityspolitiikoihin pohjautuvaa järjestelmää ja toinen hajautettuihin hajautustauluihin pohjautuvaa järjestelmää. Ensimmäisen haasteena on skaalautuvuus erityisesti silloin, kun kaikki Internetin verkot eivät osallistu järjestelmän ylläpitoon. Jälkimmäinen on ongelmallinen, sillä siihen pohjautuvat järjestelmät eivät voi taata, mitä reittiä julkaisu ja tilaus -viestit kulkevat järjestelmässä. Näin viesti saattaa kulkea myös julkaisijan tai tilaajan kilpailijan verkon kautta. Ehdotan väitöskirjassani menetelmää, joka yhdistää reunoilla politiikkaan pohjautuvan julkaisu/tilaaja reitityksen ja verkon keskellä yhdistää nämä erilliset saarekkeet hierarkista hajautettua hajautustaulua hyödyntäen. Julkaisujen toimittamiseen tilaajille käytän Bloom-suodattimiin pohjautuvaa järjestelmää. Osoitan väitöskirjassani, että Bloom-suodattimien käyttö pakettien reitittämiseen voi aiheuttaa verkossa merkittäviä vikatilanteita, esimerkiksi pakettiräjähdyksen, silmukan, tai samaan vuohon kuuluvien pakettien moninkertaistumisen. Nämä ongelmat aiheuttavat verkolle turvallisuus- ja luotettavuusongelmia, jotka voidaan ratkaista kolmen tekniikan yhdistelmällä. Ensinnäkin, Bloom-suodattimiin laitettavat polun osia merkitsevät nimet lasketaan kryptografiaa hyödyntäen, ettei hyökkääjä kykene laskemaan Bloom-suodatinta haluamalleen polulle ilman verkon apua. Toisekseen, reitittimet määrittävät Bloom suodatinparametrit paikallisesti siten, ettei pakkettiräjähdyksiä tapahdu. Kolmannekseen, kukin reititin uudelleen järjestelee Bloom-suodattimen bitit varmistaen, ettei suodatin ole enää sama, jos paketti kulkee esimerkiksi silmukan läpi ja palaa samalle takaisin samalle reitittimelle.