Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Management of the Internet

Back in the days of the ARPANET and NSFnet, the responsibility for management of things such as IP addresses, domain names, and core DNS servers (or hostname lists, if you go back far enough) was given to various organizations through federal contracts via DARPA and NSF. Several key organizations emerged through these activities, including these:

  • Internet Network Information Center (InterNIC)

  • Internet Engineering Task Force (IETF)

  • Internet Assigned Numbers Authority (IANA)

Dr. Jon Postel, who was a graduate student at the University of California (UCLA) during the early ARPANET days, is fondly remembered as the person who maintained the early libraries of standards, pre-DNS hostname lists, and "magic numbers" lists. The InterNIC allocated IP addresses and domain names, while the IETF and IANA provided the mechanisms for setting protocol standards and defining official lists of important numbers associated with the protocols, respectively.

As the Internet became more commercialized, the U.S. government began the process of shifting management responsibilities away from federally funded companies and organizations and toward a collection of both nonprofit and for-profit entities.

Today, the last ties to the U.S. government have long since been broken, and the Internet is a totally commercial entity. As we already have stated, the physical infrastructure of the Internet is owned by many ISPs that have built and maintain numerous interconnected global and national backbones. A number of both nonprofit and for-profit organizations take care of day-to-day management issues such as these:

  • The allocation of blocks of IP addresses to ISPs around the world

  • The control over the domain name space (a new TLD cannot be created by anyone on the Internet—or, at least, it shouldn't be)

  • The creation of new Internet protocols, such as the "next-generation" version of IP (IPv6) or a secure DNS query-and-response protocol

The various organizations that provide the "big-picture" management functions of the Internet are illustrated in Figure 3.5. Many of the policy organizations are staffed by volunteers who are elected from the public and private sector stakeholders. On the other hand, the efforts that require significant capitol investment, such as maintaining domain name databases, are for-profit enterprises, which compete with each other in the open market.

The ICANN

Many of the historical entities that handled the details of IP address allocation, domain name management, and other broad-ranging technical issues have been consolidated under a nonprofit organization called the Internet Corporation for Assigned Names and Numbers, or ICANN. The ICANN provides a structure for Internet-related businesses, researchers, and technology developers to come to consensus on high-level matters affecting the overall operation of the Internet. The ICANN primarily is concerned with four issues:

  • IP address allocation

  • Protocol development

  • DNS management

  • DNS root server management

Figure 3.5 Internet management authorities.

The work of the ICANN is divided up among three principle support organizations: the DNSO, ASO, and PSO.

Domain Name Supporting Organization (DNSO)

The DNSO is responsible for setting the rules for assigning domain names and managing the top-level domains that we described previously (such as .com and .net). For example, the DNSO conducts the activities required to officially create new TLDs, such as the .biz, .info, and .name domains. Although the DNSO is not the place you go to get a domain name, it does retain the authority to accredit commercial domain name registrars.

In addition, the DNSO takes an active role in ensuring that a number of "root servers" maintained around the world act as the authoritative DNS servers for the .com, .edu, ,org, .gov, and .int TLDs. As of late 2001, there were 13 root servers, 10 in the United States, 2 in Europe, and 1 in Japan.

Address Supporting Organization (ASO)

The ASO is the ultimate authority for the allocation of IP addresses and a few other technical issues surrounding IP networks (such as autonomous system, or AS, numbers). The ASO principally deals with the allocation of large blocks of IP addresses to three regional Internet registries (RIRs):

  • ARIN—American Registry for Internet Numbers, which covers North and South America, the Caribbean, and sub-Saharan Africa

  • RIPE—Reseaux IP Europeens, which covers Europe, Russia, the Middle East, and parts of Africa

  • APNIC—Asian Pacific Network Information Center, which covers the Asia-Pacific nations

The RIRs are then responsible for allocating smaller blocks of IP addresses to local Internet registries (LIRs), which are typically Internet service providers. The RIRs do not actually run any kind of backbone network; they simply manage the broad assignment of IP addresses across regions. For example, the smallest block of IP addresses that the APNIC will allocate is 4,096 addresses. An end user or small ISP can then go to one of the LIRs for an actual IP address assignment.

Protocol Supporting Organization (PSO)

The PSO coordinates the development of new Internet-related protocols. Its principle partners in this effort include the Internet Engineering Task Force (IETF) and the Internet Assigned Numbers Authority (IANA). At the end of the day, the fruits of these efforts are reflected in the Request for Comments documents (more commonly referred to as RFCs), which are the authoritative descriptions of things such as the TCP and IP packet protocols and the HTTP and SMTP application protocols. The IANA maintains a large collection of lists that describe the "magic numbers" associated with these protocols. For example, the detail-oriented reader might want to know what number is used in an IP header to indicate that TCP is being carried in the packet's payload, or which application protocol is associated with TCP port number 80. A quick check of the IANA references will reveal that the answers to these questions are 6 and HTTP, respectively. Any reader who is interested in Internet protocols should become familiar with the IETF and IANA Web sites:

These are the sites where software and network equipment developers go to learn all about the details of putting together valid packets and application data so that one vendor's program or device can interoperate with another's. It is also the place where the more elite "hackers" go to look for opportunities to exploit systems that implement the standards.

The PSO also coordinates with other technical standards bodies, including the WWW Consortium (W3C), the International Telecommunications Union (ITU) and the European Telecommunications Standards Institute (ETSI).

Domain Name Registries

We have established that an ISP provides its customers with their IP address(es), as well as one or more DNS server addresses. After a user has obtained these two things, he is ready to surf the Internet. If a user wants other people to be able to surf to him, then that user needs to reserve a domain name of his own. To do this, the user must contact a commercial domain name registrar and ask whether the desired domain name is available. If it is, then, after the payment of a relatively small annual fee (remember, domain name registration is a competitive, for-profit enterprise nowadays), the registrar will take care of the formalities of assigning the name and entering it in the global system of DNS servers. Finding a domain name registrar is pretty easy—their advertisements can be found on many Web pages.

The first commercial domain name registrar was Network Solutions, Inc. This organization, along with any one of dozens of other registrars, will be happy to handle your request for a .com, .net, .org, .biz, .info, or .name domain name. These registrars also have put in place procedures for handling disputes over the use of copyrighted names—domain name hijacking has become a serious issue for companies that found that they were forced to pay large sums of money to cybersquatters who registered for popular commercial domain names.

A few of the top-level domains are controlled by specific entities. For example, .gov is reserved for U.S. government agencies, and .mil is reserved for the U.S. military. Similarly, the .edu TLD is reserved for educational institutions that meet certain qualifying criteria.

whois Databases

The various Regional Internet Registries, such as ARIN, RIPE, and APNIC, as well as the commercial domain name registrars, maintain "whois" databases that contain information about the people and organizations that register for addresses and domain names. Access to the whois databases is generally open and available through several means:

  • Registry Web sites (for example, ARIN, RIPE, APNIC, Network Solutions)

  • Web sites that provide interfaces to various online network tools (whois queries, DNS queries, and so on)

  • Lookup tools that run on an end user's computer (for example, the whois command on UNIX systems)

These are good databases to get familiar with because they can be quite a useful source of information for performing any kind of investigation into suspicious IP addresses that might be associated with probes of or attacks on a network. Just as a phone number on a caller ID device is not very revealing without the name of a person or company next to it, an IP address on its own also is not very illuminating. Queries to the whois databases can reveal all sorts of interesting information, including the name and street address of the organization that is assigned the IP address, the ISP used, and the names and phone numbers of key IT staff. An example of a whois query and the database response is included in Figure 3.6.

Figure 3.6 A whois query.

Finally, be aware that similar information about you and your domain is available from the whois databases. The whois database is a resource that many hackers use to find IP addresses associated with a network that they want to target. A combination of queries to DNS servers and whois database servers can provide would-be attackers with lists of IP addresses of both public and private servers, and even phone numbers and street addresses of particular individuals in the IT organization. This can come in quite handy for performing less technical hacking operations, such as "dumpster diving" for discarded documents and "social engineering," in which probing phone calls are made to unsuspecting users or employees in an attempt to gather information (or even asking someone at the help desk to reset a "forgotten" password).

  • + Share This
  • 🔖 Save To Your Account