Section 2.1. Addresses on the Internet


2.1. Addresses on the Internet

Each computer on the Internet has a unique identifier in the form of its Internet Protocol (IP) address. This is a 32-bit integer, which we normally represent as four 8-bit integers separated by periods, such as 208.12.16.5.

Numeric addresses are fine for systems administrators who need to set up networks and who like that sort of thing. But for most people, they are impossible to remember and so we have real names for computers, the hostnames that we are all familiar with, such as www.oreilly.com.

The translation between hostnames and IP addresses is handled by the Domain Name System (DNS). For example, when you type a hostname into a browser as part of a URL, the browser converts the name into the corresponding IP address and then uses that to communicate with the web server. The browser queries a DNS server on the network, which looks up the name in its database and returns the numeric address to the browser.

In its simplest form, a DNS server consists of two tables of data and the software necessary to interrogate them. The first table is a list of hostnames and the IP addresses to which they correspond. The second is a list of IP addresses and the hostnames to which they map. Storing the addresses of all computers on the Internet on every server is not practical, so DNS distributes the data across many thousands of servers around the world. If a DNS server receives a query for a hostname that it does not carry data for, it forwards the query to other servers until it finds one that can answer the request. Certain servers are authoritative for particular domains, meaning that they are the ultimate reference for mappings between certain sets of names and numbers. What goes on behind the scenes of DNS can become very complex, especially where the networks of large companies are involved.

I can only scratch the surface of the topic here, but for more information you might consider the books DNS and BIND by Paul Albitz and Cricket Liu and DNS and Bind Cookbook by Cricket Liu, both published by O'Reilly.


2.1.1. IP Addresses

To ensure that computers are uniquely identified, the IP addresses need to be carefully assigned to groups and individuals. This is done in a hierarchical manner across the entire Internet. At the highest level, the Internet Assigned Numbers Authority (IANA) assigns large blocks of addresses to Regional Internet Registries (RIRs). There are four RIRs at present that together cover the entire world. Each of these assigns sub-blocks of addresses to national registries, large network operators, and Internet Service Providers (ISPs). They assign yet smaller address blocks to smaller ISPs, and ultimately your ISP assigns a small address block for your business or a single address for your personal computer.

You can think of these assignments as starting with the high order bits of the 32-bit address and working down. For example, IANA assigned the block 208.0.0.0 through 208.255.255.255, among others, to the RIR responsible for North America. They in turn allocated 208.0.0.0 through 208.35.255.255 to Sprint, one of the large network operators. Sprint assigned 208.12.0.0 through 208.12.31.255 to Seanet, a regional ISP in Seattle, and they in turn assigned 208.12.16.0 through 208.12.16.7 to me.

The usual representation of an IP addressfor example, 208.12.16.5is called dotted-quad , dotted-octet , or dotted-decimal , depending on where you look. I'll use the first of these throughout the book. Sometimes it is useful to think of them as 32-bit binary words and occasionally as single integers. We'll also encounter a related notation for blocks of IP addresses. 208.12.16.x, for example, is shorthand for the block of 256 addresses that start with 208.12.16.0. A more flexible notation looks like this: 208.12.16.0/29. This has an IP address that marks the start of the block followed by a slash and a number called the prefix-length. This is the number of bits, starting at the high end, that have are predefined in this block. The number of low order bits that are available for allocation is 32 minus this number. So in this example there are 3 bits available, which means this subnet has 8 addresses.

2.1.1.1. Databases of IP address blocks

One of the fundamental tasks you will face is figuring out where in the world a particular server is located. An easy way to do this is to look at the IP address. As I have described, large blocks of addresses are assigned to the four RIRs around the world. Their areas of responsibility are as follows:


American Registry for Internet Numbers

ARIN (http://www.arin.net) is responsible for North America, part of the Caribbean, and Sub-Equatorial Africa.


Asia Pacific Network Information Centre

APNIC (http://www.apnic.net) is responsible for countries in Asia and the Pacific Rim, including China, Korea, India, Japan, and Australia.


RIPE Network Coordination Center

RIPE NCC (http://www.ripe.net) covers Europe, the Middle East, Northern Africa, and parts of Asia. RIPE stands for Réseaux IP Européens, which translates into European IP Resources.


Latin American and Caribbean IP Address Regional Registry

LACNIC (http://www.lacnic.net) has responsibility for Latin America and the Caribbean.

The list of top-level assignments of IP addresses can be found here:

http://www.iana.org/assignments/ipv4-address-space

By top-level, I mean the address blocks defined by the leftmost integer in a dotted quad IP address, each of which contains 16,777,216 (256 x 256 x 256) addresses. The list makes interesting reading. Starting in September 1981, many of the initial assignments were to large U.S. corporations such as Ford Motor Company (019.x.x.x) and IBM (009.x.x.x). The RIRs were a later development in the history of the Internet, but once established, they were assigned discrete address blocks. The entire list is too large to include, but here are the main blocks that are directly assigned to each RIR:


ARIN (North America, Southern Africa)

 063.x.x.x072.x.x.x 199.x.x.x 204.x.x.x209.x.x.x 216.x.x.x 


APNIC (Asia, Australasia)

 058.x.x.x061.x.x.x 202.x.x.x203.x.x.x 210.x.x.x211.x.x.x 218.x.x.x222.x.x.x 


RIPE NCC (Europe, Middle East, Northern Africa)

 062.x.x.x 081.x.x.x088.x.x.x 193.x.x.x195.x.x.x 212.x.x.x213.x.x.x 217.x.x.x 


LACNIC (South America)

 200.x.x.x201.x.x.x 

You can use this as a quick reference to see that, for example, 208.12.16.5 falls under the control of ARIN and so is likely to be in North America or Southern Africa. Not very specific, I'll admit, but it can come in quite handy.

2.1.2. Domain Names

The IP address system is clean, elegant, and works very well. But things are less tidy when we look at hostnames and domains. Nobody assigns me the domain craic.com or tells me what hostnames to give my servers. Instead I get to think up a clever domain name, register it so that no one else can use it, and then pick arbitrary names for the computers that reside under that domain name. There is, however, some control over domains.

The Internet Corporation on Assigned Names and Numbers (ICANN ) is the body responsible for assigning the top-level domains, such as .com, .org, and .biz, and for controlling the domain name registries. They are also responsible for the IANA, which I discussed in the previous section. Importantly, ICANN is the arbiter of disputes concerning domain names , usually involving trademark infringement.

ICANN gives its blessing to a large number of domain name registrars around the world, allowing them to accept requests from you and me to register our domain names. Those registrars maintain databases of contact information for domain owners. Many of the smaller registrars use the services of the larger companies to manage their records, effectively acting as retailers in a relationship with a wholesaler. These are the records that you will query when you want to learn who is responsible for a particular web site.

The specific information these registrars make available to the public includes the domain name itself, contact information, the date the domain was created, when it will expire, and when it was last updated. They also include the names of the DNS servers that are authoritative for each domain. But registrars do not tell us anything about the actual hostnames that exist within each domain. That is handled by DNS and, although many registrars also provide that service, it is a completely separate system. It is usually most efficient if your ISP manages your DNS records, as they are responsible for actually assigning the IP addresses.

The contact information for the owners of each domain is potentially the most useful piece of information. Unfortunately, when it comes to those that are involved in Internet scams, we can be pretty confident that their information is bogus. Some domain registrars make an attempt to verify the data, but with most, the effort is half-hearted at best. This lack of verification is a major reason why seemingly blatant fraud can flourish on the Net.

Identifying domain owners has become even more difficult of late due to new privacy services that registrars will provide for an additional fee. These services are intended to protect your privacy and prevent your information from being harvested by spammers. Your postal address, for example, will be replaced by a post office box that is managed by the registrar. They know your real address and will forward only certain types of documents, discarding any junk mail. Similarly, your contact email is replaced with an address at the registrar, which changes periodically. Any mail to that address is filtered for spam and then forwarded on to your real email address.

Individual users might want to use service to protect their personal information. But for a legitimate business like mine, I don't see the point. I want people to know my contact information, and the domain record is just one of several ways that you can find me. If I check on a business and find their information is blocked, then I am suspicious. Of course, spam is a huge problem, but this is not a solution to it. The people that really benefit from these services are the bad guys who can add one more layer of disguise between them and us.



Internet Forensics
Internet Forensics
ISBN: 059610006X
EAN: 2147483647
Year: 2003
Pages: 121

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net