Announcements
- No class Friday, January 24.
- Note new due dates from project 1 and quiz 1.
These work together, where project 1 gets you ready to answer quiz 1.
Quizes
- Quiz 1 posted. Copy [repo]/class/quiz/quiz1.txt to [repo]/my-dir/quiz/quiz1.txt
and edit with your answers.
Due before class on Wed, Jan 29.
- Quiz 2 posted.
Due before class on Wed, Feb 6.
- Quiz 3 posted.
Due before class on Wed, Feb 13.
- Quiz 4 posted.
Due before class on Wed, Feb 26.
- Quiz 5 posted.
Due before class on Wed, Mar 26.
- Quiz 6 posted.
Due before class on Wed, April 2.
- Quiz 7 posted.
Due before class on Wed, April 9.
- Quiz 8 posted.
Due before class on Wed, April 23.
Reading
- Chapters 1 and 2 in Comer.
- Chapter 3 in Comer.
- Read the blog post about addresses.
- Beej's Guide to Network Programming (PDF)
Assignments
- Project 1: Ping Familiarization Project, Part One.
Due: Monday, 27 January.
- Project 1 (completed): Ping Familiarization Project, Part Two.
Due: Monday, 17 February.
- Project 2: Mytftp Project
Due: Monday, 17 March.
- Project 3: Webserver Project
Due: Monday, 7 April
- Information on the HTTP Protocol.
- Implement GET and POST.
- For GET queries you will need to understand percent
encoding.
- First implement a server of fixed pages, then launch processes to handle the request, if it is a POST or
a GET with a query appended.
- To serve a fixed page, the URL will give the name of a file (if it is a pathname, send back a not found
error), and send that back to the client, with the appropriate headers added: Content-Type and Content-Length
are really necessary.
- If the URL is a query or a POST, start the program named in the URL, send the query to the program
through stdin and stream to the requester what the program writes to stdout.
- To direct your browser to test your server, you can use the syntax ec2-50-19-171-60.compute-1.amazonaws.com:3337
for port 3337.
- See information on piping stdin and stdout
for more help with this.
- Project 4: Battleship! on-line
Due: Monday, 28 April
- Write client and server code for an on-line version of Battleship
- This project tests also you ability to design a protocol
- Have a server that keeps track so players can't cheat.
- When it is the player's turn, the interaction is client-server.
- When the player is waiting, it will wait indefinitely on the server which can cause problems.
- Your protocol will have to include abandoning the game, error notifications, start of game notification, etc.
- Work in pairs.
- This is a fun project; please start early because you will probably have to throw one away.
Syllabus
- Textbook: Computer
Networks and Internets, Fifth Edition
by Douglas E Comer (textbook web site)
- 2008 Higher Education Opportunity Act information:
- Amazon
sells it for $114.47. There is no tax and can ship free.
-
Or you can rent it (see the amazon page) for $48.25 the semester.
- The Kindle edition
went up from $61.47, to over $100. What's that about? Doesn't seem worth it.
- At the moment, Amazon will exchange the book for a $65 gift card. If true, your price is only about $55 dollars —
but in that case renting seems surer.
- Course structure:
- The course is project based. There will be pop quizes,
several projects.
- Twitter: http://twitter.com/csc524.
Please follow it — I use it as my private reverse-911 line for the course.
- Blog: Please refer to
http://blog.cs.miami.edu/burt/category/csc524/
for class reading.
- Grader/TA: Muhammad Mansour Nassar, email: muhammad.m.mansour _at_ gmail.com.
- Grading: 30% quizzes, 70% projects. There is a midterm and final survey that is required.
But as it is anonymous it is hard to make it required really.
- Projects are graded on a 5 points scale. There is 3 day's grace for lateness. A project due on the
first has until midnight of the 4-th. Afterwards 1 point is subtracted per week (each 7 days) from that
instant for a maximum of 3 points of lateness.
- Projects:
- Projects are programming projects, done in C on Unix.
- You will share and submit your projects using the departmental subversion site,
svn.cs.miami.edu.
- You will use Makefiles so that the graders an assistants can build your projects
from source, and are guided in your test suites.
- You will make test suites for your code. I want to know what you mean when you
say your project works — what things does it do or not do, according to your
test suites.
- You will gain experience working with a co-located machine (Amazon AWS) thanks to a
grant from Amazon.
- You will also install Virtual Box (or similar) as an alternative platform for your
programming.
- The gold standard will be to compile and run on Ubuntu, Precise Pangolin (12.04 LTS) - although
AWS has their own which I think we be consistent with as well.
- You can also have a lab account if you wish. All these will be synced by subversion
and Makefiles will rebuild on each platform.
- Mac, Windows, Unix: since we are on virtual and cloud machines, these platform considerations
are sidestepped. Except you might want to work local.
- For Mac, download XCode and you should
be mostly fine ... it might get messy with SSL as they have their own framework.
- For Windows
local developement, I recommend installing cygwin. Visual Studio is powerful, but I think it
is Microsoft centric (? anyone know otherwise ?) and outside of that Microsoft didn't really
develop command line development tools (as in ... no grep?). But I've had great results
with Cygwin.
- For a cloud machine, on Mac Textwrangler makes editing a file by sftp as easy as a
localfile.
- Writing credit: optionally the student may elect for wiring credit.
- The requirement for W is three essays each of at least 1500 words
- Topics related to computer communications, or cyberspace,
at least one non-fiction.
- First paper must be submitted by mid-term
- Submit papers in a standard format by subervsion. Place them in a
subdirectory writing-credit.
- Thanks to Amazon for a grant under their AWS
for Education program, to explore cloud computing, and integrate cloud computing
concepts into the course.
Class notes
- Introduction ↓ (more/less)
- OSI Model
(from Ciscio Internetworking Handbook)
- Use of the layered model; Internetworks, LAN, WAN
- Peer to peer communications; up and down the stack
- Encapsulation, demultiplexing
- Switching versus routing, LANS verus WANS, networking versus internetworking
- Protocols for the entire OSI networking stack
- Tools of the trade and network etiquette.
- The IP protocol, Part I ↓ (more/less)
- Discussion of addresses, MAC, IP and DNS (a bit of a lie).
- Addresses, networks, and subnets:
Classful and
CIDR
- Private/Local addresses, Zeroconf addresses.
- NAT, PAT, port forwarding and fixups.
- Discussion of ping and traceroute.
- Sockets and netbounce.
- Other documents:
- Datagram service, UDP ↓ (more/less)
- UDP:
User Datagram Protocol, packet communications.
(RFC 768)
- Port numbers
- Examples of UDP
- The IP Protocol, Part II ↓ (more/less)
- ICMP, ping, traceroute, and host routing tables.
- IP fragmentation
- Address Resolution Protocol (ARP): RFC 826
- Routing Information Protocol (RIP) (version 2) RFC 2453:
- Distance Vector
- Counting to infinity
- Split horizon, poison reverse, triggered updates
- Default routers, subnets, authentication, and RIP2
- RIP protocol
- Routing notes
- OSPF: Link state protocols
- Autonomous systems and BGP
- Connection service, TCP protocol ↓ (more/less)
- TCP: Transmission Control Protocol.
(RFC 793)
- Class notes
- Segment management and acknowledgements (example)
- Connection establishment
- Resend timers, Karn's algorithm
- Congestion control: Slow start and Multiplicative decrease.
(Also, Fast retransmit, and other just-so stories)
See RFC 2001
- Silly window syndrome, Nagel's algorithm
- Network and port address translation
- Email, Web, and SSL ↓ (more/less)
- email: SMTP, 822 headers, and MIME
; POP and IMAP
- Email issues (mostly Spam, but also Phishing)
- HTTP, HTML, CSS, CGI, SHTML, DHTML, and so on.
- CGI test
- Web technologies
- FTP, passive, interaction of protocols
- SSL and the PKI:
SSL Tutorial
- Network Authentication ↓ (more/less)
- Crash course in communication theory ↓ (more/less)
- Link level communications ↓ (more/less)
- Bridges, Switches, Hubs and Repeaters
- Transparent bridges
- Spanning Tree Protocol (pdf)
- VLAN
- Modulation and line codes:
- Ethernet
- Wi-Fi
References
- Additional textbooks:
- Radia Perlman, Interconnects: Bridges, Routers, Switches and Internetworking Protocols.
- Douglas Comer, Internetworking with TCP/IP, Vol I: Principles, Protocols, and Architecture.
- William R. Cheswick and Steven M. Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker.
-
General Networking
- Software engineering for security
- Information and communication
- WEP
- My RC4 example.
- CRC-32 failure of WEP.
- SecurityFocus review
- Attacks on RC4 and WEP, Fluhrer, Mantin, Shamir, Cryptobytes Vol 5., No. 2, 2002, pp 26-34.
- KoreK attacks in chopper.
Korek explains some of them.
- Weakness in the Key Scheduling Algorithm of RC4 Scott Fluhrer, Itsik Mantin, Adi Shamir.
- Using the Fluhrer, Mantin, and Shamir Attack to Break WEP Adam Stubblefield, John Ioannidis, Aviel Rubin.
- AirSnort source code.
- SSL
- Exploits
- Virus
- Open Source Security Response Philosophy
-
Secure Operating Systems
- RFC's
- IPv6
- Port Knocking
- Cookies
- MIT 6.03, Fall 2010, Information and communication theory
- Topics for next term