쥐스킨트의 작은 서재

Computerworm

A computerworm is a standalone malware computer program that replicates itself inorder to spread to other computers. Often, it uses a computer network to spreaditself, relying on security failures on the target computer to access it.Unlike a computer virus, it does not need to attach itself to an existingprogram. Worms almost always cause at least some harm to the network, even ifonly by consuming bandwidth, whereas viruses almost always corrupt or codifyfiles on a targeted computer.

Many worms that have been created aredesigned only to spread, and do not attempt to change the systems they passthrough. However, as the Morris worm and Mydoom showed, even these “payloadfree” worms can cause major disruption by increasing network traffic and other unintendedeffects. A “payload” is code in the worm designed to do more than spread theworm – it might delete files on a host system (e.g., the ExploreZip worm), encryptfiles in a ransomware attack, or send documents via email. A very commonpayload for worms is to install a backdoor in the infected computer to allowthe creation of a “zombie” computer under control of the worm author. Networksof such machines are often referred to as botnets and are very commonly used byspam senders for sending junk email or to cloak their website’s address.Spammers are therefore thought to be a source of funding for the creation ofsuch worms, and the worm writhers have been caught selling lists of IPaddresses of infected machines. Others try to backmail companies or schoolswith threatening DoS attacks.

Users can minimize the threat posed byworms by keeping their computers’ operating system and other software up to date,avoiding opening unrecognized or unexpected email and running firewall andantivirus software.

Backdoors can be exploited by other malware, including worms. Examplesinclude Doomjuice, which can spread using the backdoor opened by Mydoom, and atleast one instance of malware taking advantage of the rootkit and backdoorinstalled by the Sony/BMG DRM software utilized by millions of music CDs priorto late 2005.

Payload

In computing, the payload is the part of the transmitted data that is the actual intended message. Payload does not include information sent with it such as headers or metadata, sometimes referred to as overhead data, sent solely to facilitate payload delivery.

In computer security, payload refers to the part of malware which performs a malicious action. In the analysis of malicious software such as worms, viruses and Trojans, it refers to the software’s harmful results. Examples of payloads include data destruction, messages with insulting text or spurious e-mail messages sent to a large number of people.

The term ‘payload’ is used to distinguish between the ‘interesting’ information in a chunk of data or similar, and the overhead to support it. It is borrowed from transportation, where it refers to the part of the load that ‘pays’: for example, a tanker truck may carry 20 tons of oil, but the fully loaded vehicle weights much more than that – there’s the vehicle itself, the driver, fuel, the tank, etc. It costs money to move all these, but the customer only cares about (and pays for) the oil, hence, ‘pay-load’.

In programming, the most common usage of the term is in the context of message protocols, to differentiate the protocol overhead from the actual data.

Trivial File Transfer Protocol

Trivial File Transfer Protocol (TFTP) is a simple, lockstep, File Transfer Protocol which allows a client to get from or put a file onto a remote host. One of its primary uses is in the early stages of nodes booting from a local area network. TFTP has been used for this application because it is very simple to implement.

Overview

Due to its simple design, TFTP can be easily implemented by small footprint code. It is therefore the protocol of choice for the initial stages of any network booting strategy like BOOTP, PXE, BSDP, etc., when targeting from highly resourced computers to very lower sourced Single-board computers (SBC) and System on a Chip (SoC). It is also used to transfer firmware images and configuration files to network appliances like routers, firewall, IP phones, etc. Today, TFTP is virtually unused for Internet transfers.

TFTP is a simple protocol for transferring files, implemented on top of the UDP/IP protocols using well-known port number 69. TFTP was designed to be small and easy to implement, and therefore it lacks most of the advanced features offered by more robust file transfer protocols. TFTP only reads and writes files from or to a remote server. It cannot list, delete, or rename files or directories and it has no provisions for user authentication. Today TFTP is generally only used on local area networks (LAN).

Local Area Network (LAN)

A local area network (LAN) is a group of computers and associated devices that share a common communications line or wireless link to a server. Typically, a LAN encompasses computers and peripherals connected to a server within a distinct geographic area such as an office or a commercial establishment. Computers and other mobile devices use a LAN connection to share resources such as a printer or network storage.

A local area network may serve as few as two or three users (for example, in a small-office network) or several hundred users in larger office. LAN networking comprises cables, switches, routers andother components that let users connect to internal servers, websites and other LANs via wide area networks.

Ethernet and Wi-Fi are the two primary ways to enable LAN connections. Ethernet is a specification that enables computers to communication with each other. Wi-Fi uses radio waves to connect computers to the LAN. Other LAN technologies, including Token Ring, Fiber Distributed Data Interface and ARCNET, have lost favors as Ethernet and Wi-Fi speeds have increased. The rise of virtualization has fueled the development of virtual LANs, which allows network administrators to logically group network nodes and partition their networks without the need for major infrastructure changes.

From: http://searchnetworking.techtarget.com/definition/local-area-network-LAN

Ethernet

Ethernet is a family of computer networking technologies commonly used in local area networks (LANs) and metropolitan area networks (MANs). It was commercially introduced in 1980 and first standardized in 1983 as IEEE 802.3, and has since been refined to support higher bit rates and longer link distances. Over time, Ethernet has largely replaced competing wired LAN technologies such as token ring, FDDI and ARCHNET.

The original 10BASE5 Ethernet uses coaxial cable as a shared medium, while the newer Ethernet variants use twist pair and fiber optic links in conjunction with hubs or switches. The Ethernet standards comprise several wiring and signaling variants of the OSI physical layer in use with Ethernet.

Systems communicating over Ethernet dividea stream of data into shorter pieces called frames. Each frame contains source and destination addresses, and error-checking data so that damaged frames can be detected and discarded; most often, higher-layer protocols trigger retransmission of lost frames. As per the OSI model, Ethernet provides services up to and including the data link layer.

Wide area network

A wide area network (WAN) is a telecommunication network or computer network that extends over a large geographical distance.Wide area networks are often established with leased telecommunications circuits.

Business, education and government entitiesuse wide area networks to relay data among staff, students, clients, buyers, and suppliers from various geographical locations. In essence, this mode of telecommunication allows a business to effectively carry out its daily function regardless of location. The Internet may be considered a WAN.

Related terms for other types of networks are personal area networks (PANs), local area networks (LANs), campus area networks (CANs), or metropolitan area networks (MANs) which are usually limited to a room, building, campus or specific metropolitan area respectably.

Design options

The textbook definition of a WAN is a computer network spanning regions, countries, or even the world. However, in terms of the application of computer networking protocols and concepts, it maybe best to view WANs as computer networking technologies used to transmit data over long distances, and between different LANs, MANs and other localized computer networking architectures. This distinction stems from the fact that common LAN technologies operating at Layer 1/2 (such as the forms of Ethernet or WiFi) are often designed for physically proximal networks, and thus cannot transmit data over tens, hundreds or even thousands of miles or kilometers.

WANs do not just necessarily connect physically disparate LANs. A CAN, for example, may have a localized back bone of a WAN technology, which connects different LANs within a campus. This could be to facilitate higher bandwidth applications, or provide better functionality for users in the CAN.

WANs are used to connect LANs and other types of networks together, so that users and computers in one location can communicate with users and computers in other locations. Many WANs are built for one particular organization and are private. Others, built by Internet services providers, provide connections from an organization’s LAN to the Internet. WANs are often built using leased lines. At each end of the leased line, a router connects the LAN on one side with a second router within the LAN on the other. Leased lines can be very expensive. Instead of using leased lines, WANs can also be built using less costly circuit switching or packet switching methods. Network protocols including TCP/IP deliver transport and addressing functions. Protocols including Packet over SONET/SDH, MPLS, ATM and Frame Relay are often used by service providers to deliver the links that are used in WANs.

Intranet

An intranet is a private network accessible only to an organization’s staff. Generally a wide range of information and services from the organization’s internal IT systems are available that would not be available to the public from the Internet. A company-wide intranet can constitute an important focal point of internal communication and collaboration, and provide a single starting point to access internal and external resources. In its simplest from an intranet is established with the technologies for local area networks (LANs) and wide area networks (WANs).

Token ring

Token ring local area network (LAN) technology is a communications protocol for local area networks. It uses a special three-byte frame called a “token” that travels around a logical “ring”of work stations or servers. This token passing is a channel access method providing fair access for all stations, and eliminating the collisions of contention-based access methods.

Comparison with Ethernet

Ethernet and Token ring have some notable differences:

-      Token Ring access is more deterministic, compared to Ethernet’s contention-based CSMA/CD

-      Ethernet supports a directcable connection between two network interface cards by the use of a crossover cable or through auto-sensing if supported. Token ring does not inherently support this feature and requires additional software and hardware to operateon a direct cable connection setup.

-      Token ring eliminate collision by the use of a single-use token and early token and early token release to alleviate the down time. Ethernet alleviates collision by carrier sense multiple access and by the use of an intelligent switch; primitive Ethernet devices like hubs can precipitate collisions due to repeating traffic blindly.

Packet switching

Packet switching is a digital networking communications method that groups all transmitted data into suitably sized blocks, called packets, which are transmitted via a medium that may be shared by multiple simultaneous communication sessions. Packet switching increases network efficiency, robustness and enables technological convergence of many applications operating on the same network.

Packets are composed of a header and payload. Information in the header isused by networking hardware to direct the packet to its destination where the payload is extracted and used by application software.

Concept

A simple definition of packet switching is: The routing and transferring of data by means of addressed packets so that a channel is occupied during the transmission of the packet only, and upon completion of the transmission the channel is made available for the transfero f other traffic.

Packet switching features delivery of variable bit rate data streams, realized as sequences of packets, over a computer network which allocates transmission resources as needed using statistical multiplexing or dynamic bandwidth allocation techniques. When traversing network nodes, such as switches and routers, packets are buffered and queued, resulting in variable latency and throughput depending on the link capacity and the traffic load on the network.

Packet switching contrasts with another principal networking paradigm, circuit switching, a method which pre-allocates dedicated network bandwidth specifically for each communication session, each having a constant bit rate and latency between nodes. In cases of billable services, such as cellular communication services, circuit switching is characterized by a fee per unit of connection time, even when no data is transferred, while packet switching may be characterized by a fee per unit of information transmitted, such as characters, packets, or messages.

Packet mode communication may be implemented with or without intermediate forwarding nodes (packet switches or routers). Packets are normally forwarded by intermediate network nodes asynchronously using first-in, first-out buffing, but may be forwarded according to some scheduling discipline for fair queuing, traffic shaping, or for differentiated or guaranteed quality of service, such as weighted fair queuing or leaky bucket. In case of a shared physical medium (such as radio or 10BASE5), the packets may be delivered according to a multiple access scheme.

Stream Control Transmission Protocol

In computer networking, the Stream Control Transmission Protocol (SCTP) is a transport-layer protocol, serving in a similar role to the popular protocols TCP and UDP.

SCTP provides some of the same service features of both: it is message-oriented like UDP and ensures reliable, in-sequence transport of messages with congestion control like TCP; it differs from these in providing multi-homing and redundant paths to increase resilience and reliability.

In the absence of native SCTP support in operating systems it is possible to tunnel SCTP over UDP, as well as mapping TCP API calls to SCTP ones. The reference implementation was released as part of FreeBSD version 7. It has subsequently been widely ported.