Information Security Internet, Intranet, Extranet Prof. dr. P.M.E. De Bra Department of Computing Science Eindhoven University of Technology Parts / Topics / Issues Basics of Internet technology / Organization Principles of Firewalls / Virtual Private Networks.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Information SecurityInternet, Intranet, Extranet
Prof. dr. P.M.E. De Bra
Department of Computing Science
Eindhoven University of Technology
Internet standards are defined in RFCs.
Informal definition of Internet is rfc 1462:
We look at 1) TCP, 2) IP, 3) UDP and ICMP,
4) Application-level protocols, 5) Ethernet
Example: Mail dialog between client and server
svis01: 220 svis01.win.tue.nl ESMTP Sendmail 8.8.7/1.45 ready at Fri, 5 Feb 1999 23:28:31 +0100 (MET)
wwwis: HELO wwwis.win.tue.nl
svis01: 250 svis01.win.tue.nl Hello wwwis [184.108.40.206], pleased to meet you
wwwis: MAIL From: [email protected]
svis01: 250 [email protected] Sender ok
1xx: command received and being processed
3xx: further action is needed
4xx: temporary error
5xx: permanent error
(HTTP has some slight deviations, see later)
HTTP/1.0 200 OK
Date: Mon, 08 Feb 1999 20:48:51 GMT
Last-Modified: Wed, 23 Sep 1998 ...
< empty line >
< The content of the document follows>
see: RFC 2068
echo $message | sendmail $mail_to
(message and mail_to are form fields)
if the user enters into the mail_to field:
this results in the password file being sent to [email protected]
Moral: do not use environment variables (that are set through forms) without quoting and without checking them.
See also: http://www.byte.com/art/9709/sec5/sec5.htm
Nice intro to Cypherpunk and Mixmaster at: