Some useful terms
A firewall is a device that will selectively intercept packets,
and forward, drop, or reject them according to configuration. An IDS is
a system that looks for patterns that might be attacks among the network
traffic, and notifies you when it thinks it sees something attack-like.
A honeypot is a system that's deliberately left hackable and then
watched. People do this either to learn about black-hat methods and
behaviour, or to lure them away from the rest of your network. Tripwire
is an integrity checker. It makes sure that the files that were there
last week haven't been monkeyed with, and are still the same files
Ipchains is a packet filter. It decides whether
to forward, drop, or reject packets based upon the ports and IP
addresses alone. Iptables lets you do more than that because it allows
stateful filtering. It can keep track of sessions that originate from
inside the firewall, and allow all traffic in a session to pass through,
but block traffic trying to come in from outside that's not part of a
session. With the strings patch to iptables, you can even filter based
on the contents of the packet -- blocking Nimda and Code Red attempts at
the firewall, for example.
(Malware = viruses, trojans, worms... basically, it's software
designed specifically to harm computers.)
War driving is a relatively recent phenomenon,
since wireless networks started getting popular. Since most people that
install a wireless LAN don't bother to (or can't) dampen the signal
enough that you can't access it outside their building, it's easy to
steal bandwidth. All you have to do is get a laptop with a wireless
card, install Aerosniff (like a packet sniffer, but for wireless
rather than for Ethernet), and literally drive around town looking for
areas with wireless traffic. Once you find one, it's generally trivial
to steal their bandwidth. Hence, war driving.
War driving derives from war dialing,
the practice of having a computer automatically dial a (usually large)
range of telephone numbers, looking for numbers attached to modems - potential targets. "War
dialing" comes from the movie 80's movie "War Games" wherein Matthew Broderick's
character has his computer set up to do this.
There's a lot of confusion
between "hackers" and "crackers" and "h@><0rs" and "black hats" and
"Hacker" originally meant a programmer, or someone interested in
the limits and makeup of systems.
It got co-opted by the press to mean "bad illegal breaker of
systems". It still retains both meanings. Call a geek a hacker, and
they could be complimented, offended, or anywhere in between. But most
people on the street think of the popular "bad geek" meaning.
I use "black hat" preferentially, because it makes a distinction
between the good hackers and the malicious hackers. A white hat hacker,
white-hat for short, is one that shares the interests in programming
and/or testing the limits of systems, but purely for the joy on
knowledge and making those systems better, patching holes, fixing bugs,
etc. A black hat is someone who uses the same knowledge and interests
for their own gain at the expense of others. (There are grey hats, too,
who do both.) If you go to DefCon, Rubi-Con, Black Hat, or SANS (all
security conventions), you'll occasionally see people literally walking
around wearing appropriately colored hats. It's a way of declaring your
A DNS server is responsible for maintaining the records for a particular group of computers (i.e., foo.com). This is called
a zone. The zone might also include the domains www.foo.com, ftp.foo.com, thismachine.foo.com, and thatmachine.foo.com. But
it doesn't have to.
Now, for the sake of redundancy, you usually have two DNS servers looking after a zone. This is in case one blows up or
something. The initial server is called the primary zone server, and the second server (bet you can't guess its name) is
the secondary zone server.
A zone transfer happens when the one machine synchronizes and updates its DNS database with another.
Request For Comments (RFC)
An RFC (Request For Comments) is a standards
document. These are the docs that define how protocols work. When you
hear people trumpeting about how their programs are standards-compliant,
these are the standards. You can read the RFCs online at:
They can be tough going, but if you really really want to know
the canonical "how something works", this is where you go. And some of
them have a sense of humor, too. Every year on April 1st, there's a
great one. Check out the packet over carrier pigeon RFC at:
Network Address Translation (NAT)
Internet <--- [ NAT-enabled firewall ] -------- [ local network ]
public addresses private addresses
The NAT-enabled firewall talks to the Internet using public (and publically
attackable) addresses, but the machines on the local network all have
addresses from private network space that shouldn't be routable on, or
reachable from, the Internet. When a privately addressed machine wants
to reach something on the Internet, the firewall checks its other firewall
rules to make sure that what it wants to do is permissible, and then passes
along the packets, rewriting the return address to something from the
public block, and optionally rewriting the originating port (if it has to
squeeze everybody onto one public address, it will use the ports to tell
which packet is in response to which request).
Copyright (c) 2002 by Raven Alder. This material
may be distributed only subject to the terms and
conditions set forth in the Open Publication License,
v1.0 or later (the latest version is presently
available at http://www.opencontent.org/openpub/).