- ... Department
- UNAM (Universidad Nacional Autónoma de México) is the largest and most
important University in Mexico. Within DGSCA (Dirección General de Servicios
de Cómputo Académico), its largest computer related division, lies the Computer
Security Department, the most serious and important emergency response team
and computer security research area in Mexico. Its URL is http://www.asc.unam.mx
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... inspection
- Analyzing each incoming packet, working not only on source and destination
of the packages, but keeping track on whether the connection was originated
by which party (often allowing outbound connections while rejecting inbound
connections) and the packet sequence (avoiding, to a certain degree, connection
hijacking).
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... MacOS.
- MacOS X is a full-fledged BSD-derived Unix system, and users are encouraged
to take advantage of that fact. Although MacPerl is available for older MacOS
versions, it is not reccomended anymore because of the lacking functionality
the old MacOS enviroment imposed on its development; regular Perl should be
used instead.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... character.
- For most TCP/IP protocols, the new line character is a carriage return
followed by a line feed, also written as CR-LF or \r\n
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... free
- Free as in freedom, not only price. The author reccomends always using
free software, for it is almost always more thoroughly tested, secure and efficient
than any propietary counterpart. Choosing free software also allows any people
interested in contributing to the project to do so with the least hassle possible.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... projects.
- Quoting Larry Wall, the inventor of Perl: Perl makes easy things
easy, and difficult things possible.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... innecesarily
- There are several ways of compiling Perl code. However, as of Perl version
5.005, they are still regarded as experimental. With the recent announcement
of Perl version 5.6 this may change, but until the new version is thoroughly
tested and has a wide user base, the author decided to stick with 5.005's limitations.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... requests
- A computer suffering a Denial of Service (DoS) attack means
it is being purposefully presented with many more requests than it can handle
at a time, thus overloading it and forcing it to deny service to legitimate
users. Using technology available today, a DoS attack is very difficult to detect,
and even harder to stop.
In March 2000 the first reports of Distributed Denial of Service (DDoS)
surfaced. They refer to a variety of DoS attack which is not carried out by
a single computer, but by many simultaneous, being much stronger than any previously
reported DoS.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...
systems.
- Legally, Linux, FreeBSD, NetBSD and OpenBSD are not Unix systems, even
though they behave as if they were. This is because Unix is a registered trademark
of Bell Labs, and royalties have not been paid to use the Unix name. They do,
however, adhere to the POSIX standard which defines Unix systems. Thus, they
are referred to as Unix-like, but anything regarding Unix applies also
to these operating systems.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... ssh
- ssh --secure shell-- is a relatively recently introduced
protocol designed to replace and enhance telnet and the r-commands (rlogin,
rcp, rsh). They require replacement because they are protocols which transmit
information in clear text, applying no encryption and thus allowing
anyone connected to the same network as the host or the client to intercept
all of the information, or even --with relatively trivial cracking utilities--
to hijack the connection. ssh also enhances telnet and rlogin by providing encrypted
tunnels by which other protocols --usually, X-Window sessions-- can be routed,
while encrypting also their information. It includes also scp, designed to allow
encrypted file transfers between computers.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... IETF.
- RFC stands for Request For Comments, IETF stands for Internet Engineering
Task Force
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... client
- Client is defined as the computer requesting a service, regardless of
its formal role
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... server
- A server, likewise, is the computer attending the request from a client
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... politeness.
- Although nowadays SMTP is practically only used over a TCP/IP protocol
stack, RFC 821 contemplates other possible network protocols, such as the Arpanet's
NCP (Network Control Protocol), X.25 and NITS (Network Independent
Transport Service).
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... lockable
- Every serious multiuser operating system will allow for a method of
telling if a file is currently in use and denying write access to it, in order
to preserve the file's integrity.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... host
- defined with the .rhosts file in the user's home directory or with the
hosts.equiv file in the server's /etc directory. This is not reccomended in
open or large networks, as a simple IP spoofing may very easlily compromise
the systems' security
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...undef
- The value undef is a special value used by Perl to indicate
that a variable has no value. It is analogue to C's NULL. Note that
undef is not equal to zero -- undef is undef.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... forks
- In Unix, a process can continue part of its execution in the background
detaching itself from the main part by calling the fork() system call.
A new process ID (PID) is given to the newly created process (referred
to as the child process). The base process (referred to as the parent
process) gets the child PID number and continues execution.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... itself
- Garbage collection is the process of freeing up unused chunks of memory,
closing files and sockets when they are no longer referenced and taking care
of destroying unneeded objects. One of Perl's greatest strengths is that it
will handle all the garbage collection for us. However, it is considered a good
programming practice to always close what has been opened and destroy every
unused object. This can also be useful when restarting or reconfiguring the
wrapper: Instead of restarting the program or sending the necessary instructions
to modify the current wrapper object's behavior, sometimes it is much easier
to destroy the object and create it again.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... system
- For a complete list of signals, refer to the signal(7) man page on most
Unix and Unix-like systems. 19 signals are defined in the POSIX .1 definition,
and many more are supported by most systems.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...caught
- Catching a signal means that when the signal arrives to the process,
the process can decide to call a function to handle the event instead of following
the default action, which usually is to terminate the process
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... cluster
- A cluster is any number of computers which appear to be only one, either
by using special hardware architecture or software dedicated to join them.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... Mosix
- for more details, visit http://www.beowulf.org/ for Beowulf, http://www.mosix.cs.huji.ac.il/
for Mosix
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... 192.168.0.254
- The IP addresses were not randomly chosen; networks 10.x.x.x, 172.16.x.x
to 172.31.x.x and 192.168.x.x are reserved for private, internal use. For more
information on this, please check RFC 1918, Address Allocation
for Private Internets, Y. Rekhter et. al.
There is also an implicit standard between many network administrators, making
their routers and firewalls use the highest available IP addresses of each subnetwork.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ... port.
- Please note that, while the ipchains line in rc.local
forbids any incoming connection to reach port 10025 on IP address 192.168.0.1,
the wrapper's destination IP address is 127.0.0.1, which not only is easily
accesible from within the server, not being affected by this rule, but also
is inaccessible from any outside machine.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.