0

hello
please i read very very very so much about that without finding the thing that can help me to understand it the following is a steps that is happen to hide the true ip of the protected server:
(where the xp is a public server and the AN is an access node and the ps is the protected server with hidden ip)

If the defense is switched ON; Stage 1: clients C1 and C2 ask the DNS about the IP
address of server X (and server Y), respectively, not aware of the defense implementation. The DNS return the public IP address IPXp and IPYp, for the public servers Xp and Yp, respectively. Stage 2: After establishing TCP connection, clients C1 and C2 ask servers Xp and Yp, respectively, for some resource. Stage 3: both Xp and Yp happened to select the accessnode AN2 at the same time not aware of each other's choice, and then inform AN2 about IPc and IPs, of Xs and Ys, respectively. This coincidence of selecting the same AN is to demonstrate the AN ability of differentiating between client-server pairs. Stage 4: AN2 replies to Xp and Yp with two distinctive port numbers to be able to differentiate between the two clients’ connections originating at the same time from the same IP address (IPc), without having to open the application messages. Stage 5: Xp and Yp relay, back to the clients, the address for the selected access-node plus the corresponding port for that connection(s) (i.e. client) in a standard HTTP redirection message. The TCP connection to the client is then closed by the public server. Stage 7: Every client is expected to establish a TCP connection to AN2 using the ephemerally assigned destination port. After the TCP connection is established, the clients now ask their requested resources from the new location, while the assigned port can be reassigned by the AN to be reused with another client-server pair. Stage 8: AN2
connects to the corresponding servers and communication is carried on. The sequence is the same for the connection stages for every newly appearing client.

please i need any help
1- how can the public server know the ips (where ips is the ip of the protected server) in stage3
2- who the ip address of the protected server is found in the DNS in stage6
i attach the pdf please look at it in page 17 is the figure and page 18 is the text explain it,and i will be so greatful for any any help
thank you in advance
best regards

3
Contributors
4
Replies
5
Views
5 Years
Discussion Span
Last Post by jonywags
1

I think the part you are missing is that during the initial configuration of the Public server the addresses of the Protected servers are provided in a configuration file. Without the configuration file the Public server does not know where to redirect the requests.

0

an exelant reply thank you very much
ok, now the public server is configured to know the ANs that are avaliable (can you please give me a useful link about the configration file, or clear it to me in a few sentences if that not annoying you? this will be kind of you)
did you read the attachment, it say that the protected server is not non from the public server, but in the steps i write before (exactly in step3 he said that the public server tell the AN about the ip of the protected server) dose he give the ip or something else like URL or any thing like this??


note: i add reputation to the post without write it(mistake), how can i edit it to add the reputation now, please?

best regards
and thank you very much again and in advance

sorry i fail to attach it again, so here is the link to find it
http://repository.dl.itc.u-tokyo.ac.jp/dspace/bitstream/2261/37658/1/37085952.pdf

Edited by s.w.a: n/a

1

Hello,

To be honest I have never configured the service they are referencing so I would not be able to help in that respect. I have seen it in use so I knew about the need to provide the destination addresses which I believe were partially enabled by adding the destination server to the Public servers /etc/hosts file. But beyond that I am not sure.
Sorry.

Votes + Comments
thanks for your useful informations
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.