DOCSLIB.ORG

Integration and Configuration of a Safe Hotspot Throught a Communication

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Centro Universitario de la Defensa en la Escuela Naval Militar FINAL YEAR PROJECT Integration and configuration of a safe hotspot through a communication tunnel on TOR net Mechanical Engineering Bachelor Degree STUDENT: Ernesto Golmayo Fernández SUPERVISORS: Rafael Asorey Cacheda ACADEMIC YEAR: 2016-2017 Centro Universitario de la Defensa en la Escuela Naval Militar FINAL YEAR PROJECT Integration and configuration of a safe hotspot through a communication tunnel on TOR net Mechanical Engineering Bachelor Degree Naval Technology Specialization Naval Branch ABSTRACT The present project develops the design and integration of a TOR’s net redirecting device into a Raspberry Pi (versions 2 model B and 3 model B). Therefore, information will be encrypted between clients and servers. According to nets’ menaces, system will provide security within LAN and WAN by the means of virtual private networks and protection software (an antivirus and a firewall). Acting as a hotspot it will generate a Wi-Fi area (shell with wireless encryption, WPA2), supplying certificates to the workstations to authenticate themselves. Last sections analyse the capabilities of the device created, studying possible solutions to the problems presented. Finally, the document concludes displaying profiles of potential users and future lines of investigation. KEYWORDS Raspberry Pi, hotspot, TOR’s redirection, encryption, tracking i ii RESUMEN El actual documento recoge el diseño y la implementación de un sistema de redirección de tráfico de datos a través de un canal de comunicación en la red TOR en una Raspberry Pi 2 modelo B y en una Raspberry Pi 3 modelo B. El objetivo es crear un instrumento capaz de encriptar toda la información transmitida creando un punto de acceso seguro a una red abierta. La red TOR consiste en una malla de nodos interconectados, en la cual, cada uno de ellos únicamente conoce la unidad que le envía la información y la cual a la que tiene que enviársela. De esta manera, la identidad del usuario queda resguardada ya que en ningún momento dichos nodos saben que están enviando ni a donde. La Raspberry Pi, entonces, tendría que generar una red local y actuar como puerta de acceso a la red mencionada. Al crear una red local aparecen nuevos factores y amenazas a tener en cuenta. Los mismos peligros que presenta Internet están relacionados con las redes LAN (Red de área local), ya que la estructura es la misma, solo que a menor escala. De esta manera, se necesitarían medios de protección adicionales que asegurasen las comunicaciones de los usuarios ante posibles intentos de acceso indebido. Ante dicha tesitura, entrarían en juego aplicaciones como las redes virtuales capaces de codificar los intercambios de datos entre dos estaciones mediante certificados y autoridades certificadoras. Estas redes se podrían reforzar con software destinado a proteger las redes inalámbricas como es WPA2 (Acceso protegido a Wi-Fi). Todas las medidas incluidas en el proyecto son analizadas posteriormente, con el fin de determinar cuál de ellas no ha sido efectiva, y así poder investigar posibles soluciones a los problemas surgidos. La presente memoria se cierra definiendo los campos de aplicación para los que está diseñado y líneas de mejora relacionadas con los resultados del estudio de sus capacidades. PALABRAS CLAVE Raspberry Pi, hotspot, direccionar tráfico, encriptar, seguimiento iii iv INTEGRATION AND CONFIGURATION OF A SAFE HOTSPOT THROUGH A COMMUNICATION TUNNEL ON TOR NET TABLE OF CONTENTS Table of contents ................................................................................................................................ 1 Figures index ...................................................................................................................................... 6 Tables index ..................................................................................................................................... 10 Charts index ...................................................................................................................................... 12 Equations index ................................................................................................................................ 14 1 Introduction & Objectives ............................................................................................................. 15 1.1 Motivation ............................................................................................................................... 15 1.1.1 Introduction ....................................................................................................................... 15 1.1.2 Hackers ............................................................................................................................. 16 1.1.3 A brief look into Internet’s framework ............................................................................. 17 1.1.4 Encrypting and tunnelling ................................................................................................. 17 1.2 Objectives ................................................................................................................................ 18 1.3 Resources ................................................................................................................................ 18 1.3.1 Initial material ................................................................................................................... 18 1.3.2 Software and programs ..................................................................................................... 20 1.3.3 Workstations ..................................................................................................................... 20 1.3.4 Additional material ........................................................................................................... 20 1.4 Structure of the document ....................................................................................................... 22 2 State of the art ................................................................................................................................ 23 2.1 Introduction ............................................................................................................................. 23 2.2 Raspberry Pi as a router .......................................................................................................... 24 2.2.1 Router ............................................................................................................................... 24 2.2.2 Raspberry Pi [29] .............................................................................................................. 26 2.3 Malware & Intercepting devices ............................................................................................. 26 2.3.1 Network Analysis and Man in the middle [35]................................................................. 26 2.3.2 Viruses .............................................................................................................................. 29 2.3.3 Phishing [61] ..................................................................................................................... 33 2.3.4 Risks ................................................................................................................................. 34 2.4 Safe Untracking Programs & Devices .................................................................................... 35 2.4.1 Defences against malware analysed ................................................................................. 35 2.4.2 TOR net and VPN’s [64] .................................................................................................. 36 2.4.3 SSL [12] ............................................................................................................................ 37 2.4.4 Onion Pi [68] .................................................................................................................... 38 1 ERNESTO GOLMAYO FERNÁNDEZ 2.4.5 OpenVPN [69] .................................................................................................................. 39 2.4.6 WEP, WPA and WPA2 [73] ............................................................................................. 40 2.4.7 Antivirus ........................................................................................................................... 41 2.4.8 Firewall [79] ..................................................................................................................... 41 2.4.9 DNS Server ....................................................................................................................... 42 2.5 Conclusion .............................................................................................................................. 42 3 Development & Settings ............................................................................................................... 44 3.1 Introduction ............................................................................................................................. 44 3.2 Set an OS ................................................................................................................................. 44 3.2.1 Downloading the OS image .............................................................................................. 44 3.2.2 Formatting MicroSD and burning
Recommended publications
  • P2B: NPF in Netbsd 6

    P2B: NPF in Netbsd 6

    NPF in NetBSD 6 S.P.Zeidler [email protected] Mindaugas Rasiukevicius [email protected] The NetBSD Foundation The NetBSD Foundation Abstract form for a packet. This design has the advantage of pro- tocol independence, therefore support for new protocols NPF has been released with NetBSD 6.0 as an exper- (for example, layer 7) or custom filtering patterns can be imental packet filter, and thus has started to see actual easily added at userspace level without any modifications use. While it is going to take a few more cycles before to the kernel itself. it is fully ”production ready”, the exposure to users has NPF provides rule procedures as the main interface to given it a strong push to usability. Fixing small bugs use custom extensions. The syntax of the configuration and user interface intuitivity misses will help to evolve it file supports arbitrary procedures with their parameters, from a theoretical well-designed framework to a practical as supplied by the extensions. An extensions consists of packet filtering choice. The talk will cover distinguish- two parts: a dynamic module (.so file) supplementing the ing features of NPF design, give an overview of NPF’s npfctl(8) utility and a kernel module (.kmod file). Thus, current practical capabilities, ongoing development, and kernel interfaces can be used instead of modifications to will attempt to entice more people to try out NPF and the NPF core code. give feedback. The internals of NPF are abstracted into well defined modules and follow strict interfacing principles to ease 1 Introduction extensibility. Communication between userspace and the kernel is provided through the library libnpf, described NPF is a layer 3 packet filter, supporting IPv4 and IPv6, in the npf(3) manual page.
  • Sna003-Network.Resources.Pdf

    Sna003-Network.Resources.Pdf

    link aggregation Link aggregation https://en.wikipedia.org/wiki/Link_aggregation Link Aggregation and LACP basics https://www.thomas-krenn.com/en/wiki/Link_Aggregation_and_LACP_basics Chapter 4. VLANs and Trunking https://www.oreilly.com/library/view/packet-guide-to/9781449311315/ch04.html balance modes Chapter: Layer 2 LAN Port Configuration https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-4SY/config_guide/sup6T/15_3_sy_swcg_6T/layer2.html Aruba 2930F / 2930M Management and Configuration Guide for ArubaOSSwitch 16.05 https://higherlogicdownload.s3.amazonaws.com/HPE/MigratedAssets/AOS-SW-Management%20and%20Configuration%20Guide- v16.05.pdf lacp An Overview of Link Aggregation and LACP https://web.archive.org/web/20170713130728/https://thenetworkway.wordpress.com/2015/05/01/an-overview-of-link-aggregation-and- lacp/ Link Aggregation Control Protocol (LACP) (802.3ad) for Gigabit Interfaces https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/gigeth.html IEEE 802.3ad Link Aggregation (LAG) https://www.ieee802.org/3/hssg/public/apr07/frazier_01_0407.pdf Understanding IEEE 802.3ad Link Aggregation https://www.juniper.net/documentation/en_US/junose15.1/topics/concept/802.3ad-link-aggregation-understanding.html Link Aggregation Control Protocol (LACP) (802.3ad) for Gigabit Interfaces https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/gigeth.html linux bonding Linux Ethernet Bonding Driver HOWTO https://www.kernel.org/doc/Documentation/networking/bonding.txt –> 2. Bonding Driver Options Manual:Interface/Bonding
  • A SOLUTION for ARP SPOOFING: LAYER-2 MAC and PROTOCOL FILTERING and ARPSERVER Yuksel Arslan

    A SOLUTION for ARP SPOOFING: LAYER-2 MAC and PROTOCOL FILTERING and ARPSERVER Yuksel Arslan

    A SOLUTION FOR ARP SPOOFING: LAYER-2 MAC AND PROTOCOL FILTERING AND ARPSERVER Yuksel Arslan ABSTRACT Most attacks are launched inside the companies by the employees of the same company. These kinds of attacks are generally against layer-2, not against layer-3 or IP. These attacks abuse the switch operation at layer-2. One of the attacks of this kind is Address Resolution Protocol (ARP) Spoofing (sometimes it is called ARP poisoning). This attack is classified as the “man in the middle” (MITM) attack. The usual security systems such as (personal) firewalls or virus protection software can not recognize this type of attack. Taping into the communication between two hosts one can access the confidential data. Malicious software to run internal attacks on a network is freely available on the Internet, such as Ettercap. In this paper a solution is proposed and implemented to prevent ARP Spoofing. In this proposal access control lists (ACL) for layer-2 Media Access Control (MAC) address and protocol filtering and an application called ARPserver which will reply all ARP requests are used. Keywords Computer Networks, ARP, ARP Spoofing, MITM, Layer-2 filtering. 1. INTRODUCTION Nowadays Ethernet is the most common protocol used at layer-2 of Local Area Networks (LANs). Ethernet protocol is implemented on the Network Interface Card (NIC). On top of Ethernet, Internet Protocol (IP), Transmission Control/User Datagram Protocols (TCP/UDP) are employed respectively. In this protocol stack for a packet to reach its destination IP and MAC of destination have to be known by the source. This can be done by ARP which is a protocol running at layer-3 of Open System Interface (OSI) model.

  • Detecting Packet Injection a Guide to Observing Packet Spoofing by Isps

    Detecting Packet Injection A GUidE TO OBSERVING PACKET SPOOFING BY ISPs By Seth Schoen [email protected] ELECTRONIC FRONTIER FOUNDATION eff.org Version .0 November 28, 2007 Detecting Packet Injection: A Guide To Observing Packet Spoofing by ISPs Introduction Certain Internet service providers have begun to interfere with their users’ communications by injecting forged or spoofed packets – data that appears to come from the other end but was actually generated by an Internet service provider (ISP) in the middle. This spoofing is one means (although not the only means) of blocking, jamming, or degrading users’ ability to use particular applications, services, or protocols. One important means of holding ISPs account- able for this interference is the ability of some subscribers to detect and document it reliably. We have to learn what ISPs are doing before we can try to do something about it. Internet users can often detect interference by comparing data sent at one end with data received at the other end of a connection. Techniques like these were used by EFF and the Associated Press to produce clear evidence that Comcast was deliberately interfering with file sharing applications; they have also been used to document censorship by the Great Firewall of China.1 In each of these cases, an in- termediary was caught injecting TCP reset packets that caused a communication to hang up – even though the communicating parties actually wanted to continue talking to one another. In this document, we describe how to use a network analyzer like Wireshark to run an experi- ment with a friend and detect behavior like this.
  • Overview Filezilla Setup for SFTP (SSH) Or FTPS (SSL)

    Overview Filezilla Setup for SFTP (SSH) Or FTPS (SSL)

    Overview Capario can now support SFTP (SSH) and FTPS (SSL) with one server and one URL. With this change we will replace existing PMSFT and SFTP protocols. We implemented this because these new FTP protocols: Have no IP restrictions Allow vendors to have login and access to their clients’ mailboxes Provide increased stability because they use a redundant clustered file system Support many communication protocols with a number of free licensed software (GNU) Allow for quick setup Suggested Setup Methods SFTP (SSH): This is the preferred connection method. Use FileZilla with Server type set to: SFTP Putty, a command line transfer application. Core FTP Lite Set Up for SFTP (SSH) WinSCP Set Up for SFTP (SSH) FTPS (SSL): Use SSL if you are unable to connect using SSH. Use FileZilla with Server type set to: FTPS/SSL. MoveItFreely, a command line transfer application. Setup Specifications Host: Secureftp.capario.net Port for SSL (FTPS): Passive 21 Port for SSH (SFTP): 22 Select BINARY transfer mode if your software provides an option. File Naming File names must contain a .CLM extension. Eligibility inquiries must have a .270 extension. FileZilla Setup for SFTP (SSH) or FTPS (SSL) FileZilla is a free, GUI interface for Secure File Transfer. Go to http://filezilla-project.org/ to download and install. Open FileZilla Click file and click on Site Manager Click on New Site and name it Capario. Enter the Host: secureftp.capario.net Enter the port: 22 Select Servertype: SFTP Use FTPS/SSL ServerType if you are unable to use SFTP. Enter your User and password information.
  • Setting up Logset Remote Service

    Setting up Logset Remote Service

    1 Aapo Koskela SETTING UP LOGSET REMOTE SERVICE Introducing Logset REDI and Logset Manager Technology and Communication 2020 VAASAN AMMATTIKORKEAKOULU UNIVERSITY OF APPLIED SCIENCES Information Technology ABSTRACT Author Aapo Koskela Title Setting up Logset Remote Service Year 2020 Language English Pages 30 Name of Supervisor Gao, Chao Logset had a need to develop remote support and control service, which could be used by service personnel and selected resellers. There was also a need for Fleet Management for handling big data, which could be developed with remote ser- vice. Logset started developing both services and as a result, they had to be docu- mented. The purpose of this thesis was to strengthen Logset’s internal knowledge of new upcoming services, and to generate work instructions for setting up, and the usage of Logset REDI Service. Thesis instructions were written based on interviews with the developers of the service and by personal experiences from the testing. During writing this thesis, REDI Service and Logset Manager were being simul- taneously developed. Logset had implemented objective and basic setup which was then followed by first testing in theory and then in practice, and before the thesis was finished, were both REDI Service and Fleet Management announced publicly. The thesis presents features that are available now, and those that will probably be available in near future. The work instructions will be taken in use as soon as wide-scale installations in the factory and field will begin. Keywords CAN bus, CANopen, Work instructions, Remote diagnos- tics, and control 3 VAASAN AMMATTIKORKEAKOULU Koulutusohjelman nimi TIIVISTELMÄ Tekijä Aapo Koskela Opinnäytetyön nimi Setting up Logset Remote Service Vuosi 2020 Kieli englanti Sivumäärä 30 Ohjaaja Gao, Chao Logsetilla oli tarve kehittää etätuki- ja ohjauspalvelua, jota huolto ja valitut jäl- leenmyyjät voisivat käyttää.
  • Index Images Download 2006 News Crack Serial Warez Full 12 Contact

    Index Images Download 2006 News Crack Serial Warez Full 12 Contact

    index images download 2006 news crack serial warez full 12 contact about search spacer privacy 11 logo blog new 10 cgi-bin faq rss home img default 2005 products sitemap archives 1 09 links 01 08 06 2 07 login articles support 05 keygen article 04 03 help events archive 02 register en forum software downloads 3 security 13 category 4 content 14 main 15 press media templates services icons resources info profile 16 2004 18 docs contactus files features html 20 21 5 22 page 6 misc 19 partners 24 terms 2007 23 17 i 27 top 26 9 legal 30 banners xml 29 28 7 tools projects 25 0 user feed themes linux forums jobs business 8 video email books banner reviews view graphics research feedback pdf print ads modules 2003 company blank pub games copyright common site comments people aboutus product sports logos buttons english story image uploads 31 subscribe blogs atom gallery newsletter stats careers music pages publications technology calendar stories photos papers community data history arrow submit www s web library wiki header education go internet b in advertise spam a nav mail users Images members topics disclaimer store clear feeds c awards 2002 Default general pics dir signup solutions map News public doc de weblog index2 shop contacts fr homepage travel button pixel list viewtopic documents overview tips adclick contact_us movies wp-content catalog us p staff hardware wireless global screenshots apps online version directory mobile other advertising tech welcome admin t policy faqs link 2001 training releases space member static join health
  • Troubleshooting the MSBR Configuration Note Ver

    Troubleshooting the MSBR Configuration Note Ver

    Configuration Note Multi-Service Business Routers Product Series Troubleshooting Version 7.2 Configuration Note Contents Table of Contents 1 Introduction ......................................................................................................... 7 2 Capturing Packets ............................................................................................... 9 2.1 Capturing Data-CPU on Physical Interfaces ........................................................... 9 2.1.1 Changing the Debug File Destination Target ..........................................................10 2.1.2 Viewing Currently Configured Capture ....................................................................10 2.1.3 Debugging Capture Physical using WinSCP Example ............................................11 2.1.4 Capturing Data-CPU on Physical Interface Example ..............................................12 2.1.5 Analyzing the Debug File .........................................................................................12 2.2 Capturing Data on Logical Interfaces .................................................................... 13 2.2.1 Capturing Data on an Interface Example ................................................................13 2.2.2 Looking Inside the VPN IPSec Tunnel Example .....................................................14 2.3 Capturing Voice on Physical Interfaces ................................................................ 15 2.3.1 Monitoring VoIP Physical Interface Example...........................................................15
  • NPF – the Packet Filter of Netbsd

    NPF – the Packet Filter of Netbsd

    NPF { the packet filter of NetBSD Mindaugas Rasiukevicius October 17, 2012 1 Introduction NPF is a layer 3 packet filter, supporting IPv4 and IPv6, as well as layer 4 protocols such as TCP, UDP and ICMP. NPF offers a traditional set of features provided by most packet filters. This includes stateful packet filtering, network address translation (NAT), tables (using a hash or tree as a container), rule procedures for easy development of NPF extensions, packet normalisation and logging, connection saving and restoring and more. NPF focuses on high performance design, ability to handle large volume of clients and use of the speed of multi-core systems. Our main objective for the preview release is to stabilise initial set of features and have a robust code base for further development. This paper covers NPF version distributed by the NetBSD 6.0 release. 2 Brief notes on design Inspired by the Berkeley Packet Filter (BPF), NPF uses "n-code", which is conceptually a byte-code processor, similar to the machine code. Each rule is described by a sequence of low level operations, called "n-code", to perform for a packet. This design has the advantage of protocol independence, therefore support for new protocols (for example, layer 7) or custom filtering patterns can be easily added at userspace level without any modifications to the kernel itself. BPF just-in-time (JIT) compilation itself is planned for the future release. NPF provides rule procedures as the main interface to implement custom extensions. Syntax of the configuration file supports arbitrary procedures with their parameters, as supplied by the extensions.
  • DVD-Ofimática 2014-07

    DVD-Ofimática 2014-07

    (continuación 2) Calizo 0.2.5 - CamStudio 2.7.316 - CamStudio Codec 1.5 - CDex 1.70 - CDisplayEx 1.9.09 - cdrTools FrontEnd 1.5.2 - Classic Shell 3.6.8 - Clavier+ 10.6.7 - Clementine 1.2.1 - Cobian Backup 8.4.0.202 - Comical 0.8 - ComiX 0.2.1.24 - CoolReader 3.0.56.42 - CubicExplorer 0.95.1 - Daphne 2.03 - Data Crow 3.12.5 - DejaVu Fonts 2.34 - DeltaCopy 1.4 - DVD-Ofimática Deluge 1.3.6 - DeSmuME 0.9.10 - Dia 0.97.2.2 - Diashapes 0.2.2 - digiKam 4.1.0 - Disk Imager 1.4 - DiskCryptor 1.1.836 - Ditto 3.19.24.0 - DjVuLibre 3.5.25.4 - DocFetcher 1.1.11 - DoISO 2.0.0.6 - DOSBox 0.74 - DosZip Commander 3.21 - Double Commander 0.5.10 beta - DrawPile 2014-07 0.9.1 - DVD Flick 1.3.0.7 - DVDStyler 2.7.2 - Eagle Mode 0.85.0 - EasyTAG 2.2.3 - Ekiga 4.0.1 2013.08.20 - Electric Sheep 2.7.b35 - eLibrary 2.5.13 - emesene 2.12.9 2012.09.13 - eMule 0.50.a - Eraser 6.0.10 - eSpeak 1.48.04 - Eudora OSE 1.0 - eViacam 1.7.2 - Exodus 0.10.0.0 - Explore2fs 1.08 beta9 - Ext2Fsd 0.52 - FBReader 0.12.10 - ffDiaporama 2.1 - FileBot 4.1 - FileVerifier++ 0.6.3 DVD-Ofimática es una recopilación de programas libres para Windows - FileZilla 3.8.1 - Firefox 30.0 - FLAC 1.2.1.b - FocusWriter 1.5.1 - Folder Size 2.6 - fre:ac 1.0.21.a dirigidos a la ofimática en general (ofimática, sonido, gráficos y vídeo, - Free Download Manager 3.9.4.1472 - Free Manga Downloader 0.8.2.325 - Free1x2 0.70.2 - Internet y utilidades).
  • How to Cheat at Configuring Open Source Security Tools

    How to Cheat at Configuring Open Source Security Tools

    436_XSS_FM.qxd 4/20/07 1:18 PM Page ii 441_HTC_OS_FM.qxd 4/12/07 1:32 PM Page i Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and deliv- ering those books in media and formats that fit the demands of our customers. We are also committed to extending the utility of the book you purchase via additional mate- rials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you may find an assortment of value- added features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our e-books onto servers in corporations, educational institutions, and large organizations.
  • WIPO PCT Electronic Data Interchange (PCT-EDI) June 2020

    WIPO PCT Electronic Data Interchange (PCT-EDI) June 2020

    WIPO PCT Electronic Data Interchange (PCT-EDI) PCT Technical Cooperation June 2020 WIPO PCT Electronic Data Interchange (PCT-EDI) June 2020 Table of Contents I. INTRODUCTION ........................................................................................................... 2 II. SERVICE OVERVIEW ................................................................................................... 2 A. Why SSH? .................................................................................................................. 2 B. The WIPO Server ....................................................................................................... 3 C. Client Software ........................................................................................................... 3 III. OFFICE ACCOUNTS ................................................................................................. 3 A. Introduction ................................................................................................................ 3 B. Office account and Directory structure ........................................................................ 3 C. Maintenance ............................................................................................................... 4 D. Examples in this document ......................................................................................... 4 IV. CLIENT SOFTWARE CONFIGURATION ................................................................... 5 A. Introduction ...............................................................................................................