DOCSLIB.ORG

International Journal for Scientific Research & Development| Sp. Issue- Computer Networking | ISSN (Online):2321-061

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

IJSRD - International Journal for Scientific Research & Development| Sp. Issue- Computer Networking | ISSN (online):2321-0613 XMPP in Instant Messengers Neeraj Vashistha1 Akshay Khilari2 S.N. Shelke3 3Assistant Professor 1,2,3Department of Computer Engineering 1,2,3Sinhgad Academy of Engineering, SPPU, Pune. Abstract— Instant Messengers(IM) are the most commonly like Pidgin, Adium using the standard XMPP protocol. The used interacting method to communicate with people main advantage of using a decentralized architecture is that worldwide. IM presence is felt in multicast (chat rooms) and it allows client developers to focus on user experience and one-to-one message exchange between different kind of server developers to focus on reliability and scalability. The client entities. IM using eXtensible Messaging and Presence servers incorporate important security features such as Protocol (XMPP) as the base protocol is able to provide near authentication, channel encryption. real-time text-based communication through the use of The following are the components of the XMPP XML. Social media networks like gtalk, ejabberd, facebook architecture: employ XMPP. XMPP can be implemented with servers as well as without servers. XMPP is not only used in IM but also collaborative services like sensor networks, multiplayer games and Internet-of-Things (IoT) as they require real-time event publication and distribution. In this paper we briefly describe XMPP and its usage in IM and also discuss the market share of XMPP. Key words: XMPP, Social Media Networks, Collaborative Services, Internet of things, Near Real-time communication I. HISTORY OF XMPP AND LESSONS LEARNT As discussed in [1], based on TCP, DNS and SSL and built as a client-server architecture XMPP prophesied for simple Fig. 1: XMPP Architecture distributed technology where privacy and security would be A. Server: given priority but this was not possible if PGP (pretty good privacy) keys were not in place for each user or a digital It provides important security features such as certificate for each user. Thus the desire to keep the authentication, encryption and is used to manage technology as simple as possible was not attainable easily. connections from authorized clients, servers and other Following were the issues associated with XMPP. entities. 1) XMPP is optimized for handling a large number of B. Client: small XML based messages but has a difficulty in sending/parsing large chunks of video /audio. Clients are the end user which initiates streams and 2) For meshes like ad hoc and mobile network, deploying communicates with the server using client software like a technology on TCP and DNS is challenging thus there ejabberd. is a need to rethink about its deployment and C. Gateway: dependencies on other technology. A gateway is a server-side service and its primary function 3) XMPP as an open technology strives to be extensible is to translate the XMPP streams into protocols used by a and modular along with it providing anyone to run a non-XMPP messaging system and vice versa. Gateways to server instance to create a decentralized communication SMS (Short Message Service), IRC (Internet Relay Chat), system where the network availability information or email are some examples. presence is available throughout the system. The early XMPP implementation by its inventor III. XMPP BASICS Jeremie Miller has all those problems as listed above in points 1,2,3 which are now resolved quite successfully and XMPP uses a client-server architecture but it is highly are discussed in great depth in [1] and much of the decentralized. XMPP core [5], specify client can only undiscussed work of serverless XMPP is implemented in communicate with another client when it is authenticated XMPP based SMS gateway [10], XMPP implementation with server and unless authenticated, a client cannot inject and security at cloud [11], XMPP as a service integration messages on a network. scheme [9], distributed chat service [8]. However a serverless messaging [4] can be established with zero network configuration on local (or II. XMPP ARCHITECTURE even wide area) network using the _presence._tcp DNS SRV service type. XMPP uses a decentralized client-server architecture for Once discovered by any server or on a serverless instant messaging [6], presence [6], [3] and real-time network, the client can communicate by negotiating XML communication. The XMPP architecture as in [7] used for streams among themselves and exchanging structured data instant messaging typically consists of hundreds of XMPP using XMPP <message/> and <iq/> (information and query) servers like ejabberd and XMPP clients which run software stanzas. All rights reserved by www.ijsrd.com 25 XMPP in Instant Messengers (IJSRD/SPCN016) On a serverless (or ad hoc WAN) messaging, a chat Server messaging, the from address is stamped by server to client can advertise its presence by invoking a DNS-based avoid spoofing but in case of serverless messaging it is Service Discovery (DNS-SD) daemon (RFC 6763 ) and ought to be included by the client. For example, John may multicast DNS (mDNS) (RFC 6762 ) by publishing the DNS now send a message to Tim in the following way. records on multicast DNS address 244.0.0.251 and listen for <message from=’john@comp-PG-1’ multicast DNS queries. to=’tim@workstation7’ workstation7. local. A 10.2.1.2 type=’chat’ tim@workstation7._presence._tcp.local. SRV <body>Hello, Tim how are you?</body> 5356 workstation7.local. <subject>Query</subject> _presence._tcp.local. PTR </message> tim@workstation7._presence._tcp.local Presence stanza is a specialised publish-subscribe Here ‘A’ record at IP 10.2.1.2 specifies method to publish network availability and status messages ‘workstation7’ listening for connection, ‘SRV’ record (RFC of clients to only those clients which are authorized to 27323) maps the presence status of instance receive i.e. subscribed clients. When a client comes into ‘tim@workstation7’ to machine ‘workstation7.local’ on port network (online) and leaves the network (offline) presence 5356 and ‘PTR’(pointer) record (RFC 23174) points that is advertised. This XML stanza provides presence status in service of type ‘presence ‘exist over TCP. Along with above roster, it is the responsibility of server (in Server Messaging information DNS TXT record (RFC 14645) is also published Scenario) to handle the task of notifying other clients in the by a chat client. this information is typically key value based roster. and is published using mDNS daemon. <presence from=’tim@workstation7’> txtvers=1 <show>Available</show> 1st=Tim <status>Hanging out</status> [email protected] </presence> hash=sha-1 The iq stanza (information query) in XMPP are id=117 method for requesting and responding information in last=Petric structured format through the use of of id (or jid) attribute. msg=Hanging out The payload, id associates the stanza and helps to track the nick=timP request and response between client entities. In case of node=http://www.mdgn.com failure, iq-error is returned. phsh=a3839614e1aa56b3fe7bcf78523f519e02358913 <iq from=’tim@workstation7’ port.p2pj=5356 id=’117’ status=avail to=’[email protected]’ vc=CA! type=’get’> ver=QjolPKapkwPSDYstT/WM75uBl47= <query xmlns=’jabber:iq:roster’/> The same functionality is applicable to a client- </iq> server distributed architecture, when client joins the network The response is iq-result having a payload, item and advertises its presence using the _presence._tcp DNS element for each client in the roster. SRV service type. For example, a client(John) would be able <iq from=’[email protected]’ to discover any number of local presence services like id=117 time@workstation7 at IP address 10.2.1.3 on port 5356. On to=’tim@workstation7’ discovering this, client can initiate a chat by opening a XML type=’result’> stream. <query xmlns=’jabber:iq:roster’> <?xml version='1.0'?> <item jid=’[email protected]’/> <stream:stream <item jid=’[email protected]’/> xmlns='jabber:client' </query> xmlns:stream='http://etherx.jabber.org/streams' </iq> from='john@comp-PG-1' The iq-set is then used to update new contacts in to='tim@workstation7' client roster through new transaction. version='1.0'> <iq from=’tim@workstation7’ On receiving a request from John, Tim respond with a id=117 response stream header. to=’[email protected]’ <?xml version='1.0'?> type=’set’> <stream:stream <query xmlns=’jabber:iq:roster’> xmlns='jabber:client' <item id=’[email protected]’/> xmlns:stream='http://etherx.jabber.org/streams' </query> from='tim@workstation7' </iq> to='john@comp-PG-1' An acknowledgement through iq-result is version='1.0'> submitted by server to client. There are three types of XML stanza which are <iq from=’[email protected]’ exchanged between clients, Message, presence, and iq. id=117 Message stanzas consists of to and from along with to=’tim@workstation7’ attribute, type and id. Payloads include subject and body. In type =’result’/> All rights reserved by www.ijsrd.com 26 XMPP in Instant Messengers (IJSRD/SPCN016) IV. MARKET DOMINANCE existing protocol [1], XMPP Extension Protocols Although there are various proprietary and open source (XEPs), an open standard manages existing extensions. protocols for IM and presence applications, XMPP (Jingle, 2) Deployment of XMPP stack [2] on a thin client like WFP) is one of the open source and standardised protocol. mobile devices [10], [11], sensors is reasonable as Other open source and recognised protocols are IMPP, IRC, XMPP is lightweight and in comparison to SIMPLE, MTProto, RetroShare, SIP (MSRP, SIMPLE), TextSecure, XMPP requires a few number of RFC to be used to Tox, Zephyr. create a functional XMPP server. Some of the proprietary IM protocol for near real 3) In comparison to proprietary protocols, XMPP is highly time messaging and presence are MSNP, OSCAR (TOC), decentralised. Proprietary protocols extensively control Skype, YMSG. the specification and exchange of messages along with According to a report6, the number of XMPP it, only those clients that implement these protocols can servers deployed worldwide are approximately 7264, of communicate with servers.
Recommended publications
  • Uila Supported Apps

    Uila Supported Apps

    Uila Supported Applications and Protocols updated Oct 2020 Application/Protocol Name Full Description 01net.com 01net website, a French high-tech news site. 050 plus is a Japanese embedded smartphone application dedicated to 050 plus audio-conferencing. 0zz0.com 0zz0 is an online solution to store, send and share files 10050.net China Railcom group web portal. This protocol plug-in classifies the http traffic to the host 10086.cn. It also 10086.cn classifies the ssl traffic to the Common Name 10086.cn. 104.com Web site dedicated to job research. 1111.com.tw Website dedicated to job research in Taiwan. 114la.com Chinese web portal operated by YLMF Computer Technology Co. Chinese cloud storing system of the 115 website. It is operated by YLMF 115.com Computer Technology Co. 118114.cn Chinese booking and reservation portal. 11st.co.kr Korean shopping website 11st. It is operated by SK Planet Co. 1337x.org Bittorrent tracker search engine 139mail 139mail is a chinese webmail powered by China Mobile. 15min.lt Lithuanian news portal Chinese web portal 163. It is operated by NetEase, a company which 163.com pioneered the development of Internet in China. 17173.com Website distributing Chinese games. 17u.com Chinese online travel booking website. 20 minutes is a free, daily newspaper available in France, Spain and 20minutes Switzerland. This plugin classifies websites. 24h.com.vn Vietnamese news portal 24ora.com Aruban news portal 24sata.hr Croatian news portal 24SevenOffice 24SevenOffice is a web-based Enterprise resource planning (ERP) systems. 24ur.com Slovenian news portal 2ch.net Japanese adult videos web site 2Shared 2shared is an online space for sharing and storage.
  • Webrtc and XMPP

    Webrtc and XMPP

    webRTC and XMPP Philipp Hancke, XMPP Summit 2013 What is this webRTC thing … …and why should XMPP developers care? . I assume you know what XMPP is… . … you might have heard of Jingle . the XMPP framework for establishing P2P sessions . used for VoIP, filesharing, … . … you might have also heard about this webRTC thing . doing VoIP in the browser . without plugins . „no more flash“ . Do you want to know how it relates to XMPP ? Philipp Hancke © ESTOS GmbH 2013 2 What is webRTC? . P2P sessions between browsers . no servers involved in media transfer . using open standards . Javascript API in the browser . also an BSD-licensed C++ library from Google . Want to know more? . Listen to the evangelists! . Justin Uberti http://www.youtube.com/watch?v=E8C8ouiXHHk . Jose de Castro http://vimeo.com/52510068 . Cullen Jennings http://vimeo.com/cullenfluffyjennings/rtcwebexplained Philipp Hancke © ESTOS GmbH 2013 3 Initiating P2P sessions . initiate a P2P session between two browsers . negotiate media codecs, NAT traversal, etc . media is sent P2P . you need a session initiation protocol . SIP? . JSEP? . H.323? . Jingle! . webRTC does not mandate a signalling protocol . WG decision Philipp Hancke © ESTOS GmbH 2013 4 Call Flow - JSEP Philipp Hancke © ESTOS GmbH 2013 5 Jingle . You can use Jingle as signalling protocol . together with BOSH or XMPP over websockets in the browser . Demo later . But… . webRTC uses the Session Description Protocol as an API . Jingle does not use SDP . You need a mapping SDP -> Jingle -> SDP . Complicated, but doable . Topic for breakout Philipp Hancke © ESTOS GmbH 2013 6 Call Flow - Jingle Philipp Hancke © ESTOS GmbH 2013 7 webRTC-Jingle usecases .
  • Privacy Resources 2018

    Privacy Resources 2018

    Privacy Resources 2018 By Marcus P. Zillman, M.S., A.M.H.A. Executive Director – Virtual Private Library [email protected] Privacy Resources 2018 is a comprehensive listing of privacy resources currently available on the Internet. These include associations, indexes, search engines as well as individual websites and sources that supply the latest technology and information about privacy and how it relates to you and the Internet. The below list of sources is taken from my Subject Tracer™ Information Blog titled Privacy Resources and is constantly updated with Subject Tracer™ bots from the following URL: http://www.PrivacyResources.info/ These resources and sources will help you to discover the many pathways available to you through the Internet to find the latest privacy sources and sites. Figure 1: Privacy Resources 2018 Subject Tracer™ Information Blog 1 [Updated: April 1, 2018] Privacy Resources 2018 White Paper Link Compilation http://www.PrivacyResources.info/ [email protected] Voice: 800-858-1462 © 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018 Marcus P. Zillman, M.S., A.M.H.A. Privacy Resources 2018: 10 Best Security and Privacy Apps for Smartphones and Tablets http://drippler.com/drip/10-best-security-privacy-apps-smartphones-tablets 10 Minute Mail http://10minutemail.com/10MinuteMail/index.html 10 Privacy Gadgets To Help You Keep a Secret http://www.popsci.com/keep-your-secrets-a-secret 10 Reasons to Use a VPN for Private Web Browsing http://netforbeginners.about.com/od/readerpicks/tp/Reasons-to-Use-a-VPN-Service.htm
  • Fully Eliminated the Language Barrier and Enable Ease of Communication Through This Application

    Fully Eliminated the Language Barrier and Enable Ease of Communication Through This Application

    IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 2, Ver. XI (Mar-Apr. 2014), PP 113-119 www.iosrjournals.org Alltalk™- A Windows Phone Messenger with Cross Language Communication Shruti Shetye1, Akhil Abraham2, Royston Pinto3, Sonali Vaidya4 1(BE-IT Student, Information Technology, St. FrancisInstitute of Technology, India) 2(BE-IT Student, Information Technology, St. Francis Institute of Technology, India) 3(BE-IT Student, Information Technology, St. Francis Institute of Technology, India 4(Lecturer, Information Technology, St. Francis Institute of Technology, India) __________________________________________________________________________________ Abstract:In day to day life, messengers or chatting applications provide facility for instant messaging over the internet. Exchange of messages takes place in universally used languages like English, French, etc. where both the users know how to communicate in a common language. Thus chatting on mobile phones is a luxury when both the parties involved know a common language. Hence we have implemented ALLTALK™ which is a Windows 8 phone based chatting application which makes cross language communication possible using mobile programming and networking technology.This application will enable the communication between two persons irrespective of the language each user wishes to use individually. The various modes of communication available in this messenger are through text and voice. Due to the best processing power provided among the available smartphones and high battery life we choose to work on windows 8 platform. Thus we have successfully eliminated the language barrier and enable ease of communication through this application. Keywords: Cross Language communication, instant messenger, socket connection, translator,Windows phone app.
  • N2N: a Layer Two Peer-To-Peer VPN

    N2N: a Layer Two Peer-To-Peer VPN

    N2N: A Layer Two Peer-to-Peer VPN Luca Deri1, Richard Andrews2 ntop.org, Pisa, Italy1 Symstream Technologies, Melbourne, Australia2 {deri, andrews}@ntop.org Abstract. The Internet was originally designed as a flat data network delivering a multitude of protocols and services between equal peers. Currently, after an explosive growth fostered by enormous and heterogeneous economic interests, it has become a constrained network severely enforcing client-server communication where addressing plans, packet routing, security policies and users’ reachability are almost entirely managed and limited by access providers. From the user’s perspective, the Internet is not an open transport system, but rather a telephony-like communication medium for content consumption. This paper describes the design and implementation of a new type of peer-to- peer virtual private network that can allow users to overcome some of these limitations. N2N users can create and manage their own secure and geographically distributed overlay network without the need for central administration, typical of most virtual private network systems. Keywords: Virtual private network, peer-to-peer, network overlay. 1. Motivation and Scope of Work Irony pervades many pages of history, and computing history is no exception. Once personal computing had won the market battle against mainframe-based computing, the commercial evolution of the Internet in the nineties stepped the computing world back to a substantially rigid client-server scheme. While it is true that the today’s Internet serves as a good transport system for supplying a plethora of data interchange services, virtually all of them are delivered by a client-server model, whether they are centralised or distributed, pay-per-use or virtually free [1].
  • A Generic Data Exchange System for F2F Networks

    A Generic Data Exchange System for F2F Networks

    The Retroshare project The GXS system Decentralize your app! A Generic Data Exchange System for F2F Networks Cyril Soler C.Soler The GXS System 03 Feb. 2018 1 / 19 The Retroshare project The GXS system Decentralize your app! Outline I Overview of Retroshare I The GXS system I Decentralize your app! C.Soler The GXS System 03 Feb. 2018 2 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows, (+ Android). C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows. C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows. C.Soler The GXS System 03 Feb. 2018 3 / 19 The Retroshare project The GXS system Decentralize your app! The Retroshare Project I Mesh computers using signed TLS over TCP/UDP/Tor/I2P; I anonymous end-to-end encrypted FT with swarming; I mail, IRC chat, forums, channels; I available on Mac OS, Linux, Windows.
  • Cisco SCA BB Protocol Reference Guide

    Cisco SCA BB Protocol Reference Guide

    Cisco Service Control Application for Broadband Protocol Reference Guide Protocol Pack #60 August 02, 2018 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  • Multi-Device for Signal

    Multi-Device for Signal

    Multi-Device for Signal S´ebastienCampion3, Julien Devigne1, C´elineDuguey1;2, and Pierre-Alain Fouque2 1 DGA Maˆıtrisede l’information, Bruz, France [email protected] 2 Irisa, Rennes, France, [email protected], [email protected] Abstract. Nowadays, we spend our life juggling with many devices such as smartphones, tablets or laptops, and we expect to easily and efficiently switch between them without losing time or security. However, most ap- plications have been designed for single device usage. This is the case for secure instant messaging (SIM) services based on the Signal proto- col, that implements the Double Ratchet key exchange algorithm. While some adaptations, like the Sesame protocol released by the developers of Signal, have been proposed to fix this usability issue, they have not been designed as specific multi-device solutions and no security model has been formally defined either. In addition, even though the group key exchange problematic appears related to the multi-device case, group solutions are too generic and do not take into account some properties of the multi-device setting. Indeed, the fact that all devices belong to a single user can be exploited to build more efficient solutions. In this paper, we propose a Multi-Device Instant Messaging protocol based on Signal, ensuring all the security properties of the original Signal. Keywords: cryptography, secure instant messaging, ratchet, multi-device 1 Introduction 1.1 Context Over the last years, secure instant messaging has become a key application ac- cessible on smartphones. In parallel, more and more people started using several devices - a smartphone, a tablet or a laptop - to communicate.
  • Universidad Pol Facultad D Trabajo

    Universidad Pol Facultad D Trabajo

    UNIVERSIDAD POLITÉCNICA DE MADRID FACULTAD DE INFORMÁTICA TRABAJO FINAL DE CARRERA ESTUDIO DEL PROTOCOLO XMPP DE MESAJERÍA ISTATÁEA, DE SUS ATECEDETES, Y DE SUS APLICACIOES CIVILES Y MILITARES Autor: José Carlos Díaz García Tutor: Rafael Martínez Olalla Madrid, Septiembre de 2008 2 A mis padres, Francisco y Pilar, que me empujaron siempre a terminar esta licenciatura y que tanto me han enseñado sobre la vida A mis abuelos (q.e.p.d.) A mi hijo icolás, que me ha dejado terminar este trabajo a pesar de robarle su tiempo de juego conmigo Y muy en especial, a Susana, mi fiel y leal compañera, y la luz que ilumina mi camino Agradecimientos En primer lugar, me gustaría agradecer a toda mi familia la comprensión y confianza que me han dado, una vez más, para poder concluir definitivamente esta etapa de mi vida. Sin su apoyo, no lo hubiera hecho. En segundo lugar, quiero agradecer a mis amigos Rafa y Carmen, su interés e insistencia para que llegara este momento. Por sus consejos y por su amistad, les debo mi gratitud. Por otra parte, quiero agradecer a mis compañeros asesores militares de Nextel Engineering sus explicaciones y sabios consejos, que sin duda han sido muy oportunos para escribir el capítulo cuarto de este trabajo. Del mismo modo, agradecer a Pepe Hevia, arquitecto de software de Alhambra Eidos, los buenos ratos compartidos alrrededor de nuestros viejos proyectos sobre XMPP y que encendieron prodigiosamente la mecha de este proyecto. A Jaime y a Bernardo, del Ministerio de Defensa, por haberme hecho descubrir las bondades de XMPP.
  • CCIA Comments in ITU CWG-Internet OTT Open Consultation.Pdf

    CCIA Comments in ITU CWG-Internet OTT Open Consultation.Pdf

    CCIA Response to the Open Consultation of the ITU Council Working Group on International Internet-related Public Policy Issues (CWG-Internet) on the “Public Policy considerations for OTTs” Summary. The Computer & Communications Industry Association welcomes this opportunity to present the views of the tech sector to the ITU’s Open Consultation of the CWG-Internet on the “Public Policy considerations for OTTs”.1 CCIA acknowledges the ITU’s expertise in the areas of international, technical standards development and spectrum coordination and its ambition to help improve access to ICTs to underserved communities worldwide. We remain supporters of the ITU’s important work within its current mandate and remit; however, we strongly oppose expanding the ITU’s work program to include Internet and content-related issues and Internet-enabled applications that are well beyond its mandate and core competencies. Furthermore, such an expansion would regrettably divert the ITU’s resources away from its globally-recognized core competencies. The Internet is an unparalleled engine of economic growth enabling commerce, social development and freedom of expression. Recent research notes the vast economic and societal benefits from Rich Interaction Applications (RIAs), a term that refers to applications that facilitate “rich interaction” such as photo/video sharing, money transferring, in-app gaming, location sharing, translation, and chat among individuals, groups and enterprises.2 Global GDP has increased US$5.6 trillion for every ten percent increase in the usage of RIAs across 164 countries over 16 years (2000 to 2015).3 However, these economic and societal benefits are at risk if RIAs are subjected to sweeping regulations.
  • TLS in the Wild: an Internet-Wide Analysis of TLS-Based Protocols for Electronic Communication

    TLS in the Wild: an Internet-Wide Analysis of TLS-Based Protocols for Electronic Communication

    TLS in the wild: An Internet-wide analysis of TLS-based protocols for electronic communication Ralph Holz∗, Johanna Amannz, Olivier Mehaniy, Matthias Wachsx, Mohamed Ali Kaafary ∗University of Sydney, Australia, Email: [email protected] yData61/CSIRO, Sydney, Australia, Email: [email protected] zICSI, Berkeley, USA, Email: [email protected] xTechnical University of Munich, Germany, Email: [email protected] This is a preprint of the camera-ready version to appear at NDSS 2016. Last update: 19 Dec 2015. Abstract—Email and chat still constitute the majority of in 2018 [11]. As for chat, the most widely used standard- electronic communication on the Internet. The standardisation based networks are IRC group chats and the XMPP instant and acceptance of protocols such as SMTP, IMAP, POP3, XMPP, messaging and multi-user conferencing network. and IRC has allowed to deploy servers for email and chat in a decentralised and interoperable fashion. These protocols can be In their early days, email protocols such as SMTP, POP3, secured by providing encryption with TLS—directly or via the and IMAP were designed with no special focus on security. STARTTLS extension. X.509 PKIs and ad hoc methods can be In particular, authentication in SMTP was introduced a while leveraged to authenticate communication peers. However, secure after the protocol’s standardisation, initially as a way to configuration is not straight-forward and many combinations fight spam. User agents started to move towards encryption of encryption and authentication mechanisms lead to insecure deployments and potentially compromise of data in transit. In and authenticated connections gradually, using the then-new this paper, we present the largest study to date that investigates SSL 3 and later the TLS protocols to protect the transport the security of our email and chat infrastructures.
  • Cheat Sheet – Common Ports (PDF)

    Cheat Sheet – Common Ports (PDF)

    COMMON PORTS packetlife.net TCP/UDP Port Numbers 7 Echo 554 RTSP 2745 Bagle.H 6891-6901 Windows Live 19 Chargen 546-547 DHCPv6 2967 Symantec AV 6970 Quicktime 20-21 FTP 560 rmonitor 3050 Interbase DB 7212 GhostSurf 22 SSH/SCP 563 NNTP over SSL 3074 XBOX Live 7648-7649 CU-SeeMe 23 Telnet 587 SMTP 3124 HTTP Proxy 8000 Internet Radio 25 SMTP 591 FileMaker 3127 MyDoom 8080 HTTP Proxy 42 WINS Replication 593 Microsoft DCOM 3128 HTTP Proxy 8086-8087 Kaspersky AV 43 WHOIS 631 Internet Printing 3222 GLBP 8118 Privoxy 49 TACACS 636 LDAP over SSL 3260 iSCSI Target 8200 VMware Server 53 DNS 639 MSDP (PIM) 3306 MySQL 8500 Adobe ColdFusion 67-68 DHCP/BOOTP 646 LDP (MPLS) 3389 Terminal Server 8767 TeamSpeak 69 TFTP 691 MS Exchange 3689 iTunes 8866 Bagle.B 70 Gopher 860 iSCSI 3690 Subversion 9100 HP JetDirect 79 Finger 873 rsync 3724 World of Warcraft 9101-9103 Bacula 80 HTTP 902 VMware Server 3784-3785 Ventrilo 9119 MXit 88 Kerberos 989-990 FTP over SSL 4333 mSQL 9800 WebDAV 102 MS Exchange 993 IMAP4 over SSL 4444 Blaster 9898 Dabber 110 POP3 995 POP3 over SSL 4664 Google Desktop 9988 Rbot/Spybot 113 Ident 1025 Microsoft RPC 4672 eMule 9999 Urchin 119 NNTP (Usenet) 1026-1029 Windows Messenger 4899 Radmin 10000 Webmin 123 NTP 1080 SOCKS Proxy 5000 UPnP 10000 BackupExec 135 Microsoft RPC 1080 MyDoom 5001 Slingbox 10113-10116 NetIQ 137-139 NetBIOS 1194 OpenVPN 5001 iperf 11371 OpenPGP 143 IMAP4 1214 Kazaa 5004-5005 RTP 12035-12036 Second Life 161-162 SNMP 1241 Nessus 5050 Yahoo! Messenger 12345 NetBus 177 XDMCP 1311 Dell OpenManage 5060 SIP 13720-13721