Buenos días Internet!
Since the last couple of months, I was getting queries via my Facebook page asking me to teach Penetration Testing. People want to learn hacking and break something out of it. Okay, I appreciate the curiosity but morality matters. The term ethical in ethical hacking has to follow some rules. Just like some random redditor quoted: the rules are same as sex.If you don’t have their consent, you’re in the wrong. Only go as far as they want you to. Stop if they tell you to stop. First of all, there is no magic in hacking and nobody can teach you that. An ethical hacker is born out of knowledge,patience and wisdom. People can guide you be a hacker. Guidance on where to start, what to learn, where to learn and how to learn.
As a part of that, today we are happy to announce that we are starting a series of blog posts and YouTube videos to start learning penetration testing. Let’s begin with the greetings from mother Internet. 🙂
Lets talk about the history of internet first. Long before the introduction of a proper prototype of internet scientist have conceptualised the idea in many ways. For example, Nikola Tesla toyed with the idea of a “world wireless system” in the early 1900s.
Let’s speak about the cold war between US and Russia during the 1950’s. Because of Sputnik 1, launched in 1957, the US military was concerned about the Soviet Union attacking from space and destroying the US long-distance communications network.
The existing national defence network relied on telephone lines and wires that were susceptible to damage. In 1962, J.C.R. Licklider, a scientist from ARPA and MIT, suggested connecting computers to keep a communications network active in the US in the event of a nuclear attack. This network came to be known as the ARPA Network, or ARPAnet, which was the beginning of an era and put the basement to the history of internet.
Who is the actual owner of the internet? Ever thought? The internet connection to our homes and offices are provided by ISPs such as BSNL, Cable One, etc. We are paying the internet bills to the respective ISPs. But from where ISP get the internet? To whom they are paying the charges? Lets dig into that a little.
“The little ones talk to the big ones and the big ones talk to each other”
The above given quote exactly describes how the internet works. Here the little ones are the normal users like us. It includes our company’s smaller LAN network, home users, public wifi users, and so. All of these users get their internet from an ISP (Internet Service Provider). Some ISPs in India are Reliance,Bharti Airtel,BSNL,etc. And in turn these small ISPs get their internet from Giants called Tier1 networks. And if you ask from where does the Tier 1 network get the internet, the answer is, they share the network traffic with each other by peering and manages the whole network working all the time.
You still need to communicate with others somehow. That’s the key to the internet, communicating with others. If you get a big benefit from your ‘upstream’, you will probably have to pay your upstream partners money. Once you get big enough that there is a benefit to your partners to supply access to your customers, the fees balance out and you can sign a peering contract where neither of you pay one another, you just mutually share internet traffic.
Don’t worry, we’ll describe briefly about tiers and peering as you read on. So on the whole It can be considered that Internet Service Providers along with the huge networks (Tier 1) own and manage the backbone of the internet.
To make the above explained idea pretty clear, I suggest you to use the command traceroute (In windows it is tracert). Once you are connected to the internet and type
$ traceroute www.google.com
You can clearly see the path of your packet, through which all networks (or IPs) your traffic is redirected. On the first lines it’ll be showing your machine’s IP. Then your ISP’s name. Then the Tier’s details, and finally the Google’s server.
Although there is no authority that defines tiers of networks participating in the Internet, the most common definition of a tier 1 network is one that can reach every other network on the Internet without purchasing IP transit or paying settlements.
By this definition, a tier 1 network is a transit-free network that peers with every other tier-1 network. But not all transit-free networks are tier 1 networks. It is possible to become transit-free by paying for peering or agreeing to settlements.
Common definitions of tier 2 and tier 3 networks:
The current list of Tier 1 network is
The answer is Yes, Its possible. But there are a lot of complications involved in it. Quoting a response from the discussion board straightdope,
“You get your “internet” in the form of something like a T1 line from somebody like AT&T or one of their many competitors. Then you have to set up your own servers, register your domain, etc. Your cost is going to be several hundred dollars per month.
Keep in mind that what you’ll be getting is completely unfiltered internet traffic. Your server is going to be a target for hackers 24/7/365. Your ISP deals with a lot of stuff long before it gets to your computer, and if you are going to be the ISP then you have to deal with it. This requires a lot more hands on effort than just running an antivirus program on your computer. If you don’t manage the hackers well enough, your server will end up black listed, and other servers on the internet will reject traffic from you, and effectively large sections of the internet don’t work for you”
These networks(Tier 1) connect to each other through a process known as ‘peering’. Most traffic needs to go over at least 2 different top tier networks in order to reach its destination, and the networks are bridged with peering arrangements. The way this usually works is that each party to the agreement will commit to routing x amount of traffic for the other party on their network, and vice-versa. There is usually no money exchanged in these arrangements, unless one side is sending or receiving a lot more data than the other sides.
Large companies can also go out and arrange their own peering relationships. For example Netflix has arranged its own peering and network infrastructure directly with multiple tier-1 networks so that its traffic is both cheaper and closer to end users on each of the popular US broadband ISP’s.
Hope you like reading the history of internet. In the next part of this series we will discuss how a web application works. It is the basic knowledge a pentester must have. I am trying to keep this noob friendly and lightweight. So keep visiting this space and thanks for the read. As always, if you like reading the article donate me a coffee by clicking an ad shown in the blog 🙂
What is this web security checklist? Here is a curated web security checklist for developers… Read More
In the last part of the blog series we have seen the history of internet… Read More
Welcome back budding pen-testers. :) In the first part of the blog series we have… Read More