下载文档原格式
浅析HTTP的Referer含义理解、Referer作⽤(记录访问来源、防盗链、防⽌恶意请。
HTTP 请求的头信息⾥⾯,Referer 是⼀个常见字段,提供访问来源的信息。
很多开发者知道这个字段,但是说不清它的具体细节。
本⽂详细介绍该字段。
⼀、Referer 的含义 现实⽣活中,购买服务或加⼊会员的时候,往往要求提供信息:"你从哪⾥知道了我们?",这叫做引荐⼈(referrer),谁引荐了你?对于公司来说,这是很有⽤的信息。
互联⽹也是⼀样,你不会⽆缘⽆故访问⼀个⽹页,总是有⼈告诉你,可以去那⾥看看。
服务器也想知道,你的"引荐⼈"是谁? HTTP 协议在请求(request)的头信息⾥⾯,设计了⼀个 Referer 字段,给出"引荐⽹页"的 URL。
⽐如我从百度搜索关键字,然后跳转到我们⽹站,那么其 Referer 就是百度的搜索链接,百度链接⽐较长,带上了关键字之类的,如果是⾕歌的话,就只有⾕歌的⽹址,没有关键字那些。
这个字段是可选的。
客户端发送请求的时候,可以⾃主决定是否加上该字段。
需要注意的是,这个字段的拼写是错的。
Referer 的正确拼写是 Referrer,但是写⼊标准的时候,不知为何,没⼈发现少了⼀个字母 r。
标准定案以后,只能将错就错,所有头信息的该字段都⼀律错误拼写成 Referer。
⼆、Referer 的常见作⽤ Referer 字段实际上告诉了服务器,⽤户在访问当前资源之前的位置,这往往可以⽤来⽤户跟踪。
1、⽤户⾏为⽇志记录访问来源:这个就不多说了。
2、另⼀个典型的应⽤是:防盗链 ⽐如有些⽹站不允许图⽚外链,只有⾃家的⽹站才能显⽰图⽚,外部⽹站加载图⽚就会报错。
它的实现就是基于Referer字段,如果该字段的⽹址是⾃家⽹址,就放⾏。
如何处理:将http请求发给服务器后,如果服务器要求必须是某个地址或者某⼏个地址才能访问,⽽你发送的referer不符合他的要求,就会拦截或者跳转到他要求的地址,然后再通过这个地址进⾏访问。
whois什么是“WHOIS”WHOIS系统组成WHOIS工作过程WHOIS的历史及其发展WHOIS的隐私保护什么是“WHOIS”简单来说,whois就是一个用来查询域名是否已经被注册,以及注册域名的详细信息的数据库(如域名所有人、域名注册商、域名注册日期和过期日期等)。
通过whois 来实现对域名信息的查询。
早期的WHOIS查询多以命令列接口存在,但是现在出现了一些网页接口简化的线上查询工具,可以一次向不同的数据库查询。
网页接口的查询工具仍然依赖WHOIS协议向服务器发送查询请求,命令列接口的工具仍然被系统管理员广泛使用。
WHOIS通常使用TCP协议43埠。
每个域名/IP的WHOIS信息由对应的管理机构保存。
不同域名后缀的whois信息需要到不同的whois数据库查询。
如.com的whois数据库和.eu的就不同。
目前国内提供WHOIS查询服务的网站有万网的 , , , 等。
“WHOIS”是当前域名系统中不可或缺的一项信息服务。
在使用域名进行Internet冲浪时,很多用户希望进一步了解域名、名字服务器的详细信息,这就会用到WHOIS。
对于域名的注册服务机构(registrar)而言,要确认域名数据是否已经正确注册到域名注册中心(registry),也经常会用到WHOIS。
直观来看,WHOIS就是链接到域名数据库的搜索引擎,一般来说是属于网络信息中心(NIC)所提供和维护的名字服务之一。
WHOIS系统组成根据IETF标准要求,WHOIS服务一般由WHOIS系统来提供。
WHOIS系统是一个Client/Server系统。
其中Client端主要负责:1)提供访问WHOIS系统的用户接口;2)生成查询并将其以适当的格式传送给Server;3)接收Server传回的响应,并以用户可读的形式输出。
Server端则主要负责接收Client 端的请求并发回响应数据。
Internet上基于TCP协议的基本服务都有自己默认的TCP 端口号,象HTTP服务的默认端口号为80,FTP服务的默认控制端口号为21(数据端口为20)等。
referer校验机制Referer校验机制是一种用于保护Web应用程序的安全机制,该机制通过检查请求中的Referer头来防止恶意攻击者从其他网站发起攻击。
Referer头是HTTP请求中的一个标头,用于指示请求来源。
当用户从一个网页点击链接跳转到另一个网页时,浏览器会在请求头中添加Referer头,以便Web服务器知道请求来源。
例如,当用户从网站A跳转到网站B时,请求头中会包含Referer:。
Referer校验机制的工作原理很简单。
当Web应用程序接收到一个请求时,它会检查请求头中的Referer头。
如果Referer头与Web 应用程序的域名不匹配,应用程序会拒绝该请求,因为这可能是一个恶意攻击者试图从其他网站发起攻击。
Referer校验机制可以防止以下几种攻击:1. CSRF攻击:跨站请求伪造攻击是一种利用用户已登录的身份在不知情的情况下执行恶意操作的攻击。
攻击者通过在其他网站上放置伪造的表单或链接来欺骗用户。
当用户点击这些表单或链接时,Web浏览器会自动向目标网站发送请求,但是Referer头却指向攻击者的站点。
通过验证Referer头,Web应用程序可以检测到这种攻击并拒绝请求。
2. 点击劫持攻击:点击劫持攻击是一种通过欺骗用户在透明的iframe中单击操作,来执行恶意操作的攻击。
攻击者通过在透明的iframe中放置目标网站,并覆盖用户感兴趣的内容,诱使用户点击。
当用户单击iframe中的内容时,实际上是在执行攻击者指定的操作,而不是目标网站的操作。
通过验证Referer头,Web应用程序可以检测到这种攻击并拒绝请求。
3. 热连接攻击:热连接攻击是一种将其他网站的资源链接到目标网站的攻击。
攻击者将目标网站的资源链接复制到自己的网站上,并欺骗用户访问自己的网站。
当用户访问攻击者的网站时,实际上是在从目标网站上下载资源。
通过验证Referer头,Web应用程序可以检测到这种攻击并拒绝请求。
rfc协议RFC (Request for Comments)协议是互联网工程任务组(IETF)发布的一系列文件,它描述了互联网的各种协议、技术和标准。
RFC文档由IETF的成员和其他网络专业人士撰写,并经过同行审查后发布。
本文将对RFC协议进行简要介绍。
RFC协议的历史可以追溯到1969年,当时互联网的前身ARPANET刚刚建立,人们需要一个组织用于记录和交流互联网的相关协议。
随着时间的推移,RFC协议逐渐成为互联网标准发展的重要组成部分。
RFC协议的目的是促进全球范围内的技术合作和共享。
它提供了一种开放的、民主的方法,使任何人都可以参与到互联网协议的发展过程中来。
RFC协议的草案可以由任何人提交。
一旦提交,草案将经过同行审查,并由IETF进行讨论和投票,最终形成正式的RFC文档。
RFC协议的内容非常丰富,涵盖了从网络协议到应用程序的各个方面。
其中一些最著名的RFC文档包括TCP/IP协议族、HTTP协议、SMTP协议等。
RFC文档的编写方式相对自由,作者可以使用他们认为合适的格式和语言进行描述。
但是,RFC文档必须包含一些必要的内容,如标题、摘要、问题陈述、解决方案、安全考虑等。
这些要求确保了RFC文档的一致性和可读性。
RFC协议的发布对互联网的发展起到了重要的推动作用。
它促进了网络标准的制定和统一,使得不同厂商的设备能够互相通信,从而实现了互联网的互联互通。
同时,RFC协议的开放性也鼓励了创新和技术发展,使互联网能够不断适应新的需求和挑战。
总之,RFC协议是互联网发展的重要支撑和推动力量。
它通过开放、民主的方式推动着互联网的各个方面的发展,使得互联网成为了一个全球范围内的共享资源。
在未来的发展中,RFC协议将继续发挥其作用,推动互联网技术的创新和进步。
什么是whois? (whois的概念及应用)简单来说,whois就是一个用来查询域名是否已经被注册,以及注册域名的详细信息的数据库(如域名所有人、域名注册商、域名注册日期和过期日期等)。
通过whois来实现对域名信息的查询。
如果你想对这个问题做进一步了解,下面是中国互联网络信息中心(CNNIC)网站上的一篇关于WHOIS 的详细介绍,其中包括WHOIS概念、发展历程以及CNNIC WHOIS系统及其应用。
WHOIS概览(作者中国互联网络信息中心(CNNIC)技术部王朗)一. WHOIS的概念1.1什么是“WHOIS”“WHOIS”是当前域名系统中不可或缺的一项信息服务。
在使用域名进行Internet冲浪时,很多用户希望进一步了解域名、名字服务器的详细信息,这就会用到WHOIS。
对于域名的注册服务机构(registrar)而言,要确认域名数据是否已经正确注册到域名注册中心(registry),也经常会用到WHOIS。
直观来看,WHOIS就是链接到域名数据库的搜索引擎,一般来说是属于网络信息中心(NIC)所提供和维护的名字服务之一。
1.2 WHOIS系统组成根据IETF标准要求,WHOIS服务一般由WHOIS系统来提供。
WHOIS系统是一个Client/Server系统。
其中Client端主要负责:1)提供访问WHOIS系统的用户接口;2)生成查询并将其以适当的格式传送给Server;3)接收Server传回的响应,并以用户可读的形式输出。
Server端则主要负责接收Client端的请求并发回响应数据。
Internet上基于TCP协议的基本服务都有自己默认的TCP端口号,象HTTP服务的默认端口号为80,FTP服务的默认端口号为21等。
同样作为Internet上核心服务之一的WHOIS服务,其Server端默认监听43号TCP端口,接收查询请求并产生响应。
一般来说,Server端可以接收三种类型的信息查询:联系人、主机和域名。
Network Working Group M. St. Johns Request for Comments: 1413 US Department of Defense Obsoletes: 931 February 1993 Identification ProtocolStatus of this MemoThis RFC specifies an IAB standards track protocol for the Internetcommunity, and requests discussion and suggestions for improvements. Please refer to the current edition of the "IAB Official ProtocolStandards" for the standardization state and status of this protocol. Distribution of this memo is unlimited.1. INTRODUCTIONThe Identification Protocol (a.k.a., "ident", a.k.a., "the IdentProtocol") provides a means to determine the identity of a user of a particular TCP connection. Given a TCP port number pair, it returns a character string which identifies the owner of that connection onthe server’s system.The Identification Protocol was formerly called the AuthenticationServer Protocol. It has been renamed to better reflect its function. This document is a product of the TCP Client Identity ProtocolWorking Group of the Internet Engineering Task Force (IETF).2. OVERVIEWThis is a connection based application on TCP. A server listens for TCP connections on TCP port 113 (decimal). Once a connection isestablished, the server reads a line of data which specifies theconnection of interest. If it exists, the system dependent useridentifier of the connection of interest is sent as the reply. Theserver may then either shut the connection down or it may continue to read/respond to multiple queries.The server should close the connection down after a configurableamount of time with no queries - a 60-180 second idle timeout isrecommended. The client may close the connection down at any time;however to allow for network delays the client should wait at least30 seconds (or longer) after a query before abandoning the query and closing the connection.St. Johns [Page 1]Queries are permitted only for fully specified connections. Thequery contains the local/foreign port pair -- the local/foreignaddress pair used to fully specify the connection is taken from thelocal and foreign address of query connection. This means a user on address A may only query the server on address B about connectionsbetween A and B.4. QUERY/RESPONSE FORMATThe server accepts simple text query requests of the form:<port-on-server> , <port-on-client>where <port-on-server> is the TCP port (decimal) on the target (where the "ident" server is running) system, and <port-on-client> is theTCP port (decimal) on the source (client) system.N.B - If a client on host A wants to ask a server on host B about aconnection specified locally (on the client’s machine) as 23, 6191(an inbound TELNET connection), the client must actually ask about6191, 23 - which is how the connection would be specified on host B. For example:6191, 23The response is of the form<port-on-server> , <port-on-client> : <resp-type> : <add-info>where <port-on-server>,<port-on-client> are the same pair as thequery, <resp-type> is a keyword identifying the type of response, and <add-info> is context dependent.The information returned is that associated with the fully specified TCP connection identified by <server-address>, <client-address>,<port-on-server>, <port-on-client>, where <server-address> and<client-address> are the local and foreign IP addresses of thequerying connection -- i.e., the TCP connection to the Identification Protocol Server. (<port-on-server> and <port-on-client> are takenfrom the query.)For example:6193, 23 : USERID : UNIX : stjohns6195, 23 : ERROR : NO-USERSt. Johns [Page 2]A response can be one of two types:USERIDIn this case, <add-info> is a string consisting of anoperating system name (with an optional character setidentifier), followed by ":", followed by anidentification string.The character set (if present) is separated from theoperating system name by ",". The character setidentifier is used to indicate the character set of theidentification string. The character set identifier,if omitted, defaults to "US-ASCII" (see below).Permitted operating system names and character setnames are specified in RFC 1340, "Assigned Numbers" orits successors.In addition to those operating system and character setnames specified in "Assigned Numbers" there is onespecial case operating system identifier - "OTHER".Unless "OTHER" is specified as the operating systemtype, the server is expected to return the "normal"user identification of the owner of this connection."Normal" in this context may be taken to mean a stringof characters which uniquely identifies the connectionowner such as a user identifier assigned by the systemadministrator and used by such user as a mailidentifier, or as the "user" part of a user/passwordpair used to gain access to system resources. When anoperating system is specified (e.g., anything but"OTHER"), the user identifier is expected to be in amore or less immediately useful form - e.g., somethingthat could be used as an argument to "finger" or as amail address."OTHER" indicates the identifier is an unformattedcharacter string consisting of printable characters inthe specified character set. "OTHER" should bespecified if the user identifier does not meet theconstraints of the previous paragraph. Sending anencrypted audit token, or returning other non-useridinformation about a user (such as the real name andphone number of a user from a UNIX passwd file) areSt. Johns [Page 3]both examples of when "OTHER" should be used.Returned user identifiers are expected to be printablein the character set indicated.The identifier is an unformatted octet string - - alloctets are permissible EXCEPT octal 000 (NUL), 012 (LF)and 015 (CR). N.B. - space characters (040) following thecolon separator ARE part of the identifier string andmay not be ignored. A response string is stillterminated normally by a CR/LF. N.B. A string may beprintable, but is not *necessarily* printable.ERRORFor some reason the port owner could not be determined, <add-info>tells why. The following are the permitted values of <add-info> and their meanings:INVALID-PORTEither the local or foreign port was improperlyspecified. This should be returned if either orboth of the port ids were out of range (TCP portnumbers are from 1-65535), negative integers, reals orin any fashion not recognized as a non-negativeinteger.NO-USERThe connection specified by the port pair is notcurrently in use or currently not owned by anidentifiable entity.HIDDEN-USERThe server was able to identify the user of thisport, but the information was not returned at therequest of the user.UNKNOWN-ERRORCan’t determine connection owner; reason unknown.Any error not covered above should return thiserror code value. Optionally, this code MAY bereturned in lieu of any other specific error codeif, for example, the server desires to hideinformation implied by the return of that errorSt. Johns [Page 4]code, or for any other reason. If a serverimplements such a feature, it MUST be configurableand it MUST default to returning the proper errormessage.Other values may eventually be specified and defined in futurerevisions to this document. If an implementer has a need to specify a non-standard error code, that code must begin with "X".In addition, the server is allowed to drop the query connectionwithout responding. Any premature close (i.e., one where the client does not receive the EOL, whether graceful or an abort should beconsidered to have the same meaning as "ERROR : UNKNOWN-ERROR". FORMAL SYNTAX<request> ::= <port-pair> <EOL><port-pair> ::= <integer> "," <integer><reply> ::= <reply-text> <EOL><EOL> ::= "015 012" ; CR-LF End of Line Indicator<reply-text> ::= <error-reply> | <ident-reply><error-reply> ::= <port-pair> ":" "ERROR" ":" <error-type><ident-reply> ::= <port-pair> ":" "USERID" ":" <opsys-field>":" <user-id><error-type> ::= "INVALID-PORT" | "NO-USER" | "UNKNOWN-ERROR"| "HIDDEN-USER" | <error-token><opsys-field> ::= <opsys> [ "," <charset>]<opsys> ::= "OTHER" | "UNIX" | <token> ...etc.; (See "Assigned Numbers")<charset> ::= "US-ASCII" | ...etc.; (See "Assigned Numbers")<user-id> ::= <octet-string><token> ::= 1*64<token-characters> ; 1-64 characters<error-token> ::= "X"1*63<token-characters>; 2-64 chars beginning w/XSt. Johns [Page 5]<integer> ::= 1*5<digit> ; 1-5 digits.<digit> ::= "0" | "1" ... "8" | "9" ; 0-9<token-characters> ::=<Any of these ASCII characters: a-z, A-Z,- (dash), .!@#$%^&*()_=+.,<>/?"’˜‘{}[]; >; upper and lowercase a-z plus; printables minus the colon ":"; character.<octet-string> ::= 1*512<octet-characters><octet-characters> ::=<any octet from 00 to 377 (octal) except forASCII NUL (000), CR (015) and LF (012)>Notes on Syntax:1) To promote interoperability among variantimplementations, with respect to white space the abovesyntax is understood to embody the "be conservative inwhat you send and be liberal in what you accept"philosophy. Clients and servers should not generateunnecessary white space (space and tab characters) butshould accept white space anywhere except within atoken. In parsing responses, white space may occuranywhere, except within a token. Specifically, anyamount of white space is permitted at the beginning orend of a line both for queries and responses. Thisdoes not apply for responses that contain a user IDbecause everything after the colon after the operatingsystem type until the terminating CR/LF is taken aspart of the user ID. The terminating CR/LF is NOTconsidered part of the user ID.2) The above notwithstanding, servers should restrict theamount of inter-token white space they send to thesmallest amount reasonable or useful. Clients shouldfeel free to abort a connection if they receive 1000characters without receiving an <EOL>.3) The 512 character limit on user IDs and the 64character limit on tokens should be understood to meanas follows: a) No new token (i.e., OPSYS or ERROR-TYPE)token will be defined that has a length greater than 64and b) a server SHOULD NOT send more than 512 octets ofuser ID and a client MUST accept at least 512 octets ofSt. Johns [Page 6]user ID. Because of this limitation, a server MUSTreturn the most significant portion of the user ID inthe first 512 octets.4) The character sets and character set identifiers shouldmap directly to those defined in or referenced by RFC 1340,"Assigned Numbers" or its successors. Character setidentifiers only apply to the user identification field- all other fields will be defined in and must be sentas US-ASCII.5) Although <user-id> is defined as an <octet-string>above, it must follow the format and character setconstraints implied by the <opsys-field>; see thediscussion above.6) The character set provides context for the client toprint or store the returned user identification string.If the client does not recognize or implement thereturned character set, it should handle the returnedidentification string as OCTET, but should in additionstore or report the character set. An OCTET stringshould be printed, stored or handled in hex notation(0-9a-f) in addition to any other representation theclient implements - this provides a standardrepresentation among differing implementations.6. Security ConsiderationsThe information returned by this protocol is at most as trustworthyas the host providing it OR the organization operating the host. For example, a PC in an open lab has few if any controls on it to prevent a user from having this protocol return any identifier the userwants. Likewise, if the host has been compromised the informationreturned may be completely erroneous and misleading.The Identification Protocol is not intended as an authorization oraccess control protocol. At best, it provides some additionalauditing information with respect to TCP connections. At worst, itcan provide misleading, incorrect, or maliciously incorrectinformation.The use of the information returned by this protocol for other thanauditing is strongly discouraged. Specifically, using Identification Protocol information to make access control decisions - either as the primary method (i.e., no other checks) or as an adjunct to othermethods may result in a weakening of normal host security.St. Johns [Page 7]An Identification server may reveal information about users,entities, objects or processes which might normally be consideredprivate. An Identification server provides service which is a rough analog of the CallerID services provided by some phone companies and many of the same privacy considerations and arguments that apply tothe CallerID service apply to Identification. If you wouldn’t run a "finger" server due to privacy considerations you may not want to run this protocol.7. ACKNOWLEDGEMENTSAcknowledgement is given to Dan Bernstein who is primarilyresponsible for renewing interest in this protocol and for pointingout some annoying errors in RFC 931.References[1] St. Johns, M., "Authentication Server", RFC 931, TPSC, January1985.[2] Reynolds, J., and J. Postel, "Assigned Numbers", STD 2, RFC 1340, USC/Information Sciences Institute, July 1992.Author’s AddressMichael C. St. JohnsDARPA/CSTO3701 N. Fairfax DrArlington, VA 22203Phone: (703) 696-2271EMail: stjohns@St. Johns [Page 8]。
网络侦察技术分析(一)[本文原创,禁止任何形式的转载]一名严谨的黑客在入侵之前会先进行网络侦察及分析,以判断可行性及应采取的入侵方法。
我们今天就讲一下一名黑客是如何进行网络侦察的。
首先,我们介绍一下安全管理的规范。
一名好的网络安全人员,应该从两个不同的角度来分析网络进行安全评估:1、从黑客角度进行思考,寻找现有的网络漏洞,对网络资源加以保护;2、从安全管理者的角度进行思考,寻找最佳途径既可保障安全又不影响商业运作效率。
从安全管理者角度考虑,安全管理者知道网络是如何配置的,更多从防火墙内部发起探测,关注内部网络的服务器和主机是否有异常情况,但黑客是不知道目标网络的配置情况,他们是从防火墙外部进行攻击/渗透的,所以一名合格的安全管理者还要从防火墙外部进行渗透看是否能穿透防火墙而控制网络主机。
如图:从安全顾问角度考虑,首先要从不知情者的角度加以定位,然后以内部知情人的角度来评估网络安全如图:下面我们看一下不同基点的安全管理结构:首先我们介绍一下基于网络的安全管理结构。
如图:由图可知,基于网络的管理产品将软件安装在一台服务器上,由它来向网络提出查询,提出查询的要求,其中主机往往是管理者,扫描网络上所有可疑的活动。
在这种结构下每台计算机被动的响应查询,优点是主机并不知道被监视,缺点是监视端口会对交换机的性能产生影响我们再介绍一下基于主机级的安全管理结构。
如图:由图可知,这是一种分层管理体系,一层是图形界面,二层是管理者,通过代理发出查询请求,从代理收集信息进行显示,三层是安装在每台主机上的代理。
可安装SNMP辅助管理。
安全审计的三个阶段:对于安全管理的几个概念我们介绍完了,我们看一下网络攻击的动机。
随着木马/病毒及黑客技术的商业化,网络攻击行为越来越多的是为了名利目的。
现在所存在的主要动机为:偷取国家机密、商业竞争行为、内部员工对单位的不满、对企业核心机密的企望、网络接入帐号/信用卡号等金钱利益的诱惑、利用攻击网络站点而出名、对网络安全技术的挑战、对网络的好奇心。
rfc相关设置及使用RFC(Request for Comments)是一种用于定义互联网协议、标准和相关问题的文档。
RFC的格式由互联网工程任务组(IETF)统一规定,它们记录了网络技术的发展和演进过程。
在本文中,我们将介绍RFC相关的设置和使用。
1. 了解RFC的作用和历史:RFC是由IETF组织制定的一种标准化文档,它记录了互联网协议的设计、开发和演化过程。
RFC起源于20世纪60年代的ARPANET,是一种社区驱动的文档,通过共享和讨论来推动互联网技术的发展。
RFC文档旨在提供指南、建议和最佳实践,帮助网络技术人员解决问题。
2. 寻找和阅读RFC文档:RFC文档可以在互联网上免费获取,IETF的官方网站和其他资源库都有存档。
这些文档按照顺序编号,并且以RFC开头,比如RFC 791定义了IPv4协议。
通过搜索引擎或在IETF网站上使用关键词搜索,可以找到特定主题的RFC文档。
阅读RFC文档时,应该注意文档的状态,有一些可能已经被更新或废弃。
3. 使用RFC文档:RFC文档在网络技术的发展过程中起着重要的指导作用。
它们提供了协议规范、算法实现、安全性和隐私等方面的建议。
网络管理员、网络工程师和开发人员可以使用RFC文档来了解和理解特定协议或标准的设计原理和要求。
此外,RFC文档还常用于进行互联网协议的实现、编程和配置。
4. 参与RFC的制定过程:RFC并不是静止的文件,而是一个持续演进的过程。
任何人都可以参与到RFC的制定过程中。
要参与RFC的制定,可以加入IETF并参与相关的工作组或邮件列表。
通过这种方式,个人可以提出改进建议,参与讨论和标准化的制定。
5. 遵循RFC的指导原则:在网络技术领域,遵循RFC的指导原则是至关重要的。
这些指导原则包括设计原则、协议分层、安全性和互操作性等要求。
遵循RFC的指导原则可以确保网络协议的正确性、稳定性和可靠性,同时也可以促进网络技术的发展和创新。
总结起来,RFC在互联网技术领域起着重要的作用,它们记录了互联网协议的发展历程和指导原则。
rfc 3174标准RFC 3174标准介绍RFC(Request for Comments)3174是一项用于计算机网络中数据完整性校验的标准。
该标准定义了一种安全散列算法,即SHA-1(Secure Hash Algorithm 1)算法,用于验证数据在传输过程中是否被篡改。
SHA-1算法是美国国家安全局(NSA)设计的一种加密散列函数。
它将任意大小的数据块映射为一个固定长度的哈希值,通常为160位。
哈希值是一个数字指纹,用于唯一标识原始数据。
SHA-1算法使用了一系列复杂的位操作和逻辑函数来执行数据转换,以确保数据和哈希值之间的关联性。
RFC 3174标准的主要目的是提供一种机制来验证数据的完整性,以解决数据篡改的问题。
在现代互联网中,数据传输时存在被黑客篡改的风险。
如果数据在传输过程中被篡改,接收方将无法确定数据是否真实,从而产生安全隐患。
通过使用SHA-1算法,发送方可以将数据进行哈希运算并生成哈希值,然后将哈希值附加到数据中一起传输。
接收方可以使用相同的算法对接收到的数据进行计算,并将计算出的哈希值与附加的哈希值进行比较。
如果两个哈希值匹配,即可确认数据的完整性,并且可以安全地使用接收到的数据。
SHA-1算法具有以下特点,使其成为数据完整性校验的理想选择:1. 不可逆性:SHA-1算法将数据转换为固定长度的哈希值,不同的数据将生成不同的哈希值。
但是,无法通过哈希值推导出原始数据,使得黑客无法从哈希值中了解任何有关原始数据的信息。
2. 高度敏感性:SHA-1算法对数据的任何改动都会导致不同的哈希值。
即使是对原始数据进行微小的修改,也会显著改变哈希值,从而保证了数据完整性的检测。
3. 速度较快:SHA-1算法的计算速度较快,适用于大规模数据的处理。
这样可以确保数据的完整性校验不会成为传输过程中的瓶颈。
尽管SHA-1算法在数据完整性校验方面表现出色,但是随着计算能力的增强和密码破解技术的不断发展,SHA-1算法已经不再被认为是安全的加密散列函数。
科技部科技基础性工作专项资金重大项目研究成果项目名称:我国数字图书馆标准规范建设子项目名称:数字资源检索与应用标准规范研究项目编号:2002DEA20018研究成果类型:研究报告成果名称:LDAP协议应用指南成果编号:CDLS-S07-002成果版本:总项目组推荐稿成果提交日期:2003年2月撰写人:张智雄(中国科学院文献情报中心)项目版权声明本报告研究工作属于科技部科技基础性工作专项资金重大项目《我国数字图书馆标准规范建设》的一部分,得到科技部科技基础性工作专项资金资助,项目编号为2002DEA20018。
按照有关规定,国家和《我国数字图书馆标准规范建设》课题组拥有本报告的版权,依照《中华人民共和国著作权法》享有著作权。
本报告可以复制、转载、或在电子信息系统上做镜像,但在复制、转载或镜像时须注明真实作者和完整出处,并在明显地方标明“科技部科技基础性工作专项资金重大项目《我国数字图书馆标准规范建设》资助”的字样。
报告版权人不承担用户在使用本作品内容时可能造成的任何实际或预计的损失。
作者声明本报告作者谨保证本作品中出现的文字、图片、声音、剪辑和文后参考文献等内容的真实性和可靠性,愿按照《中华人民共和国著作权法》,承担本作品发布过程中的责任和义务。
科技部有关管理机构对于本作品内容所引发的版权、署名权的异议、纠纷不承担任何责任。
《我国数字图书馆标准规范建设》课题组网站()作为本报告的第一发表单位,并可向其他媒体推荐此作品。
在不发生重复授权的前提下,报告撰写人保留将经过修改的项目成果向正式学术媒体直接投稿的权利。
LDAP协议应用指南目 录1. 协议概述 (1)2. LDAP的特点和应用领域 (1)3. LDAP目录的优势 (2)1.协议概述LDAP(Lightweight Directory Access Protocol,轻量级目录存取协议)是目前广泛应用的目录协议。
在计算机中,目录被认为是一种特殊的数据库,也有人将其称为数据仓库(Data Repository),它被用于存储一定类型的经过整序的信息。
Whois协议原理及使用RFC812定义了一个非常简单的Internet信息查询协议——WHOIS协议。
其基本内容是,先向服务器的TCP端口43建立一个连接,发送查询关键字并加上回车换行,然后接收服务器的查询结果。
世界上各级Internet管理机构秉承公开、公正、共享的原则,设立了可以查知IP地址和域名所有者登记资料的WHOIS服务器,以便所有Internet的使用者排除故障、打击网上非法活动。
全世界国际区域性的IP地址管理机构有四个:ARIN、RIPE、APNIC、LACNIC,他们负责的IP地址的地理区域如下图所示。
四个国际区域性IP地址管理机构所负责的区域(此图摘自《RIPE 2002年度报告》)重要的Internet管理机构和常用的WHOIS服务器机构缩写WHOIS服务器地址机构全名及地点提供查询内容CERNIC 中国教育与科研计算机网网络信息中心(清华大学·中国北京) 中国教育网内的IP地址和域名信息CNNIC 中国互联网络信息中心(中国科学院计算机网络信息中心·中国北京) .cn域名(除)信息INTERNIC 互联网络信息中心(美国洛杉矶市Marina del Rey镇) .com,.net,.org,.biz,.info,.name域名的注册信息(只给出注册代理公司)ARIN 美国Internet号码注册中心(美国弗吉尼亚州Chantilly市) 全世界早期网络及现在的美国、加拿大、撒哈拉沙漠以南非洲的IP地址信息APNIC 亚洲与太平洋地区网络信息中心(澳大利亚昆士兰州密尔顿镇) 东亚(包括中国大陆和台湾)、南亚、大洋洲IP地址注信息RIPE 欧州IP地址注册中心(荷兰阿姆斯特丹) 欧洲、北非、西亚地区的IP地址信息TWNIC 台湾互联网络信息中心(中国台湾台北) .tw域名和部分台湾岛内IP地址信息JPNIC whois.nic.ad.jp 日本互联网络信息中心(日本东京) .jp域名和日本境内的IP地址信息KRNIC 韩国互联网络信息中心(韩国汉城) .kr域名和韩国境内的IP地址信息LACNIC 拉丁美洲及加勒比互联网络信息中心(巴西圣保罗) 拉丁美洲及加勒比海诸岛IP地址信息本机上的自动WHOIS服务,是按照下图所示的流程,依次查询若干个WHOIS服务器之后,得到某个IP地址的WHOIS信息。
referer校验机制referer校验机制是一种用于验证HTTP请求来源的安全机制。
它通过检查请求中的referer字段来判断请求是否来自可信任的来源,从而防止恶意攻击和非法访问。
在本文中,我们将详细介绍referer校验机制的原理、使用场景和安全风险。
一、referer校验机制的原理referer校验机制是基于HTTP协议中的referer字段实现的。
当用户访问一个网页时,浏览器会在请求中自动添加referer字段,用来告诉服务器该请求是从哪个页面跳转而来的。
服务器可以根据referer字段来判断请求的来源,并进行相应的处理。
1. 防止CSRF攻击:referer校验机制可以有效防止跨站请求伪造(CSRF)攻击。
攻击者通常通过伪造请求,将用户操作发送到目标网站,从而在用户不知情的情况下执行恶意操作。
通过referer校验,服务器可以判断请求的来源是否合法,拒绝非法请求,从而保护用户的数据安全。
2. 防止盗链:盗链是指在一个网站上使用了另一个网站的资源,如图片、视频等。
通过referer校验,服务器可以判断资源请求的来源是否合法,如果不合法则拒绝提供资源,从而防止盗链行为。
3. 统计分析:referer字段可以用于统计分析,通过分析referer 数据,可以了解网站的流量来源,分析用户行为和偏好,从而优化网站的设计和运营。
三、referer校验机制的安全风险1. referer字段易被篡改:由于referer字段是由浏览器自动添加的,因此攻击者可以通过修改请求头中的referer字段来绕过referer校验。
为了避免这种情况发生,服务器端需要对referer 字段进行严格的校验和过滤,确保其合法性。
2. referer字段可能存在隐私泄露:referer字段泄露了用户访问来源的信息,可能包含敏感信息,如搜索关键词、访问页面等。
为了保护用户的隐私,网站可以选择在链接跳转时禁用referer字段,或者对referer字段进行加密处理。
whois命令的使用方法WHOIS命令是一个用于查询网络主机的信息的工具或协议,它以文本形式返回有关域名、IP地址以及注册机构的相关信息。
许多人可能从未听说或使用过WHOIS命令,但对于那些需要了解特定域名或主机的更多信息的人来说,WHOIS是非常有用的工具。
WHOIS可以用于查询许多不同类型的信息,其中包括:1. 域名注册信息:WHOIS命令可以帮助查找域名、域名的注册人、域名注册机构、域名的注册日期以及到期时间等信息。
2. IP地址信息:WHOIS命令可以帮助查找IP地址的所有者、IP地址的注册机构以及IP地址的地理位置等信息。
3. ASN信息:ASN(Autonomous System Number)表示互联网中的自治系统号码,可以帮助查找ASN号码所在的国家、ASN的名称以及相关的网络服务提供商等信息。
WHOIS命令的使用方法有以下几种:1. 通过网站查询:许多域名注册机构都提供了WHOIS 查询服务。
用户可以直接访问这些网站,然后输入要查询的域名或IP地址,以获得相关的信息。
2. 命令行查询:用户也可以从命令行执行WHOIS命令,以获得相关的信息。
在Windows操作系统中,用户可以打开命令提示符窗口,然后输入“WHOIS [域名或IP地址]”,其中“[域名或IP地址]”表示要查询的域名或IP 地址。
在Unix/Linux操作系统中,用户可以在终端中输入命令“whois [域名或IP地址]”。
3. 第三方应用程序:用户还可以使用第三方WHOIS查询应用程序,如Whois Lookup和WHOIS查询工具等。
这些应用程序通常比网站和命令行更易于使用,并具有更多的功能和选项。
关于WHOIS命令的一些注意事项:1. WHOIS信息通常包含敏感信息,如域名所有者的姓名、地址、电话号码和电子邮件地址等。
因此,用户在查询WHOIS信息时应该谨慎,以避免在不恰当的地方公开敏感信息。
2. WHOIS信息可能不是100%准确的。
端口协议描述状态0TCP,UDP保留端口;不使用(若发送过程不准备接受回复消息,则可以作为源端口)官方1TCP,UDP TCPMUX(传输控制协议端口服务多路开关选择器)官方5TCP,UDP RJE(远程作业登录)官方7TCP,UDP ECHO(回显)协议官方9TCP,UDP DISCARD(丢弃)协议官方11TCP,UDP SYSTAT协议官方13TCP,UDP DAYTIME协议官方15TCP,UDP NETSTAT协议官方17TCP,UDP QOTD(Quote of the Day,每日引用)协议官方18TCP,UDP消息发送协议官方19TCP,UDP CHARGEN(字符发生器)协议官方20TCP,UDP文件传输协议(FTP) - 默认数据端口官方21TCP,UDP文件传输协议(FTP) - 控制端口官方22TCP,UDP SSH (Secure Shell) - 远程登录协议,用于安全登录 文件传输(SCP,SFTP)及端口重官方23TCP,UDP Telnet 终端仿真协议 - 未加密文本通信官方25TCP,UDP SMTP(简单邮件传输协议) - 用于邮件服务器间的电子邮件传递官方26TCP,UDP RSFTP - 一个简单的类似FTP的协议非官方35TCP,UDP QMS Magicolor 2 printer非官方37TCP,UDP TIME时间协议官方39TCP,UDP Resource Location Protocol(资源定位协议)官方41TCP,UDP图形官方42TCP,UDP Host Name Server(主机名服务)官方42TCP,UDP WINS(WINS主机名服务)非官方43TCP WHOIS 协议官方49TCP,UDP TACACS 登录主机协议官方53TCP,UDP DNS(域名服务系统)官方56TCP,UDP远程访问协议官方57TCP MTP,邮件传输协议67UDP BOOTP(BootStrap协议)服务;同时用于DHCP(动态主机设定协议)官方68UDP BOOTP 客户端;同时用于DHCP(动态主机设定协议)官方69UDP TFTP(小型文件传输协议)官方70TCP Gopher信息检索协议官方79TCP Finger协议官方80TCP HTTP(超文本传输协议)- 用于传输网页官方81TCP HTTP预备(超文本传输协议)官方81TCP Torpark - Onion routing ORport非官方82UDP Torpark - 控制端口非官方88TCP Kerberos - 认证代理官方101TCP主机名102TCP ISO-TSAP 协议107TCP远程Telnet协议109TCP POP(Post Office Protocol),“邮局协议”,第2版110TCP POP3(“邮局协议”,第3版)- 用于接收电子邮件官方111TCP,UDP Sun协议官方113TCP ident - old server identification system, 仍然被IRC 服务器用来认证它的用户官方115TCP SFTP, 简单文件传输协议117TCP UUCP-PATH118TCP,UDP SQL 服务官方119TCP NNTP (Network News Transfer Protocol) - 用来收取新闻组的消息官方123UDP NTP (Network Time Protocol) - used for time synchronization官方135TCP,UDP EPMAP (End Point Mapper) / Microsoft RPC Locator Service官方137TCP,UDP NetBIOS NetBIOS Name Service官方138TCP,UDP NetBIOS NetBIOS Datagram Service官方139TCP,UDP NetBIOS NetBIOS Session Service官方143TCP,UDP IMAP4 (Internet Message Access Protocol 4) - used for retrieving E-mails官方152TCP,UDP BFTP, Background File Transfer Program153TCP,UDP SGMP, Simple Gateway Monitoring Protocol156TCP,UDP SQL Service官方158TCP,UDP DMSP, Distributed Mail Service Protocol161TCP,UDP SNMP (Simple Network Management Protocol)官方162TCP,UDP SNMPTRAP官方170TCP Print-srv179TCP BGP (Border Gateway Protocol)官方194TCP IRC (Internet Relay Chat)官方201TCP,UDP AppleTalk Routing Maintenance209TCP,UDP The Quick Mail Transfer Protocol213TCP,UDP IPX官方218TCP,UDP MPP, Message Posting Protocol220TCP,UDP IMAP, Interactive Mail Access Protocol, version 3259TCP,UDP ESRO, Efficient Short Remote Operations264TCP,UDP BGMP,Border Gateway Multicast Protocol308TCP Novastor Online Backup官方311TCP Apple Server-Admin-Tool, Workgroup-Manager-Tool318TCP,UDP TSP, Time Stamp Protocol323TCP,UDP IMMP, Internet Message Mapping Protocol383TCP,UDP HP OpenView HTTPs Operations Agent366TCP,UDP SMTP, Simple Mail Transfer Protocol. ODMR, On-Demand Mail Relay369TCP,UDP Rpc2portmap官方371TCP,UDP ClearCase albd官方384TCP,UDP A Remote Network Server System387TCP,UDP AURP, AppleTalk Update-based Routing Protocol389TCP,UDP LDAP (Lightweight Directory Access Protocol)官方401TCP,UDP UPS Uninterruptible Power Supply官方411TCP Direct Connect Hub port非官方412TCP Direct Connect Client-To-Client port非官方427TCP,UDP SLP (Service Location Protocol)官方443TCP HTTPS - HTTP Protocol over TLS/SSL (encrypted transmission)官方444TCP,UDP SNPP,Simple Network Paging Protocol445TCP Microsoft-DS (Active Directory,Windows shares, Sasser worm,Agobot, Zobotwor官方445UDP Microsoft-DS SMB file sharing官方464TCP,UDP Kerberos Change/Set password官方465TCP Cisco protocol官方465TCP SMTP over SSL非官方475TCP tcpnethaspsrv (Hasp services, TCP/IP version)官方497TCP dantz backup service官方500TCP,UDP ISAKMP,IKE-Internet Key Exchange官方502TCP,UDP Modbus,Protocol512TCP exec, Remote Process Execution512UDP comsat, together with biff:notifies users of new c.q. yet unread e-mail513TCP Login513UDP Who514TCP rsh514UDP syslog protocol - used for system logging官方515TCP Line Printer Daemon protocol - used in LPD printer servers517UDP Talk518UDP NTalk520TCP efs520UDP Routing - RIP官方513UDP Router524TCP,UDP NCP (NetWare Core Protocol) is used for a variety things such as access to pr官方525UDP Timed, Timeserver530TCP,UDP RPC官方531TCP,UDP AOL Instant Messenger, IRC非官方532TCP netnews533UDP netwall, For Emergency Broadcasts540TCP UUCP (Unix-to-Unix Copy Protocol)官方542TCP,UDP commerce (Commerce Applications)官方543TCP klogin, Kerberos login544TCP kshell, Kerberos Remote shell546TCP,UDP DHCPv6 client547TCP,UDP DHCPv6 server548TCP AFP(Apple Filing Protocol)550UDP new-rwho, new-who554TCP,UDP RTSP (Real Time Streaming Protocol)官方556TCP Remotefs, rfs, rfs_server560UDP rmonitor, Remote Monitor561UDP monitor563TCP,UDP NNTP protocol over TLS/SSL (NNTPS)官方587TCP email message submission(SMTP) (RFC 2476)官方591TCP FileMaker 6.0 (and later) Web Sharing (HTTP Alternate, see port 80)官方593TCP,UDP HTTP RPC Ep Map(RPC over HTTP, often used by DCOM services and Microsoft Exc官方604TCP TUNNEL631TCP,UDP IPP,Internet Printing Protocol636TCP,UDP LDAP over SSL (encrypted transmission, also known as LDAPS)官方639TCP,UDP MSDP, Multicast Source Discovery Protocol646TCP LDP, Label Distribution Protocol647TCP DHCP Failover Protocol648TCP RRP, Registry Registrar Protocol652TCP DTCP, Dynamic Tunnel Configuration Protocol654UDP AODV, Ad hoc On-Demand Distance Vector665TCP sun-dr, Remote Dynamic Reconfiguration非官方666UDP毁灭战士,电脑平台上的一系列第一人称射击游戏。
RFC(Request For Comments)-意即“请求注解”,包含了关于Internet的几乎所有重要的文字资料。
如果你想成为网络方面的专家,那么RFC无疑是最重要也是最经常需要用到的资料之一,所以RFC享有网络知识圣经之美誉。
通常,当某家机构或团体开发出了一套标准或提出对某种标准的设想,想要征询外界的意见时,就会在Internet上发放一份RFC,对这一问题感兴趣的人可以阅读该RFC并提出自己的意见;绝大部分网络标准的指定都是以RFC的形式开始,经过大量的论证和修改过程,由主要的标准化组织所指定的,但在RFC中所收录的文件并不都是正在使用或为大家所公认的,也有很大一部分只在某个局部领域被使用或并没有被采用,一份RFC具体处于什么状态都在文件中作了明确的标识。
截止到2001年中期,公布的RFC大约有3000余篇,以下是几个较为稳定的RFC链接,以及几个重要的标准化组织的网站链接>>> RFC的官方站点,可以检查RFC最及时的更新情况最重要的Internet组织之一http://sunsite.dk RFC查询非常强大(可以以FTP登录下载全部RFC文档)http://www.iso.ch ISO-国际标准化组织 IEEE-电气与电子工程师协会 ANSI-美国国家标准化组织http://www.itu.int ITU-国际电信同盟下面的程序连接到的服务器,只要键入想查看的RFC的完整编号,就可以访问该文档;如果你还不是太清楚每个RFC描述的内容,可以先在本站下载RFC的目录文件压缩包>>> rfcindex.zip (141KB)RFC文档下载推荐RFC英文站点://rfcs/RFC分类检索:以下根据RFC被公布时的状态把RFC索引划分成几类:Standards(标准)Draft Standards(草案标准)Proposed Standards(提案标准)OTHER RFCS(其他RFC)Experimental(实验性的)Informational(知识性的)Historic(历史性的)Early RFCs (before IETF standards track早期的,在IETF标准化之前)RFC SUB-SERIES(RFC子集)Standards (标准,STD)Best Current Practice (最优当前实现,BCP)For Your Information (FYI)RFC文档阅读(中文):RFC 1-100RFC 101-700RFC 701-1000RFC 1001-1500RFC 1501-2000RFC 2001-2500RFC 2501-3000RFC 3001-3039Supported Internet RFCs and DraftsRFC文档下载(英文):[RFC1-500](950K)[RFC501-1000](3544K)[RFC1001-1500](13454K)[RFC1501-2000](8494K) [RFC2001-2500](7565K)[RFC2501-3000](9517K)[RFC3001-latest](1187K)常见协议RFC对应表协议层次协议缩写协议英文全称协议中文名RFCApplication LayerCOPS Common Open Policy Service 公共开放策略服务RFC 2748FANP Flow Attribute Notification Protocol 流属性通知协议RFC 2129Finger User Information Protocol 用户信息协议RFC 1194,1196,1228FTP File Transfer Protocol 文件传输协议RFC 959HTTP Hypertext Transfer Protocol 超文本传输协议RFC 1945,2616IMAP4 Internet Message Access Protocol version 4 因特网信息访问协议第四版RFC 1730IMPP Instant Messaging and Presence Protocol 即时信息表示协议RFC 3861IRC Internet Relay Chat Protocol Internet在线聊天协议RFC 1459ISAKMP Internet Security Association and Key Management Protocol ? Interne安全连接和密钥管理协议RFC 2048DNS Domain Name System 域名系统RFC 4343DHCP Dynamic Host Configuration Protocol 动态主机配置协议RFC 2131BOOTP Bootstrap Protocol 引导协议RFC 951NTP Network Time Protocol 网络时间协议RFC 958NNTP Network News Transfer Protocol 网络新闻传输协议RFC 977POP3 Post Office Protocol version 3 邮局协议第三版RFC 1939Radius Remote Authentication Dial In User Service 远程用户拨号认证服务协议RFC 2138RLOGIN Remote Login 远程登陆协议RFC 1258,1282RTSP Real-time Streaming Protocol 实时流协议RFC 2326SCTP Stream Control Transmision Protocol 流控制传输协议RFC 2960S-HTTP Secure Hypertext Transfer Protocol 安全超文本传输协议RFC 2660SLP Service Location Protocol 服务定位协议RFC 2165SMTP Simple Mail Transfer Protocol 简单邮件传输协议RFC 821,2821ICP Internet Cache Protocol Internet缓存协议RFC 2186SNMP Simple Network Management Protocol 简单网络管理协议RFC 1157SOCKS Socket Secure 安全套接字协议RFC 1928TACACS Terminal Access Controller Access Control System 终端访问控制器访问控制系统协议RFC 1492TELNET TCP/IP Terminal Emulation Protocol TCP/IP终端仿真协议RFC 854TFTP Trivial File Transfer Protocol 简单文件传输协议RFC 1350X-Window X Window X Window RFC 1198Presentation LayerNBSSN NetBIOS Session Service NetBIOS会话服务协议RFC 1001LPP LightWight Presentation Protocol 轻量级表示协议RFC 1085Session LayerTLS Transport Layer Security 传输层安全协议RFC 2246LDAP Lightweight Directory Access Protocol 轻量级目录访问协议RFC 1777RPC Remote Procedure Call protocol 远程过程调用协议RFC 1050,1057,1831Transport LayerMobile IP Mobile IP Protocol 移动IP协议RFC 2002RUDP Reliable User Datagram Protocol 可靠的用户数据报协议RFC 908,1151TALI Transport Adapter Layer Interface 传输适配层接口协议RFC 3094TCP Transmission Control Protocol 传输控制协议RFC 793UDP User Datagram Protocol 用户数据报协议RFC 768Van Jacobson compressed TCP 压缩TCP协议RFC 1144XOT X.25 over TCP 基于TCP之上的X.25协议RFC 1613Network LayerEGP Exterior Gateway Protocol 外部网关协议RFC 827OSPF Open Shortest Path First 开放最短路径优先协议RFC 2178,2328DVMRP Distance Vector Multicast Routing Protocol 距离矢量组播路由协议RFC 1075ICMP Internet Control Message Protocol version 4 Internet控制信息协议RFC 792ICMPv6 Internet Control Message Protocol version 6 Internet控制信息协议第6版RFC 1885,2463 IGMP Internet Group Management Protocol Internet组管理协议RFC 1112, 2236,3376IP Internet Protocol version 4 互联网协议RFC 791NHRP Next Hop Resolution Protocol 下一跳解析协议RFC 2332IPv6 Internet Protocol version 6 互联网协议第6版RFC 1883,2460MOSPF Mulitcast Open Shortest Path First 组播开放最短路径优先协议RFC 1585PGM Pragamatic General Mulitcast Protocol 实际通用组播协议RFC 3208PIM-SM Protocol Independent Multicast-Sparse Mode 稀疏模式独立组播协议RFC 2362 PIM-DM Protocol Independent Multicast-Dense Mode 密集模式独立组播协议RFC 3973 SLIP Serial Line IP 串行线路IP协议RFC 1055MARS Multicast Address Resolution Server 组播地址解析服务器协议RFC 2022RIP2 Routing Information Protocol version 2 路由信息协议第2版RFC 2453RIPng for IPv6 Routing Information Protocol for IPv6 IPv6路由信息协议RFC 2080 RSVP Resource-Reservation Protocol 资源预留协议RFC 2205,2750VRRP Virtual Router Redundancy Protocol 虚拟路由器冗余协议RFC 2338,3768AH Authentication Header Protocol 认证头协议RFC 2402ESP Encapsulating Security Payload 安全封装有效载荷协议RFC 2406Data Link LayerARP Address Resolution Protocol 地址解析协议RFC 826RARP Reverse Address Resolution Protocol 逆向地址解析协议RFC 903IARP Inverse Address Resolution Protocol 逆向地址解析协议RFC 2390DCAP Data Link Switching Client Access Protocol 数据转接客户访问协议RFC 2114 MPLS Multi-Protocol Label Switching 多协议标签交换协议RFC 3031,3032ATMP Ascend Tunnel Management Protocol 接入隧道管理协议RFC 2107L2F The Layer 2 Forwarding Protocol 第二层转发协议RFC 2341L2TP Layer 2 Tunneling Protocol 第二层隧道协议RFC 2661PPTP Point to Point Tunneling Protocol 点对点隧道协议RFC 2637常见RFC名称RFC1 主机软件RFC2 主机软件RFC3 文档规范RFC4 网络时间表RFC6 与Bob Kahn 会话RFC10 文档规范RFC13 零文本长度的EOF信息RFC16 M.I.TRFC18 IMP-IMP和主机-主机控制联接RFC19 可用来降低有限交换节点阻塞的两条协议性的建议RFC20 用于网络交换的ASCII 格式RFC21 网络会议RFC22 主机-主机控制信息格式RFC23 多重传送的调节信息RFC24 文档规范RFC25 不使用高的连接号RFC27 文档规范RFC28 时间标准RFC29 响应RFC 28RFC30 文档规范RFC32 关于SRI所提议的实时时钟的一些想法RFC34 关于ARC时钟的一些初步记录摘要RFC35 网络会议RFC36 协议注解RFC37 网络会议结尾等RFC38 NWG/RFC 36 网络协议的注解RFC40 关于未来协议的更多注解RFC41 IMP-IMP 通讯信息RFC42 信息数据类型RFC43 被提议的会议RFC45 关于未来协议的更多注解RFC53 官方协议机构RFC58 逻辑信息同步RFC60 简单的NCP 协议RFC63 迟来的网络会议报告RFC66 NIC - 第三级别的想法和其它噪音RFC69 提议改变主机/IMP 规范来消除标记RFC71 输入错误后的再分配RFC72 建议改变网络协议延期执行RFC73 响应NWG/RFC 67RFC75 网络会议RFC78 NCP状态报告:UCSB/RANDRFC79 圆木协议错误RFC81 涉及信息的请求RFC84 NWG/RFC的1-80列表RFC85 网络工作组会议RFC90 CCN 作为一种网络服务中心RFC99 网络会议RFC101 对1971年2月17日伊利诺斯州的Urbana的网络工作组会议的注释RFC102 主机-主机协议故障清除委员会的说明RFC103 中断键的执行RFC104 连接191RFC105 通过UCSB 进行远程登录和远程输出返回的网络说明书RFC106 用户/服务器站点协议的网络主机问卷RFC107 主机-主机协议故障清除委员会的说明RFC108 1971年2月17-19日在Urbana 举行的NWG 会议的人员列表RFC124 在RFC 107 中有印刷错误RFC132 RFC 107 的排版错误RFC148 RFC 123 的注释RFC149 最好的铺设计划RFC154 风格显示RFC156 伊利诺斯州站点的状态: 响应RFC 116RFC179 连接的数字分配RFC185 NIC 分发手册RFC188 数据管理会议公告RFC198 站点证明-林肯实验室360/67RFC204 利用报路RFC218 改变IMP 状态报告设备RFC228 澄清RFC232 网络图形会议延缓RFC245 预定网络工作组会议RFC246 网络图形会议RFC256 IMPSYS 变更通知RFC276 NIC过程RFC285 网络图形RFC324 RJE 协议会议RFC335 新界面- IMP/360RFC348 放弃过程RFC404 文件迁移协议的注释RFC405 给TIP 用户的第二封信RFC456 UCSB 的数据重置服务RFC457 FTP 的服务器与服务器交互RFC496 IMP/TIP 内存更新时间表(修订版2)RFC516 丢失消息的检测RFC591 在NVT ASCII UCSB和在线系统之间的实验输入映象RFC621 “注意圣诞节的时候要把长袜挂在烟囱下面”RFC628 更深的数据语言的设计观念RFC634 最近的网络图RFC637 SU-DSL网络地址的更改RFC677 双重数据库的维护RFC692 对于IMP/HOST 协议的改动的注释(RFCS 687 AND 690) RFC697 FTP的CWD命令RFC698 Telnet扩展ASCII选项RFC763 角色邮箱RFC775 面向目录的FTP 命令RFC779 Telnet发送-位置选项RFC792 Internet 控制信息协议RFC797 位图文件格式RFC821 简单邮件传输协议RFC826 以太网地址转换协议或转换网络协议地址RFC827 Exterior 网关协议(EGP)RFC854 Telnet协议说明书RFC855 Telnet选项说明书RFC856 Telnet二进制传输RFC857 Telnet回声选项RFC858 Telnet抑制前进选项RFC859 Telnet状态选项RFC860 Telnet定时标记选项RFC861 Telnet扩展选项列表选项RFC862 回声协议RFC863 废除协议RFC864 字符产生协议RFC865 白天协议的引用RFC866 激活用户RFC867 白天协议RFC868 时间协议RFC872 局域网上的TCP协议RFC877 IP 数据包通过公共数据网络的传输标准RFC888 STUB Exterior Gateway ProtocolRFC890 外部网关协议执行表RFC894 IP 数据包通过以太网网络传输标准RFC895 IP 数据包通过试验性以太网网络的传输标准RFC896 在IPTCP internet网络中的拥塞控制RFC903 反向地址转换协议RFC911 BERKELEY UNIX 4.2下的EGP网关RFC917 因特网子网RFC918 邮局协议RFC925 多局域网地址解决RFC930 Telnet终端类型选项RFC932 子网地址分配方案RFC937 邮局协议( 版本2)RFC948 IP 数据包通过IEEE 802.3 网络传输的两种方法RFC949 FTP 未公开的独特命令RFC951 引导协议(BOOTP)RFC955 朝向一个处理过程应用的传输服务RFC962 TCP-4 的最初RFC968 “这是开动前的黑暗”RFC974 邮件路由与域名系统RFC975 自治联邦RFC976 UUCP 邮件互换格式标准RFC985 Internet 网关要求- 起草RFC988 主机扩展用于IP多点传送RFC1050 RPC远程步骤呼叫协议说明书RFC1055 在串行线路上传输IP数据报的非标准协议RFC1057 RPC远程步骤呼叫协议说明书版本2RFC1073 Telnet窗口大小选项RFC1075 远距离矢量多播选路协议RFC1088 IP 数据包传输通过NetBIOS网络的标准RFC1090 SMTP在X.25RFC1091 TelnetTELNET终端类型选项RFC1094 NFS网络文件系统协议说明书RFC1096 Telnet X 显示定位选项RFC1097 Telnet潜意识-信息选项RFC1112 主机扩展用于IP多点传送RFC1113 Internet电子邮件秘密增强第一部分- 信息加密和身份验证步骤RFC1131 OSPF规范RFC1132 802.2分组在IPX网络上传输的标准RFC1134 +PPP协议:关于在点到点链路上进行多协议包传送的建议RFC1142 OSI IS-IS 域内路由协议RFC1144 低速串行链路上的TCPIP头部压缩RFC1145 SNMPv2的管理模型RFC1155 基于TCPIP网络的管理结构和标记RFC1166 Internet数字RFC1180 TCPIP指南RFC1191 路径MTU探索RFC1215 为使用SNMP定义Trap的惯例RFC1239 试验管理系统库(MIB)到标准管理系统库(MIB)的重分配RFC1242 基准术语用于网络互连设备RFC1258 BSD 的远程登录RFC1287 未来的Internet 体系结构RFC1288 Finger用户信息协议RFC1298 基于IPX协议的SNMPRFC1321 MD5 信息-摘要算RFC1332 PPP Internet 协议控制协议(IPCP)RFC1333 PPP 链接质量监控RFC1355 网络中心数据库的保密和准确性问题RFC1365 一种IP地址扩展提议RFC1370 OSPF适用范围声明RFC1387 RIP(版本2)协议分析RFC1388 RIP协议版本2RFC1393 Traceroute使用IP选项RFC1397 在边界网关协议(Border Gateway Protocol)版本2RFC1408 Telnet环境选项RFC1413 鉴定协议RFC1414 身份识别管理系统库(MIB)RFC1418 SNMP优于OSIRFC1420 SNMP优于IPXRFC1426 SMTP服务扩展用于8bit-多用途网际邮件扩充协议(MIME)传输RFC1428 Internet邮件从Just-Send-8到8bit-SMTPMIME的转换RFC1433 直接ARPRFC1445 简单网络管理协议(SNMPv2)版本2的管理模式RFC1454 下一代IP提议的比较RFC1461 通过X.25多协议互连SNMP管理系统库(MIB)扩展RFC1469 通过令牌-环局域网的IP多点传送RFC1483 通过ATM适应层5的多协议封装RFC1558 LDAP研究过滤器的字符串表达RFC1571 Telnet环境选项互用性问题RFC1590 媒体类型注册过程RFC1591 域名系统的结构和授权RFC1597 私有Internet的地址分配RFC1605 SONET to Sonnet翻译RFC1606 用IP版本9的历史观RFC1611 DNS服务器MIB扩展RFC1612 DNS解析器MIB扩展RFC1618 ISDN上的PPP(点对点)协议RFC1628 UPS 管理信息基础RFC1633 Internet 体系结构中的综合服务概述RFC1635 怎样使用匿名FTPRFC1636 IAB工厂关于在Internet体系结构的安全报告-2月8-10号, 1994 RFC1643 以太网-类似界面类型的管理对象的定义RFC1658 字符流设备使用SMIv2管理对象的定义RFC1661 点对点协议(PPP)RFC1671 向IPng 过渡和其他考虑的白皮书RFC1690 Internet工程与计划组(IEPG)介绍RFC1691 康奈尔大学数字图书馆文档体系结构RFC1696 用SMIv2定义的调制解调器MIBRFC1713 DNS调试工具RFC1715 地址分配效率比率HRFC1723 路由信息协议(版本2)RFC1724 RIP 版本2 管理系统库(MIB) 扩展RFC1738 统一资源定位器(URL)RFC1752 推荐IP下一代协议RFC1769 简单网络时间协议(SNTP)RFC1771 边界网关协议版本4(BGP-4)RFC1776 地址是信息RFC1777 轻量级目录访问协议RFC1787 在多供应Internet上的软件路由RFC1796 不是所有RFCs是标准RFC1797 A级子网实验RFC1810 报告MD5性能RFC1818 最好最新的实践RFC1822 使用具备Photuris技术的指定IBM专利的权利的授予RFC1823 LDAP 应用程序界面RFC1827 IP 密码安全有效载荷(ESP)RFC1828 使用键控MD5进行IP鉴别RFC1860 IPv4变量长度子网表RFC1867 HTML中基于表单的文件上传RFC1869 SMTP服务扩展RFC1878 变量长度子网表格用于IPv4RFC1881 IPv6 地址分配管理RFC1883 Internet协议,版本6(IPv6)说明书RFC1886 DNS扩展支持IP版本6RFC1901 基于社区的SNMPv2介绍RFC1904 简单网络管理协议(SNMPv2)版本2的一致声明RFC1918 个人Internets的地址分配RFC1928 SOCKS V5的用户名/密码鉴定RFC1930 自治系统(AS)创建,选择,和注册的指导方针RFC1939 邮局办公协议-版本3RFC1942 HTML表格RFC1945 超文本传输协议--HTTP/1.0RFC1956 在MIL域中注册RFC1957 邮局协议(POP3)执行的一些观察RFC1962 PPP压缩控制协议(CCP)RFC1977 PPP BSD 压缩协议RFC1979 PPP压缩协议RFC1981 IP 版本6的路径MTU探索RFC1982 序列号算法RFC1988 有条件地授予权利给特殊的HP专利于连接Internet工程特遣队的Internet-标准网络管理框架中RFC1993 PPP G和alf FZA 压缩协议RFC1994 PPP挑战握手身份验证协议(CHAP)RFC1997 BGP 组属性RFC1998 BGP 社区属性在多本地路由中的应用RFC2002 IP移动性支持RFC2003 在IP内封装IPRFC2004 IP最小封装RFC2005 IP移动性的适用性陈述RFC2011 SNMPv2 管理信息基础用于Internet 协议使用SMIv2RFC2012 SNMPv2 管理信息基础用于传输控制协议使用SMIv2RFC2013 有关采用SMIv2用户数据报协议的SNMPv2管理信息数据库RFC2015 多用途网际邮件扩充协议(MIME)安全具有相当好的保密性(PGP)RFC2021 远程网络监控管理信息基础版本2使用SMIv2RFC2025 简单公共密钥GSS-API机制(SPKM)RFC2040 RC5, RC5-CBC, RC5-CBC-Pad,和RC5-CTS算法RFC2042 注册新BGP属性类型RFC2046 多用途Internet邮件扩展(多用途网际邮件扩充协议(MIME))第二部分:媒体类型RFC2053 AM (美国)域RFC2078 通用安全服务应用接口(GSS-API)V2RFC2079 X.500 属性类型和对象类别去掌握统一资源定位器(URIs)的定义RFC2085 具有重放预防的HMAC-MD5 IP 身份验证RFC2088 IMAP4非同步字符RFC2095 简单挑战/回应的IMAP/POP授权扩展RFC2096 IP面向表格管理系统库(MIB)RFC2101 IPv4 今天地址行为RFC2104 HMAC:键入-散列法用于信息身份验证RFC2105 CCisco 系统的标签交换体系结构纵览RFC2113 IP路由器警告选项RFC2118 微软点对点压缩(MPPC)协议RFC2119 关键字用于使用在RFCs指出要求水平RFC2128 拨号控制MIB(SMIv2)RFC2144 CAST-128 加密算法RFC2147 TCP和UDP通过IPv6 JumbogramsRFC2198 多余音频数据的RTP有效载荷RFC2208 资源预留协议(RSVP)——版本1 适用性声明关于配置的一些指导RFC2212 有保证的质量服务说明书RFC2213 综合服务管理信息基础使用SMI版本2RFC2217 TelnetCom端口控制选项RFC2221 IMAP4 登陆参考RFC2228 FTP 安全扩展RFC2234 语法说明书的扩充BNF:ABNFRFC2236 Internet组管理协议,版本2RFC2241 Novell目录服务的DHCP选项RFC2245 匿名SASL机制RFC2260 可升级支持用于多目录多供应者的连通RFC2279 UTF-8,ISO 10646的一种转换格式RFC2281 Cisco热备份路由协议(HSRP)RFC2283 BGP-4的多协议扩展RFC2284 PPP可扩展认证协议RFC2289 一种一次性密码系统RFC2296 HTTP 远程变量选择算法--RVSA/1.0RFC2313 PKCS#1:RSA加密版本1.5RFC2330 IP 执行规则的管理RFC2343 应用于捆绑的MPEG的RTP有效载荷的格式RFC2344 移动IP反向隧道RFC2349 TFTP 休息间隔和传输大小选项RFC2367 PF_KEY键管理API,版本2RFC2372 处理Internet协议(TIP)-要求和补充信息RFC2373 IPv6寻址体系结构RFC2374 IPv6 可集聚全球单播地址格式RFC2379 RSVP通过ATM执行的指导方针RFC2384 POP URL 方案RFC2393 IP有效载荷压缩协议(IPComp)RFC2394 IP有效载荷压缩使用DEFLATERFC2401 Internet 协议的安全体系结构RFC2403 在ESP和AH中使用HMAC-MD5-96RFC2404 在ESP和AH中使用HMAC-SHA-1-96RFC2406 IP 封装安全有效载荷(ESP)RFC2407 Internet IP 用于解释ISAKMP的安全域RFC2408 Internet 安全关联和键管理协议(ISAKMP)RFC2409 Internet密钥交换(IKE)RFC2410 NULL加密算法及其在IPsec协议中的应用RFC2411 IP安全文件指南RFC2412 OAKLEY 键决定协议RFC2413 Dublin核心元数据用于资源发掘RFC2435 针对JPEG压缩视频的RTP荷载格式RFC2449 POP3 扩展机制RFC2451 ESP CBC-模式密码算法RFC2459 Internet X.509 公钥基础设施:证书和CRL简介RFC2460 Internet协议,版本6(IPv6)说明书RFC2463 针对因特网协议第六版(Ipv6)的因特网控制报文协议(ICMPv6)规范RFC2466 IP 版本6 管理信息基础:ICMPv6组RFC2471 IPv6检测地址分配RFC2474 IPv4与IPv6包头中差分服务字段(DS Field)的定义RFC2475 分类业务的体系结构RFC2492 IPv6 通过ATM网络RFC2495 有关DS1,E1,DS2,E2接口类型的管理部件的定义RFC2508 低速串行链路下IP/UDP/RTP数据包头的压缩RFC2511 Internet X.509认证请求消息格式RFC2516 在以太网上传输PPP的方法(PPPoE)RFC2526 IPv6保留的子网任意传送地址RFC2541 DNS 安全操作考虑RFC2547 BGP/MPLS VPNsRFC2554 SMTP服务认证扩展RFC2560 x.509因特网公钥基础设施在线证书状态协议——OCSPRFC2570 标准互联网络管理框架第三版介绍RFC2577 FTP 安全考虑RFC2581 TCP拥塞控制RFC2582 TCP的快速恢复算法NewReno修正RFC2585 Internet X.509 公共键底部结构操作协议: FTP和HTTPRFC2597 确定的面向PHB组RFC2598 面向加速PHBRFC2618 RADIUS 身份验证客户端管理系统库(MIB)RFC2629 用XML 写I-Ds 和RFC文档RFC2633 S/多用途网际邮件扩充协议(MIME) 版本3 信息说明书RFC2644 更改直接广播在路由器上的缺省值RFC2669 DOCSIS 电缆设备管理系统库(MIB)电缆设备管理信息基础用于DOCSIS 适应性电缆调制解调器和电缆调制解调器中断系统RFC2670 音频频率(RF)界面管理信息基础用于MCNS/DOCSIS适应性RF界面RFC2685 虚拟专用网标志符RFC2702 基于MPLS的流量工程要求RFC2706 ECML v1:电子商务字段名RFC2713 LDAP(轻型目录存取协议)目录中JAVATM对象的表征模式RFC2714 LDAP(轻型目录存取协议)目录中的CORBA对象参考方案RFC2731 Dublin核心元数据在HTML上的编码RFC2732 文本IPv6地址在URL上的格式RFC2733 RTP有效载荷格式用于普通正向错误更正RFC2736 RTP有效载荷格式说明书作者的指导方针RFC2754 RPS IANA的发布RFC2756 超文本缓存协议(HTCP/0.0)RFC2764 IP VPN的框架体系RFC2773 使用KEA和SKIPJACK加密RFC2774 HTTP 扩展框架RFC2781 UTF-16,ISO 10646的一种编码RFC2784 通用路由封装(GRE)RFC2788 网络服务监视MIBRFC2793 用于文本交谈的RTP负载RFC2796 BGP路由映象RFC2809 通过RADIUS的L2TP强制通道的执行RFC2810 Internet 延迟交谈:体系结构RFC2811 Internet延迟交谈:通道管理RFC2813 Internet 延迟交谈:服务器协议RFC2817 在HTTP/1.1中升级到TLSRFC2818 TLS之上的HTTPRFC2824 呼叫过程语言框架和要求RFC2825 复杂网络:I18N的发布,域名,和其它Internet协议RFC2829 LDAP的身份验证方法RFC2830 轻量级目录访问协议(v3): 传输层安全扩展RFC2833 用于DTMF数字信号、电话音和电话信号的RTP负载格式RFC2854 text/html 媒体类型RFC2855 IEEE 1394的DHCPRFC2861 TCP 拥塞窗口检验RFC2862 用于实时指针的RTP负载格式RFC2866 RADIUS(远程用户拨号认证系统)记帐协议RFC2867 RADIUS 账目管理修改用于通道协议支持RFC2868 RADIUS 属性用于协议支持RFC2869 RADIUS 扩展RFC2871 一个IP电话路由框架RFC2873 在Ipv4优先域中的TCP过程RFC2874 支持IPv6地址集合和重编号的DNS 扩展RFC2882 网络访问服务要求: 扩展范围实践RFC2887 可靠的多点传送设计空间用于大的数据传送RFC2889 基准方法论用于局域网交换设备RFC2890 GRE中Key和SequenceNumber扩展RFC2893 IPv6 主机和软件路由器转换机制RFC2898 PKCS #5: 基于密码的密码系统说明书版本2.0. BRFC2906 AAA 授权要求RFC2914 拥塞控制原理RFC2917 核心MPLS IP VPN 体系结构RFC2918 BGP-4(边界网关协议)的路由刷新功能RFC2920 SMTP 针对命令流水线的服务扩展RFC2923 TCP的路径MTU发现问题RFC2932 IPv4 多点传送路由管理系统库(MIB)RFC2935 Internet开放贸易协议(IOTP)HTTP 补充RFC2939 新DHCP选项和信息类型的定义步骤和IANA指导方针RFC2945 SRP身份验证和键交换系统RFC2946 Telnet 数据加密选项RFC2947 Telnet加密:DES3 64位密码回馈RFC2948 Telnet加密:DES3 64位输出回馈RFC2949 Telnet加密:CAST-128 64比特输出回馈RFC2950 Telnet加密:CAST-128 64比特密码回馈RFC2951 使用KEA和SKIPJACK进行TELNET身份验证RFC2952 Telnet加密:DES 64位密码回馈RFC2953 Telnet加密:DES 64比特输出回馈RFC2957 The 应用/whoispp-请求目录-类型RFC2958 The 应用/whoispp-回答目录-类型RFC2959 实时传输协议管理信息库RFC2964 超文本传输协议(HTTP)状态管理的应用RFC2971 Internet信息访问协议(IMAP4)的标识符扩展RFC2976 SIP信息方法RFC2983 有区别的协议和通道RFC2984 CAST-128密码算法在CMS中的使用RFC2987 字符集注册和语言媒体特征标签RFC2988 计算TCP重传时间的定时器RFC2991 多路径分发在Unicast上和多点传送下一路程段选择RFC2992 等值多-路径算法的分析RFC2994 MISTY1加密算法的描述RFC3001 对象标识符的URN名称空间RFC3003 audio/mpeg 媒体类型RFC3005 IETF 讨论列表许可证RFC3007 安全的域名系统动态更新RFC3009 奇偶向前纠错MIME类型的注册RFC3012 移动IP的询问/应答扩展机制RFC3014 提示日志管理系统库(MIB)RFC3016 用于MPEG-4视听流的RTP负载格式RFC3018 统一内存空间协议说明书RFC3019 IP 版本6 管理信息基础用于多点传送听众探索协议RFC3021 在Ipv4点对点连接中使用31位前缀RFC3022 传统IP网络地址转换(传统NAT)RFC3026 在ENUM上联络到IETF/ISOCRFC3028 滤网:一种邮件过滤语言RFC3029 Internet X.509 公共键下部构造数据有效性和认证服务协议RFC3032 MPLS标记栈编码RFC3033 信息域和协议标识符在Q.2941普通标识符和Q.2957用户对用户发送信号中的分配用于Internet 协议RFC3034 标签转换在帧中继网络说明书中的使用RFC3035 MPLS使用LD和ATM VC交换RFC3037 LDP 的适用性RFC3038 VCID提示通过ATM链接用于LDPRFC3040 Internet网复制和缓存分类法RFC3042 使用有限传输增强TCP的丢失恢复能力RFC3043 Network Solutions的个人网络名(PIN): 一种个人和组织的统一资源名域RFC3044 在ISSN-URN命名空间中用ISSN作为URNRFC3046 DHCP 中继代理信息选项RFC3048 可靠的多点传输建立阻止一对多大数据传送RFC3051 IP有效载荷压缩使用ITU-T V.44打包方法RFC3055 PINT服务体系结构管理信息基础.RFC3058 IDEA加密算法在CMS上的使用RFC3059 服务定位协议的属性列表扩展RFC3061 对象标识符的一种URN姓名空间RFC3062 LDAP口令修改扩展操作RFC3066 语言鉴定标签RFC3067 TERENA'S事件对象描述和转换格式要求RFC3069 VLAN聚合实现IP地址有效分配RFC3070 基于帧中继的第二层隧道协议RFC3072 结构化的数据改变格式(SDXF)RFC3074 DHC加载平衡算法RFC3078 微软点对点加密(MPPE)协议RFC3081 将区块扩展交换协议(BEEP)核心映射到传输控制协议(TCP)RFC3082 服务定位协议(SLP)的预研报告RFC3083 基线私人界面管理信息基础(MIB)用于兼容Cable Modems和Cable Modem 终端系统的DOCSISRFC3085 新闻型标记语言(NewsML)资源的URN名字空间RFC3090 域名系统在区域状况下的安全扩展声明RFC3091 改进数字产生协议RFC3093 防火墙增进协议(FEP)。
(第一套题)下一代互联网(IPv6)搭建与运维-初级一、单选题(35道)1.下面哪个协议代表传输层协议()。
[单选题] *A、超文本传送协议(HTTP)B、电子邮件协议(SMTP)C、邮件读取协议(POP3)D、传输控制协议(Transmission Control Protocol,TCP)(正确答案)2.应用层是TCP/IP参考模型中的第( )层。
[单选题] *A、1B、2C、3D、4(正确答案)3.IP协议对应于OSI 7层模型中的第()层。
[单选题] *A、5B、3(正确答案)C、2D、14.下面哪个协议是不履带于应用层代表协议()。
[单选题] *A、域名解析协议(DNS)B、用户数据报协议(User Datagram Protocol,UDP)(正确答案)C、远程终端协议(Telnet)D、超文本传送协议(HTTP)5.下列哪个协议是应用层的()。
[单选题] *A、IPB、UDPC、TCPD、Telnet(正确答案)6.对网际控制协议(ICMP)描述错误的是()。
[单选题] *A、ICMP封装在IP数据报的数据部分B、ICMP消息的传输是可靠的(正确答案)C、ICMP是IP协议的必需的一个部分D、ICMP可用来进行拥塞控制7.ARP协议的作用是()。
[单选题] *A、将端口号映射到IP地址B、连接IP层和TCP层C、广播IP地址D、将IP地址映射到第二层地址(正确答案)8.对于ICMP协议的功能,说法错误的是()。
[单选题] *A、差错纠正(正确答案)B、可探测某些网络节点的可达性C、报告某种类型的差错D、可用于拥塞控制和路由控制9.在TCP/IP体系结构中,直接为ICMP提供服务协议的是()。
[单选题] *A、PPPB、IP(正确答案)C、TCPD、UDP10.能正确描述了数据封装的过程的是()。
[单选题] *A、数据段->数据包->数据帧->数据流->数据B、数据流->数据段->数据包->数据帧->数据C、数据->数据包->数据段->数据帧->数据流D、数据->数据段->数据包->数据帧->数据流(正确答案)11.ARP协议用于解析()。
标准参考文档链路层协议PPP(Point-to-Point Protocol):RFC 1332: The PPP Internet Protocol Control Protocol (IPCP)RFC 1334: PPP Authentication ProtocolsRFC 1552: The PPP Internetworking Packet Exchange Control Protocol (IPXCP) RFC 1570: PPP LCP Extensions(实现了其中的callback选项)RFC 1661: The Point-to-Point Protocol (PPP)RFC 1877: PPP Internet Protocol Control Protocol Extensions for Name Server AddressesRFC 1990: The PPP Multilink Protocol (MP)RFC 1994: PPP Challenge Handshake Authentication Protocol (CHAP)RFC 2509: IP Header Compression over PPPRFC 1962: The PPP Compression Control Protocol (CCP)RFC 1974: PPP Stac LZS Compression ProtocoldX25、LAPB(Link Access Protocol Balanced):RFC1613:Cisco Systems X.25 over TCP(XOT)RFC1598:PPP in X.25RFC1461:SNMP MIB extension for MultiProtocol Interconnect over X.25RFC1382: SNMP MIB Extension for the X.25 Packet LayerRFC1381: SNMP MIB Extension for X.25 LAPBRFC1356: Multiprotocol Interconnect on X.25 and ISDN in the Packet ModeRFC1236: IP to X.121 Address Mapping for DDNRFC1226: Internet Protocol Encapsulation of AX.25 FramesRFC1090: SMTP on X.25RFC1086: ISO-TP0 bridge between TCP and X.25RFC874: Critique of X.25RFC1236: IP to X.121 Address Mapping for DDNRFC1133: Routing between the NSFNET and the DDNCisco-HDLC:Cisco-HDLC是CISCO自己设计的一个协议,没有可参考的标准Frame Relay:RFC1294/1490: Multiprotocol Interconnect over Frame RelayRFC1293: Inverse Address Resolution Protocol(INARP)RFC1315: Management Information Base for Frame Relay DTEsITU-T Q933附录A:帧中继本地管理接口(LMI)协议ANSI T1.617附录D:帧中继本地管理接口(LMI)协议ISDN(Integrated Services Digital Network):ITU-T Q.931建议(网络层)ITU-T Q.921建议(链路层)IP层协议RFC791: Internet Protocol. (IP)RFC792: Internet Control Message Protocol (ICMP)RFC793: TRANSMISSION CONTROL PROTOCOL (TCP)RFC896: Congestion Control in IP/TCP InternetworksRFC768: User Datagram Protocol (UDP)RFC 826: An Ethernet Address Resolution Protocol (ARP)Socket: Unix标准路由协议RIP(Routing Information Protocol):RFC1058: Routing Information ProtocolRFC1723: RIP Version 2RFC2082: RIP-2 MD5 AuthenticationOSPF(Open Shortest Path First):RFC2328: OSPF Version 2RFC1793: Extending OSPF to Support Demand CircuitsIGRP(Interior Gateway Routing Protocol):IGRP协议无标准RFC,与CISCO保持兼容BGP(Border Gateway Protocol):RFC1771: A Border Gateway Protocol 4(BGP-4)RFC1772: Application of the Border Gateway Protocol in the Internet (BGP-4) RFC1965: Autonomous System Confederations for BGPRFC1966: BGP Route Reflection -- An alternative to full mesh IBGPRFC1997: BGP Community AttributeRFC2439: BGP Route Flap Damping网络安全RADIUS(Remote Authentication Dial In User Service):RFC2138: Remote Authentication Dial In User Service (RADIUS)RFC2139: RADIUS AccountingGRE(Generic Routing Encapsulation):RFC1701: Generic Roouting Encapsulation (老版本)RFC1702: Generic Routing Encapsulation over IPv4 networksRFC2784: Generic Roouting Encapsulation (新版本)RFC2667: IP Tunnel MIBIPSEC(IP Security):RFC1825: Security Architechure for the Internet Protocol (老版本)RFC2401: Security Architechure for the Internet Protocol (新版本)AH(Authentication Header)协议:RFC2402: IP Authentication HeaderRFC1321: The MD5 Message-Digest AlgorithmRFC2104: HMAC: Keyed-Hashing for Message AuthenticationRFC2085: IP Authentication with Replay PreventionRFC2403: The Use of HMAC-MD5-96 within ESP and AHRFC2404: The Use of HMAC-SHA-1-96 within ESP and AHESP(Encapsulating Security Payload):RFC2406: IP Encapsulating Security Payload (ESP)RFC2405: The ESP DES-CBC Cipher Algorithm With Explicit IVIKE(Internet Key Exchange):RFC2408:Internet Security Association and Key Management Protocol (ISAKMP) RFC2409:The Internet Key Exchange (IKE)RFC2407:The Internet IP Security Domain of Interpretation for ISAKMP (IPSEC DOI)L2TP(Layer 2 Tunnel Protocol):RFC2661:Layer 2 Tunnel ProtocolNAT(Network Address Translator):RFC1631:The IP Network Address Translator (NAT)RFC2663:IP Network Address Translator (NAT) Terminology and Considerations 网络管理SNMP(Simple Network Management Protocol):RFC 1157: Simple Network Management Protocol (SNMP)。
Network Working Group S. Williamson Request for Comments: 1714 M. Kosters Category: Informational Network Solutions Inc. InterNIC November 1994 Referral Whois Protocol (RWhois)Status of this MemoThis memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution ofthis memo is unlimited.AbstractThis memo describes version 1.0 of the client/server interaction ofRWhois. RWhois provides a distributed system for the display ofhierarchical information. This system is hierarchical by design,allowing for the reduction of a query, and the referral of the usercloser to the maintainer of the information.Table of Contents1. Introduction (3)2. RWhois Client Model (5)2.1 Directives: Client to Server Interaction (6)2.2 Required Directives (6)2.2.1 <query> (6)2.2.2 RWhois (7)2.3 Optional Directives (7)2.3.1 load (7)2.3.2 limit (7)2.3.3 schema (8)2.3.4 xfer (8)2.3.5 quit (9)2.3.6 status (9)2.3.7 cache (9)2.3.8 holdconnect (10)2.3.9 forward (10)2.3.10 soa (11)2.3.11 notify (11)2.3.12 register (13)2.3.13 object (14)2.3.14 define (15)2.3.15 private (15)2.3.16 X- (16)Williamson & Kosters [Page 1]2.3.18 display (17)2.3.19 language (18)2.4 RWhois Client Model (18)3. RWhois Server Model (20)3.1 Output Display and Restriction Keywords (20)3.2 Responses: Server to Client Interaction (21)3.3 Required Responses (22)3.3.1 RWhois (22)3.3.2 referral (22)3.3.3 ok (24)3.3.4 error (24)3.4 Optional Responses (25)3.4.1 see-also (25)3.4.2 load (26)3.4.3 soa (26)3.4.4 status (28)3.4.5 xfer (29)3.4.6 schema (30)3.4.7 define (32)3.4.8 object (32)3.4.9 directive (33)3.4.10 info (34)3.4.11 display (34)3.4.12 X- (35)3.4.13 language (35)3.5 Query Reduction (36)3.6 Determining Authority (36)3.7 Secondary Server Interaction (37)3.8 Registration Process (38)3.9 Out-of-Service (38)4. Interaction: Client Directives and AcceptableServer Responses (39)4.1 General (39)4.2 On Connection (39)4.3 <QUERY> (39)4.4 -RWhois (40)4.5 -load (40)4.6 -limit<SP>< value > (40)4.7 -schema<SP>[object] (40)4.8 -xfer<SP>[object] (40)4.9 -quit (40)4.10 -cache<SP><on/off> (40)4.11 -status (40)4.12 -forward (40)4.13 -soa (40)4.14 -notify (41)4.15 -register (41)Williamson & Kosters [Page 2]4.17 -object (41)4.18 -define (41)4.19 -X- (41)4.20 -display (41)4.21 -language (41)5. Error Codes (42)5.1 Error Code List (42)6. Attribute Format (43)6.1 Format Specification Macros (44)7. Quick Query (RWhois using UDP) (45)8. References (46)9. Security Considerations (46)10. Authors’ Addresses (46)1. IntroductionEarly in ARPANET development, the SRI-NIC established a centralizedwhois database that provided host and network information about thesystems connected to the network and the E-mail addresses of theusers on those systems. The ARPANET experiment has evolved into aglobal network with countless people and hundreds of thousands of end systems. Given the sheer size and effort needed to maintain acentralized database, an alternate, decentralized approach to storeand display this information is desired.The Internet portions of the DDN NIC have been transitioned to whatis now known as InterNIC Registration Services (RS). The charter for InterNIC RS has been reduced to maintain information only for IPnetworks, top-level domains, Autonomous System Numbers, and thepoints of contact for each of these particular entities. Inaddition, the InterNIC, in its role as an Internet Registry (IR), has delegated IP block assignment authority to Regional Registries suchas the RIPE NCC for Europe and the APNIC for the Asian Pacificregion, while retaining authority for North America and all non-delegated regions. This has led to a fragmentation of whois service to the Internet user.Several different solutions have been proposed and developed by thevarious regional IR’s. Two solutions have been worked onextensively: the Shared Whois Project (SWIP) and X.500.The SWIP project has a common exchange format that can be parsed bythe various IR’s for input and output. Thus, one can synchronizetheir databases with information obtained from the other IR’s. This project is showing promise and is now operational. However, thisapproach still requires a centralized database for store and display. Williamson & Kosters [Page 3]The InterNIC has also been involved in the use of X.500 for displayof registration information. Among other things, this includeddefining schemas and Directory information tree structures for thepurpose of distributing information amongst the various IR X.500Directory Service Agents (DSA). Unfortunately, X.500’s complexity,resource utilization, and lack of Internet support has made a search for an alternative solution necessary.The information that the various IR’s maintain is inherentlyhierarchical in nature. (Examples: is under the domain which is under the domain which is underthe .mil domain. 198.41.0.21 is part of network 198.41.0.0/24 whichis part of the block 198.41.0.0/16 which is part of the block198.0.0.0/8) The InterNIC may not have the information, but will at least be able to reduce the query and point or refer the users closer to their goal. This has led to the development of a referral whois, and the corresponding RWhois protocol.The underlying premise for this project has been to retain the basic functionality of the whois server and client, making all of theextensions optional. The server must respond to the original whoisclient, currently included with many operating systems. The RWhoisclient must also interact with RFC 954 [RFC-954] whois servers.RWhois has been designed as an extensible protocol to ensure thatmany uses can be accommodated. Public extensions to the protocolshould be documented as RFCs. Private extensions can be used withagreement left up to the client and server.If extensions are not implemented at the server in question, anappropriate error message must be sent. The use of extended errormessage is outlined in Section 5 - Error Codes.Throughout this document the following notations will be used todescribe the RWhois server/client interaction:<SP> space[arg] optional argument<arg> required argument(<arg>) conditional required argument([arg]) conditional optional argument{format} format of item\ continued on next lineThe words should and must are significant in this document. Ifshould is used, the implementor has the option to follow the adviceof this document. If must is used then it is a required part of the protocol. Implementations without this functionality may not Williamson & Kosters [Page 4]interact correctly with other RWhois servers.The format descriptions throughout this document use macrodefinitions described in Section 6.1. Refer to that section forclarification.The RWhois protocol specified in this document can be extended toaccommodate such applications as NetHelp and ZoneGen (DNS zonegenerator).2. RWhois Client ModelThe RWhois design requires compatibility with the current Whois andWhois++ servers. Therefore, the RWhois client must wait or haveknowledge of server type to determine if the server contacted is anRWhois server. The user should have control over the time the client waits, since this will vary based on network congestion and capacity. If after the wait the server does not respond with the %RWhoisresponse, the client must not send any RWhois extended directives.In this case, the client should only send the query. We realize that the server identification feature may mean that the identity of anRWhois server may be missed. However, it will allow the RWhoissystem to utilize the current Whois and Whois++ infrastructure.Referrals from RWhois can be directed toward a Whois or Whois++server. These non-RWhois servers must be placed as a leaf on thehierarchical tree. These servers represent a mesh structure from the RWhois perspective. This restriction should not discourage the useof these servers in building the RWhois structure.The RWhois server must remain connected until a query is received.If the client wishes to make multiple queries it must send the-holdconnect directive. In this mode, once the client has sent thelast query and received either an answer or the error code indicating that no records were found, it must issue the -quit directive. Ifthe client only wishes to issue directives, then upon completion the -quit directive must be sent. If it is not sent, the server willwait until it receives non-directive input from the client.Considering the requirement for compatibility with the originalwhois, the RWhois client in default mode must operate exactly likethe current Whois client. However, in the enhanced mode, the RWhois client can do much more based on information received from the RWhois server.Williamson & Kosters [Page 5]2.1 Directives: Client to Server InteractionThe RWhois client sends directives to the RWhois server. Thesedirectives are prefaced with the ‘-’ character always at the start of a new line. However, for compatibility with older Whois clients, the query is not prefaced with the ‘-’ character. Only after the clientis certain that the server is an RWhois server should thesedirectives be sent. Compatibility with RFC 954 [RFC-954] whoisservers is required. All directives must be terminated by <LF><CR>.2.2 Required DirectivesThe following are required RWhois client directives.2.2.1 <query>The query is generally the final directive sent to the server. It is the only directive that does not start with a ‘-’. The query is the question that the client wants the server to answer. The qualifiers that may proceed the query are addressed in Section 3.1 - OutputDisplay and Restriction Keywords.Format for use:[display format]<SP>[query restriction]<SP><query>[Display format]{%s} This optional pre-query directive allowsthe requester to select the format ofthe returned data. Details of theallowable values can be found in Section3.1.[Query restriction]{%s} This optional pre-query directive allowsthe requester to limit the area in whichthe servers search for a specificobject.Example of use:dump domain Williamson & Kosters [Page 6]2.2.2 RWhoisThe -RWhois directive identifies the client as an RWhois clientallowing the server to operate using the RWhois protocol exclusively. Format for use:-RWhois<SP>V-<spec version #><SP>[imp identifier]<Spec version #>{%2d.%2d} This required argument identifiesthe specification version that theclient is built to conform with.Clients that are built inaccordance with this document areV-1.0. This argument will be usedby the server to determine iffeatures introduced in subsequentreleases of the protocol documentmay be used.[Imp identifier]{%s} This optional argument identifies clientimplementation information. It isrecommended that the implementor maintain aversion number separate from thespecification version.Example of use:-RWhois V-1.0 [InterNIC B.0.9.7]2.3 Optional DirectivesThe following are OPTIONAL RWhois server directives.2.3.1 loadThe -load directive allows the client to make a quick decision about presenting the query to the current server. If the client determines that another server can better serve the query, then control may betransferred to the server with the lower load and better connection. This directive has no arguments.2.3.2 limitThe -limit directive will allow the client to request the serverallocate enough space to collect more responses than would currently be collected by the server.Williamson & Kosters [Page 7]Format for use:-limit<SP><value><Value>{%d} This required argument is the new limit requested bythe client. If the limit exceeds the limit set bythe server administrator, the client must receive anerror message. It is recommended that if the clientreceives an error for exceeding the servers upperlimit, it should cut the request in half and resendthe request until an acceptable level has beennegotiated.Example of use:-limit 20002.3.3 schemaOne of the shortcomings of X.500 was the requirement to know theschema of an object before making a query. RWhois allows the client to request the schema for an object without knowledge of the objectby using the -schema directive.Format for use:-schema<SP>[object][object]{%s} This optional argument identifies the objects forwhich the schema is being requested. If thisargument is not sent, the schemas for all objectscontained in the server will be sent.Example of use:-schema domain2.3.4 xferThe -xfer directive is used to transfer all data from a server. This method of transfer has no limit on the number of records that can be transferred to the client application. This directive is primarilyused to transfer data contained in an authority area for caching at a secondary server.Format for use:-xfer<SP>[object]<SP>[authority area]<SP>[SOA]Williamson & Kosters [Page 8][Object]{All|%s} This required argument identifies theobject to transfer. If the keyword allis sent, all objects contained in theserver will be transferred. Otherwise,only the object specified will be sent.[Authority area]{%s} This optional argument contains theauthority area of the object to sendfurther limiting the data transfer.[SOA]{%d} This optional argument notifies the serverto send everything that has been updatedsince this SOA number.Example of use:-xfer domain -xfer domain 199408181412592.3.5 quitThe -quit directive will inform the server that the client isfinished. The server and client should close the connection. Thisdirective has no arguments.2.3.6 statusThe -status directive is used to poll the server for its status.There are seven required responses to this directive. Additionalattributes may be sent in the response. The client should ignore all unknown attributes. This directive has no arguments.2.3.7 cacheThe RWhois server can hold data that it has no authority over. Ifthe server sends this data to a requester, it is considered a non-authoritative response. The holding of this data is called caching. The physical data for these objects is not contained on the systemhosting the server. The -cache directive allows the client toinstruct the server whether or not to send cached data. The RWhoisclient should start with the cache turned off. The server must start with the cache turned on in order to function like the RFC 954 [RFC- 954] whois server. Because of the server’s default, the clientshould send the -cache off directive during initial session setup if cached data should not be sent. Details on expiration of cache data can be found in section 3.4.3, %soa response.Williamson & Kosters [Page 9]Format for use:-cache<SP><mode><mode>{on|off}on: Turns caching on.off: Turns caching off.Example of use:-cache on2.3.8 holdconnectThe RWhois server must close the connection after the response to aquery has been received. The query is the final exchange between the client and server. However, this characteristic can be modified with the -holdconnect directive. If this directive is issued to theRWhois sever, it will remain connected until the -quit directive isreceived. Once the -quit directive is received, both the server and the client must close their connection.Format for use:-holdconnect<SP><mode><mode>{on|off}On: Turns holdconnect on.Off: Turns holdconnect off.Example of use:-holdconnect on2.3.9 forwardDuring normal sever operation the server will send %referral orsee-also responses to the client, expecting the client to redirectthe query to the server identified in the response. If the client is located behind a firewall or is poorly connected, having a servermake the query may improve query performance or allow a query to besatisfied. The -forward directive will instruct the server tooperate as a forwarding server. Whether or not this directive should be allowed should be a configuration parameter of the server. Williamson & Kosters [Page 10]Format for use:-forward<SP><mode><mode>{on|off}On: Turns forwarding on.Off: Turns forwarding off.Example of use:-forward on2.3.10 soaThe identification of authority area is an important part of theRWhois design. The -soa directive is used to question the server’sauthority for a specific area. A positive response will include the administrative parameters for the authority area as detailed insection 3.4.3. If the server does not contain an SOA for theauthority area requested, it must send an error message to theclient.Format for use:-soa<SP>[authority area][Authority area]{%s} This optional argument identifies theauthority area being requested. If thisargument is not sent, information aboutall authority areas contained in theserver must be sent.Example of use:-soa 2.3.11 notifyThe -notify directive is used to notify a server of a bad orrecursive referral or a change in a primary server’s data.Format for use:-notify<SP><action><SP><information><action>{badref|recurref|update|inssec|delsec}Williamson & Kosters [Page 11]badref When a client receives a %referral response that doesnot work, it must report the bad referral to the serverthat issued the referral. The referral is bad only ifthe referred server does not contain the SOA record forthe authority area in question. It is not considered abad referral if the server does not have an answer tothe query, but responds positively to the -soa areadirective. This merely means that there is not ananswer to the query. When a -badref is sent to thereferring server; it should log the bad referral so theadministrator of that server can remove the referenceif it is no longer correct. This action should only betaken after receiving a negative response to the queryand the SOA request.recurref When a client receives a referral that results in arecursive action, the referring server must beinformed. The -recurref directive must be sentidentifying the recursive loop. This directive shouldonly be sent to the server one level back, even ifmultiple server were involved in the referral.update An RWhois primary server must be aware of itssecondary servers. If the data in the primary serverchanges, the primary server may choose to notify thesecondary servers. This allows the secondary serversto quickly reflect changes in the primary server’s data.inssec This action will inform the authority server that theserver indicated in the argument will be a secondaryfor its authority area. The server receiving thisdirective must determine if the secondary isacceptable. If it is, the server should be added tothe update list so that it will be informed if data inthe authority area changes.delsec This action will inform the server that the serverindicated in the subsequent arguments will no longer bea secondary. The server receiving this action mustdetermine if the server is a secondary and if so,remove it from the update list.<information>{action=badref|recurref <<server>:<query>>action=inssec|delsec|update<<server>:<object>:<authority>>}Williamson & Kosters [Page 12]<server>{%Mserver} This required argument identifies the serverthat contained the recursive or bad referral,or has data that changed.<query>{%s} This required argument identifies the querythat was sent to the server that gave arecursive or bad referral.<object>{%s} This required argument identifies the objectthat changed.<authority>{%s} This required argument identifies theauthority area where the object that changedcurrently resides.Example of use:-notify recurref :4343:scottw@-notify badref :43:-notify update :4343:domain:-notify inssec :4343:domain:-notify delsec :4343:domain:2.3.12 registerThis directive allows the client to add, modify, or deleteinformation that exists or should exist in the server’s database.During the exchange, all attributes of an object must be sent. Theclient must wait to send the registration data until the %ok response is received from the server.Format for use:-register<SP><mode><SP>(on:<action><SP><e-mail contact><SP><authority info>)<mode>{on|off}on: This required argument starts theregistration process.off: This required argument ends the registrationprocess.The following arguments are only required if the mode argument issent with the value on:(<action>){add|mod|del}Williamson & Kosters [Page 13]add: This conditionally required argumentindicates that the object being sent shouldbe added to the server’s database.mod: This conditionally required argumentindicates that the object being sent shouldbe modified and should already exist in theserver’s database.del: This conditionally required argumentindicates that the object being sent shouldbe deleted from the server’s database.(<e-mail contact>){%Memail} This conditionally requiredargument identifies the sender ofthe registration information.(<authority info>){%s} This required argument containsinformation used to authenticatethe person sending the registrationinformation. The method used mustbe identified using the -privatedirective. Work must be done toidentify usable authenticationmethods for unsuperviseddelegation. This is beyond thescope of this document. However,the authors have made an effort toallow flexibility in theimplementation of an authenticationsystem.Example of use:-register on add scottw@Object-type:referralReferral::4343Domain-Name:IP-Network:192.153.247.0IP-Network:198.41.0.0-register off2.3.13 objectRWhois data is a collection of objects with defined attributes. The attributes for an object can be acquired by issuing the -schemadirective. Each object must at a minimum define the attributeobject-type. This attribute identifies the name of the object that Williamson & Kosters [Page 14]will be displayed in response to the -object directive. Thisdirective can be used by a client to verify that a server containsthe desired object. Another possible use may be to gather all of the objects contained on a server and display them to the user in theform of a menu for selection.Format for use:-object<SP>[object][object]{%s} This optional argument identifies the objectrequested. If no argument is sent, all objectscontained in the server will be returned.Example of use:-object domain2.3.14 defineFormat strings describing the format of an object’s attribute mayinclude format macros. More information about definitions of format macros can be found in Section 6. The -define directive allows theclient to request the definition of a format macro.Format for use:-define<SP>[macro name][macro name]{%s} This optional argument identifies the name ofthe macro to display. If no arguments aresent, the server must return the definitionof all macros contained in the server.Example of use:-define server2.3.15 privateThe -private directive allows the client to identify theauthentication method to be used. More research needs to be donewith respect to client authentication. This directive will allowmore experimentation.Williamson & Kosters [Page 15]-private<SP><action><SP><method><SP>[data]<action>{auth|encr} This required argument identifies the actionthe directive is taking. Currently the valuefor this argument can be auth forauthentication or encr for encryption.<method>{%s} This required argument contains the name ofthe method to be used. The value must berecognized by the server or an error will besent. It is beyond the scope of thisdocument to identify the possible method tobe used.[data]{%s} This optional argument must be supplied ifrequired by the method identified in theprevious argument.Example of use:-private auth pass1 xxjdk998uuThe above example is a simple password exchange. It is beyond thescope of this document to determine the authentication technique that would best suit this protocol. Development is underway to determine the authentication needs and to experiment with potential solutions.2.3.16 X-This directive is the preface to extended directives, mutually agreed to between the client and server. The client and server must haveknowledge of the extended directives to use. Extension canaccommodate other uses such as NetHelp, white pages, and many others. If the extensions are public, they should be documented in an RFC and available through the -directive directive.Williamson & Kosters [Page 16]-X-<directive name><SP>[directive arguments]<directive name>{%s} This required argument identifies thename of the directive being issued.[directive arguments]{?} This optional argument is dependent uponthe required or optional arguments ofthe extended directive. There may bemultiple directive arguments.Example of use:-X-date2.3.17 directiveDirectives allowed by a server may vary. The client can issue the-directive directive to determine if the server allows a specificdirective or to obtain a list of all acceptable directives for thatserver.Format for use:-directive<SP>[directive][directive][%s] This optional argument identifies the directivebeing requested. If no arguments are sent, allof the directives accepted by the server mustbe sent.Example of use:-directive X-date2.3.18 displayThe -display directive is used to set the display mode of the server or to identify display modes the client is capable of. If thisdirective is sent without arguments, the server will return allavailable display methods.Williamson & Kosters [Page 17]-display<SP>[action]<SP>[method][action]{activate|capable}The ‘activate’ setting enables a certaindisplay mode, while a ‘capable’ setting sendsthe display mode the client is capable of.[method]{%s} This optional argument indicates the displaymethod desired by the client.Example of use:-display swip-display mime2.3.19 languageThe -language directive is used to set the language mode of theserver or to identify language modes the client is capable of. Ifthis directive is sent without arguments, the server will return all available languages.Format for use:-language<SP>[language][language]{%s} This optional argument indicates the languagedesired by the client.Example of use:-language german2.4 RWhois Client ModelServer <-------> ClientSTART:<------ Connection (record time to connect)If no server type...Wait up to specifiedtime for------> "%RWhois" response(recommend wait of at least 5 seconds)if "%RWhois" is not received from server, assume that it isnot an RWhois servergoto QUERY:Williamson & Kosters [Page 18]。
