26.

1
Chapter 26

Remote Logging,
Electronic Mail,
and File Transfer
Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
26.2
26-1 REMOTE LOGGING
I t would be impossible to write a specific client/server
program for each demand. The better solution is a
general-purpose client/server program that lets a user
access any application program on a remote computer.
TELNET
SSH
Topics discussed in this section:
TELNET is a general-purpose
client/server application program.

Remote virtual terminal

One server supports multiple VTs.
26.3
Note
26.4
Example of Telnet (Character mode)
Image from Dr. Wangs course at:
http://www.cse.scu.edu/~mwang2/tcpip/
26.5
Some Common Features of Telnet
Telnet is on a single TCP connection to port 23
Telnet connection is unencrypted
So easy for eavesdropper!
In most cases, telnet is a remote terminal. Each
character is transmitted in a separated packet
The same is true for SSH login stage
A feature that could be exploited for timing
attack.
26.6
Telnet Commands
telnet longwood.eecs.ucf.edu (eecs email
server)
setup a remote shell to the server
It will be denied since most Unix servers
nowadays do not support telnet
telnet longwood.eecs.ucf.edu 25
Setup a TCP connection to port 25 (email
service)
We will show this usage in Email lecture

26.7
SSH Secure Shell
Replacement of old unsecure Telnet program
Both ends authenticate with each other
Rely on public key cryptography
Will introduce PK in last chapter
All communication messages are encrypted

SSH is used also as a secure tunneling channel
for other applications
File transfer
Port forwarding (such as X window)
Virtual private network (VPN)
26.8
SSH Secure Shell
Under Unix machine:
Hidden directory .ssh saves all configuration
files
known_hosts saves public keys of all
previous connected SSH servers
Attacker cannot impersonates as a known
SSH server anymore
Have to trust what you get in the first
connection attempt
26.9
SSH Programs and Usages
Many open source ssh client software
http://en.wikipedia.org/wiki/Comparison_of_SSH_clients
PuTTY

SSH uses TCP connection on port 22
Login methods:
Password
private key kept on client, public key stored
on server (come to this in later security chapter)
26.10
26-2 ELECTRONIC MAIL
One of the most popular I nternet services is electronic
mail (e-mail). The designers of the I nternet probably
never imagined the popularity of this application
program. I ts architecture consists of several
components that we discuss in this chapter.
Architecture
User Agent
Message Transfer Agent: SMTP
Message Access Agent: POP and IMAP
Web-Based Mail
Topics discussed in this section:
26.11
Figure 26.6 First scenario in electronic mail
MUA: mail user agent
When the sender and the receiver of an
e-mail are on the same system,
we need only two user agents.

MUA:Outlook Express, Netscape
Messenger, Mozilla Thunderbird,
Eudora, Foxmail,.
26.12
Note
26.13
When the sender and the receiver of an
e-mail are on different systems,
Wikipidia shows a good example of
email operation (next page)
Note
26.14
Typical Email Operation (from Wikipidia)
Email servers DNS
name and IP
DNS query for MX
RR
Could also be
IMAP4
26.15
Clients Email Operation Mode
Remote terminal using SSH to email server
directly
Then uses MUA on email server
Such as Pine, Elm on Unix machines
Use MUA on a clients own computer
The MUA formats and sends email to
senders email server
Web-based email systems using web browser
Gmail, yahoo mail, hotmail,.
Spammer: program a simple code sending
email to email servers via SMTP protocol

26.16
Figure 26.11 Services of user agent
26.17
Some examples of command-driven
user agents are mail, pine,
and elm (under Unix).
Note
26.18
Some examples of GUI-based user
agents are Eudora, Outlook, and
Netscape.
Note
26.19
Figure 26.12 Format of an e-mail
26.20
Figure 26.13 E-mail address
Sender uses DNS query for MX record on the
domain name in order to find the name and IP
of the target email server

26.21
Figure 26.14 MI ME (Multipurpose I nternet Mail Extensions)
NVT: network virtual terminal
(telnet)
SMTP protocol only this data
26.22
MIME
User agents makes the translation between
non-ASCII data and ASCII email message
If you check the source file of an email that has
attachment, you will find the MIME usage
This is the main reason why your email with an
attachment becomes bigger?

26.23
Figure 26.15 MI ME header
26.24
Table 26.5 Data types and subtypes in MI ME
26.25
Table 26.6 Content-transfer-encoding
26.26
Figure 26.16 SMTP (Simple Mail Transfer Protocol) range
POP3 or IMAP4
26.27
Figure 26.17 Commands and responses
26.28
Figure 26.18 Command format
26.29
Table 26.7 Commands
26.30
Table 26.8 Responses
26.31
Table 26.8 Responses (continued)
26.32
Let us see how we can directly use SMTP to send an
e-mail and simulate the commands and responses we
described in this section. We use TELNET to log into port
25 (the service port for SMTP). We then use the
commands directly to send an e-mail.

Through this process, you can see why you cannot trust
the sender or any part of a received email, why email
spam is so easy to be generated.
Example 26.3
Sample email sending using telnet
telnet longwood.cs.ucf.edu 25
C: HELO fake.domain
S: 250 Hello crepes.fr, pleased to meet you
C: MAIL FROM: <alice@crepes.fr>
S: 250 alice@crepes.fr... Sender ok
C: RCPT TO: <bob@gmail.com>
S: 250 bob@gmail.com ... Recipient ok
C: DATA
S: 354 Enter mail, end with "." on a line by itself
C: from: fake man <fake@fake.fake.fake>
C: to: dr. who <who@who>
C: subject: who am I?
C: Do you like ketchup?
C: How about pickles?
C: .
S: 250 Message accepted for delivery
C: QUIT
S: 221 longwood.cs.ucf.edu closing connection
Try SMTP interaction for yourself:
telnet servername 25
see 220 reply from server
enter HELO, MAIL FROM, RCPT TO, DATA, QUIT
commands
mail from the domain may need to be
existed
rcpt to the user needs to be existed
A mail server may or may not support relay
Enable you send email without using email user agent

What is email open relay?
An open mail relay is an SMTP server configured in
such a way that it allows anyone on the Internet to send
e-mail through it, not just mail destined to or originating
from known users.
This used to be the default configuration in many mail
servers and it was the way the Internet was initially set
up
But open mail relays have become unpopular due to
their exploitation by spammers. Many relays were
closed, or were placed on blacklists by other servers.
26.35
From wikipiedia: http://en.wikipedia.org/wiki/Open_mail_relay

Email Server in Our Department
EECS email server: longwood.eecs.ucf.edu
Before this year, CS email server supports
relay from inside campus
You can use telnet to send manual email from
any computer inside campus network
Now it is more restrict, only support relay
from some fixed computers (such as eustis
Unix machine)
Eustis machine: eustis.eecs.ucf.edu
26.36
26.37
NOTES: Ethnical Issue on Manual Sending Email
Do not try to use telnet on department email
server except for the homework!
Do not try to use it to spam your friends
without upfront notice!
26.38
Figure 26.19 POP3 (Post Office Protocol) and I MAP4 (I nternet Mail Access
Protocol)
26.39
Figure 26.20 The exchange of commands and responses in POP3
40
POP3 protocol (tcp: 110)
authorization phase
client commands:
user: declare username
pass: password
server responses
+OK
-ERR
transaction phase, client:
list: list message numbers
retr: retrieve message by
number
dele: delete
quit
C: list
S: 1 498
S: 2 912
S: .
C: retr 1
S: <message 1 contents>
S: .
C: dele 1
C: retr 2
S: <message 1 contents>
S: .
C: dele 2
C: quit
S: +OK POP3 server signing off

S: +OK POP3 server ready
C: user bob
S: +OK
C: pass hungry
S: +OK user successfully logged on
Length(bytes)
Telnet example
26.41
POP3 and IMAP4
IMAP4 provides more functionalities
Both POP3 and IMAP4 have corresponding
encrypted protocols

26.42
Web-based Email
Email clients use web browser for all
interactions
A user can access his/her email at any where,
via any computer that has Internet access
Email provider may provide more functions
Gmail has very good search capability
Gmail has the message grouping function
Many provide bundled services with their
other products
Voice/video, photo sharing, .


26.43
26-3 FILE TRANSFER
Transferring files from one computer to another is one
of the most common tasks expected from a networking
or internetworking environment. As a matter of fact,
the greatest volume of data exchange in the I nternet
today is due to file transfer.
File Transfer Protocol (FTP)
Anonymous FTP
Topics discussed in this section:
26.44
FTP uses the services of TCP. It needs
two TCP connections.

The well-known port 21 is used for the
control connection and the well-known
port 20 for the data connection.
Note
26.45
Figure 26.21 FTP
26.46
Figure 26.22 Using the control connection
26.47
Figure 26.23 Using the data connection
26.48
Example 26.4 (continued)
26.49
We show an example of anonymous FTP. We assume that
some public data are available at internic.net.
Example 26.5
We show an example of anonymous FTP. We assume that
some public data are available at internic.net.
continued on next slide
26.50
Example 26.5 (continued)
26.51
Dying of FTP
People seldom use FTP nowadays
Replaced with two ways:
Web-based file upload/download
Browser shows a directory content if the
directory does not have a default html file
SSH-based file transfer