Basics:
Understanding how the Internet basically works helps to understand how and why hacking, cracking, and other malicious activity works. It helps to understand where the weak spots are. It also helps to understand what a firewall does and how to set it up properly.
Everything on the Internet shares a common "language" or system of communications, called a protocol. It is called TCP/IP. The actual way information travels is almost identical to the way you would send a letter to someone. To start, you need to have at least a person's name, but, if you're like most people, you probably don't remember their address offhand. So, you'll have to consult your little black book to find their address. Computers do the exact same thing: they generally start with a name (e.g. Yahoo.com), but they have to run to their little black books to find out the address to which packets of information (which are like envelopes containing a letter) must go. So, they use one of these little black books, called a Domain Name Service (DNS), and do what is called a Domain Name Lookup to find the address where your piece of information is supposed to go. This address is called an IP address, and it consists only of numbers, because computers only speak in terms of numbers. Once they have an address, your packet of information can be sent out into the world just as if you had dropped your letter into a mailbox. Like the real postal system, computers may route your packet of information through all sorts of imtermediate points, depending upon where it has to go. Eventually, it will should end up at the recipients' (hosts') computer, or server. Of course, servers may have more than one site hosted at a particular address, just like you might send a letter to a home or business where more than one person resides. However, once your letter reaches the recipient's mailbox, it is up to whoever lives or works there to make sure that the right person gets it. Computers are no different; once your packet reaches their server, it is incumbent upon the folks running it to make sure that it reaches the right place.
Naturally, your envelope, or packet of data, will need an accurate reply address, since all Internet communication is two-way, meaning that you are expecting to get some sort of reply back (whether that's a webpage, an email, even a message posting, whatever.) This is automatically placed by your computer.
Obviously, if you gave the wrong name to lookup, or the DNS service had the wrong address, your packet of information would go to the wrong place. Maybe nowhere.
As you can see, the IP address is the important thing: it is what allows a packet of data to get to the right place on earth, just as the address on a letter is what matters to getting it to the right place.
There is another item that is extremely important, called ports. A port provides a mechanism for organizing incoming packets so they go to the right place at a particular IP address. This is exactly like the situation if you sent your letter to someone living in an apartment building: apartments usually have the same street address, so it's not good enough to jsut have the address. You also have to specify an apartment number in order to make sure it gets to the right place. If computers didn't use "apartments", or ports, then you would be restricted to only running one thing at a time; your couldn't use email, your web browser, and such simultaneously. If you tried, you'd be downloading that song from Napster in your browser and pieces of this webpage might be showing up in your email.
So, any communication on the Internet requires at least an IP address and a port. Since you're talking directly with another computer, you will have an IP address and communications will come from or go to ports on your computer. Likewise, the computer you're talking to will have an IP address and ports. The ports on your computer are called "local" ports and the IP address and ports on the computer with whom you're dealing are called "remote".
So, you've learned about this much: DNS servers take names and figure out the appropriate addresses. Computers on the Internet have a unique address just like every house and business has a street address. Ports provide a way of organizing data in those cases where more than one "person" lives at a particular address.
What can go wrong:
The 'Little Black Book:
Let's look for a few minutes at what can go wrong here. This is how many kinds of malicious acts work, and why you need to be extremely careful about what information you give out on the net.
DNS: Thinking back to the example of you sending a letter, what do you think could happen if you were sending something very private, and you sent it to the wrong person? Rather than sending a love letter to your beaux, you accidentally scribbled the address of your boss? ? That's pretty bad!
But the same thing can happen in this part of the process of accessing the Internet. It's possible to for the wrong IP address to be given for a particular name. Although DNS is usually very reliable and mistakes can happen, there are usually deliberate, malicious acts which cause your computer to be given the wrong IP address. The worst part is, there is usually little defense against this. This is called DNS hijacking. There are two kinds: Client-Side DNS hijacking, and Server-side DNS hijacking. In computers, client refers to somebody using a service, usually you. Client-side DNS hijacking means, then, that something on your computer caused you to get the wrong IP address, meaning your communications are going to the wrong place. There is at least one kind of spyware known to do this: the newer versions of the C2Media/Lop.com spyware. What happens is that they effectively replace your computer's "little black book" with their own, resulting in any loopups being sent to them.
Server-side DNS hijacking happens to the computer your computer contacts for to figure out what IP address corresponds to the name you've given, but it's the same thing: you're computer ultimately gets the wrong address, so any communications are going to the wrong place.
From here, a malicious person could direct those communications to a computer they control. What they do at this point depends on what their goal is. In the case of C2Media/Lop.com, the present goal seems to be to see what you're visiting. But a malicious person could just as easily direct your communication to the real destination, but to set up their computers to record any information passing between your computer and the real destination. Alternatively, they could also set up a fake website that looks like the site you're expecting. Little do you know that it's not the real thing.
As you can see, this is why I say that there is very little defense against this sort of thing. If you went to Yahoo.com and saw a site that looked just like Yahoo, and you saw the Yahoo name in your address bar along the top, and it looked like it was loading links and ads from yahoo.com, you'd certainly think you were at the legitimate site, right?
Unfortunately, DNS hijacking is becoming more common, although it's still rare overall. Worse still, it's still a gray area as to whether or not it's illegal.
Monitoring Communication in Transit:
There is also some risk of monitoring communications in transit, which we already touched on above. You might already know that thieves have been known to search though people's mailboxes looking for valuable items like pre-approved credit cards, right? There have even been cases of postal workers who steal them. That can also happen in computers.
One way is the packet sniffer. Packet sniffers are highly-useful tools for intercepting and monitoring data passing around the Internet. They are used legitimately by all Internet Service Providers, including yours, to check out performance. They are used by law enforcement to check out illegal activity. And they are used by businesses and amateurs to look for suspicious data coming into or leaving their computers and networks.
Of course, any tool that can be used for good can be used for unethical or illegal purposes. They can be used to read credit card numbers, SSNs, and other information in transit.
This is where the lion's share of work has been done, security-wise. Most respectable e-Commerce services at least use encryption to garble information so that data being monitored in transit cannot be readily deciphered. SSL and security "certificates" provide the means for setting the technique by which this scrambling occurs so that it can be unscrambled properly.
Unfortunately, the often unasked (and often un-told) how is data stored once it has reached it's destination. That is another severe weakness, but we'll get to that later.
Most Internet communcation does not use any form of encryption: it is too difficult to do that except in online commerce.
A similar problem, which we touched on, are called transparent proxies. Remember when we said that communications can be deliberately misrouted to a computer controlled by someone with, possibly, less-than-ethical intentions? That is a transparent proxy. It acts as a go-between between a client (you) and a server (whoever you're trying to talk to). Now, understand that proxies have very legitimate purposes, too. You might use software-based proxies like pop-up stoppers and cookie control software. That's usually very safe and very desirable. This is really a different thing although they are based (vaguely) on the same principle: they intercept information in transit. Software-based proxies look for certain things, like the codes to create a pop-up window, and filter them out. Some anonymization services allow you to talk to their computer, which, in turn, talks to the computer you want to do business with and vice versa: this is another kind of legitimate proxy.
However, some proxies are simply used for unethical purposes. Often legally. In 2001, Comcast began using proxies to monitor their customers so they could take information and sell it to marketers. Although popular outcry and the threat of lawsuits stopped this practice after six months, many 'legitimate' companies do make money this way and often bury notification of this in the fine print. Some do not include any fine print. Such monitoring has become standard on the Internet.
Wrong Return Address:
Another weakness is that it is possible for a computer to give a wrong return address. While this usually does not have privacy implications, it can pose serious problems. It can be done deliberately as a part of a Denial-of-Service attack (or DoS, not to be confused with the popular operating system, DOS.)
To understand was a DoS is, we need to go into slightly more detail. Remember when we said that in order to get a packet of data from your computer to a server, we had to address it with both the destination and your return address? That's basically what still happens. But in order to initiate a dialogue with another computer, there's a little more to it.
Simply put, you can't just send information to some computer out on the Internet and expect it to start talking back. Computers can become overloaded. What's more, they need to set up a structure so any data returning back to you is returned in the proper order. To do this, they need to handshake. What happens is that when your system first establishes contact (usually, right after you receive the proper IP address from DNS), you computer sends out a packet called a SYN TCP packet. SYN means that packet has a notation in it called SYNchronize. It basically is telling the other computer that you want to establish a new connection to it.
Normally, if all goes well, the server computer will response with an ACKnowledgement packet, which basically says, "Okay, I'm willing to talk to you." Also included in that packet is an ID number, which is used to ensure than any data sent to your computer (or from it) by the server is sent in the proper order.
Once your computer receives the ACK packet, it will send back one more with both SYN and ACK flags set. This tells the server that your computer is cleared to talk to the other computer and that it knows the ID number. Now, you computer can send data to the other computer at will and the other computer will send it back. Since data can take different routes between your computer and the server, the possibility exists that data can be sent back to you out-of-order. The ID number prevents that. It is not very useful for tracking a person, so don't sweat it.
Now, what happens in a DoS attack is that some computer sends out a packet with a false return address to what is usually a "zombie". Actually, the bogus return address is the "target". The zombie, blindly thinking someone wants to open a dialogue with it, sends an ACKnowledgement back to the target (since it has no way of knowing that this packet was actually not sent by computer whose IP address appears in the return address. The poor, confused target, depending on whether it has any security or what kind, may think somebody actually IS opening a connection, and might do so. Or, at least, it has to reply and say "no". What happens here is that, now, the zombie and the target can get flooded with connections, to the point where one of them can't accept any more. That is why it is called a "Denial-of-Service".
In case you were wondering, there are times when a computer can't talk right now. Either it is too busy or it is not accepting communications from certain IP addresses. When this happens, the server has a few options. Usually, it will send back a Negative AcKnowledgement packed (NAK), which basically says "I'm too busy to talk to you or you are not authorized to talk to me." In extreme cases, it may send another packet type called ICMP (Internet Control Message Protocol) with a subtype called Source Quench. That is basically geek terminology for saying "shut up and leave me alone".
This can often flag alerts in firewalls (especially the overly-sensitive Zone Alarm) because, occasionally, someone trying to conduct a DoS might try to use your computer as the "zombie" to attack the "target". Something like this occurred in February of 2000 to Yahoo, eBay, CNN, and some other big-name Internet businesses. Fortunately, as more computer users use firewalls, the chances of things like this being successful are diminishing.