Node.js and its universe

It’s absolutely no doubt that JavaScript is ruling the web world.JavaScript’s rising popularity has brought with it a lot of changes, and the face of web development today is dramatically different. The things that we can do on the web nowadays with JavaScript running on the server, as well as in the browser, were hard to imagine.

As official website states: “Node.js® is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient.” In simple words we can say that this technology runs JavaScript on server side.

Node.js was introduced late in 2009 by Ryan Dahl at a JavaScript conference with an idea to enrich the server side with the power of JavaScript. Back in past most of the real time web application are created by using client server architecture. In such architecture we have to use two different languages for client side and server side scripting for example we use php as a server side language  and JavaScript for scripting in client side.

But node.js removes this conflict, Now we can write real time as well as complex web applications in just one language using node.js. This will definitely removes the overhead of bridging both languages and debugging them individually.

Node.JS owes its incredible speed and performance to a technique called the event loop and The fact that it runs on top of V8, the JavaScript interpreter and virtual machine that Google Created to make their Chrome web browser run impossibly fast

Installing Node

Node.js is very easy to install. If you’re using Windows or Mac, installers are available on the download page.

Installing on windows

On Windows, go to http://nodejs.org and download the MSI installer. Every release of node has a corresponding MSI installer that you need to download and execute. The filename follows the format nodev?.?.?.msi. Upon executing it, simply follow the instructions in the setup wizard shown in fig

To ensure that the installation worked, open the shell or command prompt by running cmd.exe and typing

node –version.

The version name of the package you just installed should display.

Installed Node. What Next?

Once installed you’ll have access to a new command called “node”. Now Open the node command and run this command to check if it’s working

node –version

You can see it simply output your node version on screen

You can use the node command in two different ways. The first is with no arguments. This will open an interactive shell (REPL: read-eval-print-loop) where you can execute raw JavaScript code. The other way to run Node is by providing it a JavaScript file to execute. This is almost always how you’ll be using it.

To open REPL simply type node on command prompt the cursor will now come in next line with a “ > ” sign here you can write and evaluate JavaScript code if you’re a beginner with javascript you can test your expressions here. Type following to test environment

console.log(‘Hello World’);

Further you can try this

object.keys(global)

Secondly you can write your code on a js file and execute it with node command

Open Your favorite text editor and write these lines and save it first.js.

var http = require(‘http’);

var serv = http.createServer(function (req, res) {

res.writeHead(200, { ’Content-Type’: ’text/html’ });

res.end(’<marquee>Node Running Everywhere!</marquee>’);});

serv.listen(3000);

Run the file:

open shell or node command prompt and type

node first.js

In the above code snippet, you’re harnessing the power of Node to script a fully compliant HTTP server that serves a basic HTML document.

Node.js use asynchronous callbacks. Basically when you tell it to do something and when it’s done it will call your function (callback). This is because Node is single-threaded. While you’re waiting on the callback to fire, Node can go off and do other things instead of blocking until the request is finished.

This is especially important for web servers. It’s pretty common in modern web applications to access a databases. While you’re waiting for the database to return results Node can process more requests. This allows you to handle thousands of concurrent connections with very little overhead, compared to creating a separate thread for each connection.

Further we will discuss more about npm –  the package manager for node.js and other powerful features of it.

IP Spoofing

IP SPOOFING:

“IP address spoofing” is a technique that involves replacing the IP address of an IP packet’s sender with another machine’s IP address.

IP spoofing refers to connection hijacking through a fake Internet Protocol (IP) address. IP spoofing is the action of masking a computer IP address,so that it looks like it is authentic.

• IP Spoofing is a technique used to gain unauthorized access to computers.
  • `IP: Internet Protocol
  • `Spoofing: using somebody else’s information
• Exploits the trust relationships.

Types of IP Address:

1. IP is connectionless, unreliable
2. TCP connection-oriented

A Blind Attack:

Host I can not see what Host V send back

 IP SPOOFING STEPS:

1. Selecting a target host (the victim)
2. Identify a host that the target “trust”
3. Disable the trusted host, sampled the target’s TCP sequence
4. The trusted host is impersonated and the ISN forged.
5. Connection attempt to a service that only requires address-based authentication.
6. If successfully connected, executes a simple command to leave a back-door.

IP Spoofing Attacks:

• Man in the middle-Packet sniffs on link between the two end points, and therefore can pretend to be one end of the connection.
• Routing-redirects routing information from the original host to the attacker’s host.
• Flooding / Smurfing-The attacker redirects individual packets by the hacker’s host.

Attacks:

Flooding: SYN flood fills up the receive queue from random source addresses.

Smurfing:  ICMP packet spoofed to originate from the victim, destined for the broadcast address, causing all hosts on the network to respond to the victim at once.

IP-Spoofing Facts:

• IP protocol is inherently weak
• Makes no assumption about sender/recipient
• Nodes on path do not check sender’s identity
• There is no way to completely eliminate IP spoofing
• Can only reduce the possibility of attack

Disable Ping Command:

• ping command has rare use
• Can be used to trigger a DOS attack by flooding the victim with ICMP packets
• This attack does not crash victim, but consume network bandwidth and system resources
• Victim fails to provide other services, and halts if runs out of memory

FIREWALL:

• Limit traffic to services that are offered
• Control access from within the network
• Free software: ipchains, iptables
• Commercial firewall software
• Packet filters: router with firewall built-in
• Multiple layer of firewall