private networks

gojericho0

Just some random questions and was wondering if anyone could share there knowledege

is there anyway some one could maliciously attack your computer from an outside network if your computer has a private IP address and the router you have uses NAT?

when you ping a domain such as google.com i get the ip address 64.223.167.147. When I goto centralops.net and do a domain lookup on this IP address it comes up as verizons domain and not googles.
Why is this?

when I do a domain lookup on google it comes up as
google.com IN A 216.239.37.99
google.com IN A 216.239.57.99
google.com IN A 216.239.39.99

Does this mean they have three webservers?

Last question...how can many domains (different websites) belong to the same IP address?

Thanks I got some more "Why is that questions" If you guys are willing to answer them

qsub

gojericho0 wrote:

when I do a domain lookup on google it comes up as
google.com IN A 216.239.37.99
google.com IN A 216.239.57.99
google.com IN A 216.239.39.99

Does this mean they have three webservers?

Yes, I would assume they're clustered servers (this wouldn't make sense since it's three ips) or backup servers, load balancing so one server doesn't get overloaded with search requests.

As for the domain question, this is a guess (someone correct me if I'm wrong)

Google.com = 64.223.167.147
64.223.167.147 redirection to = 216.239.37.99 or 216.239.57.99 or 216.239.39.99

I'm probably wrong on that one, but it's my guess. Interested in finding out though

lordy

gojericho0 wrote:

is there anyway some one could maliciously attack your computer from an outside network if your computer has a private IP address and the router you have uses NAT?

Basically, no. A NAT router keeps track of connections from the inside to the outside with a so called NAT-Table. If a packet is coming from the outside which can not be linked to any connection found in the NAT-Table it will be discarded. However, there are some weak NAT-Implementations around and advanced hackers could probably find a way to inject connections into the NAT-Table by sending malicious packets. The chances of that happening are however very very low.

when you ping a domain such as google.com i get the ip address 64.223.167.147. When I goto centralops.net and do a domain lookup on this IP address it comes up as verizons domain and not googles.
Why is this?

Here is one of the problems of DNS. Every information in DNS has a TTL (Time-to-Life) after which this information expires. So if Google had some strange DNS-Setup it could be corrected by now and there is no way to find out why this happened to you. Sorry

when I do a domain lookup on google it comes up as
google.com IN A 216.239.37.99
google.com IN A 216.239.57.99
google.com IN A 216.239.39.99

Does this mean they have three webservers?

This means that they have 3 devices listening on TCP-Port 80

My guess would be that these are some kind of load balancers (e.g. F5). Each of the load-balancers then has a bunch of web-servers behind them, so they do a simple load-balancing through DNS and a real load-balancing with hardware behind that.

Last question...how can many domains (different websites) belong to the same IP address?

This feature is mostly called "Virtual Domains" or the like and is a feature introduced with HTTP 1.1 in the early/mid 90's. When a client sends a HTTP 1.1 request to a webserver it includes a "Host" field which contains the name of the website the user wants to see (e.g. www.example.com). The webserver then replies with the according website. If the webserver cannot identify the website in the Host-field or it receives an HTTP 1.0 request it will most likely serve the first website configured (at least that's the case with Apache).

Thanks I got some more "Why is that questions" If you guys are willing to answer them

Don't hesitate to ask. A lot of people here enjoy sharing their knowledge.

Regards,
Lordy