Note: My Web pages are best viewed with style sheets enabled.
In my other Web pages, I use terms such as server and domain, which I need to define. Here are simplified definitions that might not be as complete or technically precise as an experienced computer professional might desire.
To simplify browsing, this page might appear in a window or tab separate from the pages where the terms are used. You can leave this page open and return to the page that sent you here without having to reload either. However, after this page has opened on one definition, the user who then selects another term will have to select this page to bring it in front.
Usually, a botnet results from infections by computer viruses or similar malware. The best way to avoid being infected by a botnet is to use effective anti-virus software that is updated regularly.
When a client requests a domain by name, the client's Internet connection accesses the nearest DNS to search its DNS table. If the domain name does not appear in that table, the DNS in turn accesses a farther DNS. This continues until either the name is found or the chain of DNSs is exhausted. Obviously, most DNSs contain www.yahoo.com in their tables. Less well-known domains are carried in only a few tables. All domains are carried in the tables at the root DNSs at the ends of the chains.
Headers are generated when a message is sent. Then more headers are added as the message travels through the Internet. A mail server will generally add even more headers when an E-mail message is received. Often, headers in spam messages are faked to prevent tracing their origins.
Technically, a header as described above is a header field. A group of header fields is the header section of a message. Samples of E-mail, newsgroup, and Web headers are presented in a text page to preserve their actual layout.
The classic IP address (IPv4) is in the form of four groups of 3-digit decimal numbers in the range 0-255 separated by periods; leading zeros in each group are omitted. The IPv4 scheme can result in 4,294,967,296 unique addresses. Many domains have multiple IP addresses to allow multiple connections at the same time. The IPv4 addresses for www.iswest.com range from 188.8.131.52 to 184.108.40.206.
Six-part IP addresses (IPv6) are gradually being introduced because of concerns that not enough distinct four-part IPv4 addresses can exist. With every smart cell-phone, WiFi hot spot, GPS device, router, and Internet-of-things (IoT) device having its own IP address and with many servers having multiple IP addresses, that concern is very real.
An IPv6 address is in the form of eight groups of 4-digit hexadecimal digits in the range 0-FFFF (0-65535) separated by colons. Leading zeros in each group are omitted. One set of consecutive groups that are all zeros may be replaced by a double colon (::). The number of unique IPv6 addresses is greater than 34 followed by 37 zeros. The IPv6 address for www.big-8.org is represented as 2a01:4f8:120:9382::145, which is actually 2a01:04f8:0120:9382:0000:0000:0000:0145.
When I used a dial-up modem for connecting to the Internet, I got a new IP address each time I connected. This is a dynamic IP address. Before I retired, I had a dedicated ethernet connection at work, which gave me a static, unchanging IP address. Often, DSL and cable modem connections are static; but some ISPs assign a new IP address each time a computer with such a connection reboots or when the modem reboots. If I am absent from my house for several days, I unplug my modem; when I return and plug in my modem, I sometimes get a new IP addreass.
If a domain moves from one host to another, a new IP address is assigned to the domain because IP addresses are associated with a particular host's connection to the Internet. Thus, the old IP address becomes available for reassignment to another domain on the old host.
In addition to domains, other connections to the Internet have IP addresses, including your own computer, which has the IP address
Note: If you connect to the Internet through a local router and then through a modem, that might be the IP address of either of those devices.
There are also dial-up pseudo-POPs, which are very similar to call-forwarding (and might even use that capability). If you dial a pseudo-POP, you actually connect to a different phone number. Thus, when I worked in Los Angeles County, I could call my ISP on a local phone number. I would then connect to a POP in Ventura County more than 40 miles away. If I were to dial the actual POP, it would not be a local call.
Servers generally operate in one of two modes:
Because many hosts only host one server, the term server is often used for the hardware; this can only cause confusion when the same platform is a host to multiple copies of a server or several different servers and might even host some clients. (Good system design, however, generally avoids having clients and servers hosted on the same platform.) Also, a given server might be launched on serveral different hosts when requested; this improves the responsiveness of the server.
A site certificate is digitally signed by a certificate authority (CA). A CA has a root certificate that is used to encrypt part of a site certificate, thereby signing the latter. Actually, there is usually an intermediate certificate that was signed by a root certificate; the intermediate certificate then signed the site certificate.
For all this to work, the site certificate is installed on the Web server along with any intermediate certificates; and the root certificate is installed in a database contained within the user's Web browser. (A frequent problem arises when those who maintain the Web server fail to install the necessary intermediate certificates.) Most browsers come with a large repertoire of root certificates. Also, for this to work, the Web pages are addressed beginning with https instead of http, the s indicating secure. The URI beginning with https must have the domain that agrees with the domain in the site certificate.
At the time this page was last updated, my browser was SeaMonkey 2.26, which had the UA string
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 SeaMonkey/2.49.4
(Note that the default UA string for this version of SeaMonkey is Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.4 where the insertion of Firefox/52.0 is a built-in spoof of Firefox. I have disabled that spoof.)
Your UA string is
NOTE: Accessing a Web page from a server while using a UA that leaves a blank or null UA string is contrary to RFC 1945 and might be considered abusive.
The symbolic address of a Web page or other Internet entity. The URI for this page is http://www.rossde.com/internet/intr_gloss.shtml.
While the term URI (uniform resource identifier) has replaced URL, URL remains in common usage. Although the definition of URI is more generalized than URL, the difference is mostly in technical details.
There is a convention that URIs in text should be bracketed, with a preference for using < and >. If a URI will appear split between two or more lines, this can be especially useful in determining the full extent of the URI. Thus, this page is at <http://www.rossde.com/internet/intr_gloss.shtml>; and my home page is at <http://www.rossde.com/index.html>. However, when entering a URI in a form on a Web page or within an HTML-formatted E-mail message, [ and ] might be a better choice for brackets since < and > have special meanings in HTML.
The WhoIs data for the domain www.wikipedia.org is
Domain Name: WIKIPEDIA.ORG Registry Domain ID: D51687756-LROR Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2015-12-12T10:16:19Z Creation Date: 2001-01-13T00:12:14Z Registry Expiry Date: 2023-01-13T00:12:14Z Registrar Registration Expiration Date: Registrar: MarkMonitor Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: email@example.com Registrar Abuse Contact Phone: +1.2083895740 Reseller: Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Registrant Organization: Wikimedia Foundation, Inc. Registrant State/Province: CA Registrant Country: US Name Server: NS0.WIKIMEDIA.ORG Name Server: NS1.WIKIMEDIA.ORG Name Server: NS2.WIKIMEDIA.ORG DNSSEC: unsigned
The WhoIs data for the IPv4 address 220.127.116.11 is
NetRange: 18.104.22.168 - 22.214.171.124 CIDR: 126.96.36.199/12 NetName: AMAZON-2011L NetHandle: NET-54-224-0-0-1 Parent: NET54 (NET-54-0-0-0-0) NetType: Direct Allocation OriginAS: AS16509 Organization: Amazon Technologies Inc. (AT-88-Z) RegDate: 2012-03-01 Updated: 2012-04-02 Ref: https://rdap.arin.net/registry/ip/188.8.131.52 OrgName: Amazon Technologies Inc. OrgId: AT-88-Z Address: 410 Terry Ave N. City: Seattle StateProv: WA PostalCode: 98109 Country: US RegDate: 2011-12-08 Updated: 2017-01-28 Comment: All abuse reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time. Ref: https://rdap.arin.net/registry/entity/AT-88-Z OrgTechHandle: ANO24-ARIN OrgTechName: Amazon EC2 Network Operations OrgTechPhone: +1-206-266-4064 OrgTechEmail: firstname.lastname@example.org OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN OrgAbuseHandle: AEA8-ARIN OrgAbuseName: Amazon EC2 Abuse OrgAbusePhone: +1-206-266-4064 OrgAbuseEmail: email@example.com OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN OrgNOCHandle: AANO1-ARIN OrgNOCName: Amazon AWS Network Operations OrgNOCPhone: +1-206-266-4064 OrgNOCEmail: firstname.lastname@example.org OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
No, do not ask me to explain each line in these WhoIs results.
Note: Because of privacy legislation in the European Union, the amount of information in a WhoIs entry for a European domain or IP address may be severely limited. To some extent, this impairs the usefulness of WhoIs for identifying the source of spam and malware.
Last updated 30 November 2018
"Internet" Table of Contents
David Ross home