Reading

<aside> <img src="/icons/bookmark_gray.svg" alt="/icons/bookmark_gray.svg" width="40px" />

Exploring the Geography of the Internet

• Normally, 20–30 hops are sufficient to traverse the entire Internet. The default TTL values are: Linux / Unix / macOS = 64, Windows = 128. TTL is designed to prevent packets from circulating endlessly in the case of routing loops. I personally think it’s interesting that the default setting is different, and it might in some way represent the attitude of different OS toward risk tolerance.
• When I tested with the command line ping, I observed:

rayrayrule@Mac ~ % ping -c 1 -m 7 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=59 time=14.170 ms

• From the reply, the TTL was 59, which implies that the return path consumed 64 - 59 = 5 hops.
• However, for my outbound packet to reach 1.1.1.1, the TTL needed to be at least 7, which means the forward path took 7 hops.
• → Since the forward path required 7 hops while the return path only took 5, this is an example of asymmetric routing. Q: In what circumstances will asymmetric routing happens? </aside>

<aside> <img src="/icons/bookmark_gray.svg" alt="/icons/bookmark_gray.svg" width="40px" />

Why Google Went Offline Today and a Bit about How the Internet Works

• In 2012, when the incident occurred, there were about 45,000 Autonomous Systems (ASes) worldwide. By 2025, that number has grown to around 120,000, nearly three times as many.
• Moratel (AS23947) mistakenly announced a prefix belonging to Google. Because this prefix was part of a critical route, traffic that should have gone directly to Google was misdirected.
• Prevention mechanisms include:
  • RPKI (Resource Public Key Infrastructure) – cryptographic validation of route announcements.
  • Route filtering – ISPs manually or automatically filter invalid prefixes.
  • MANRS (Mutually Agreed Norms for Routing Security) – a set of industry best practices to improve routing security.
• The BGP Best Path Selection Process determines the “best” route among multiple available paths, typically preferring the shortest AS path but also considering other attributes (local preference, MED, origin type, etc.). </aside>

Assignment

<aside> <img src="/icons/bookmark_gray.svg" alt="/icons/bookmark_gray.svg" width="40px" />

Setting Up a Virtual Host

• Risk of direct root login: Root has unlimited power, so any mistake can destroy the system; if attackers gain root credentials they instantly own the server; actions cannot be tied to individual users (no accountability); and root is a common brute-force target.
• Purpose of sudo: sudo (“superuser do”) lets normal users temporarily run administrator commands, ensures logs of who elevated privileges and when, allows limiting which commands can be run, and is safer than always being root since you normally operate as a regular user. </aside>

<aside> <img src="/icons/bookmark_gray.svg" alt="/icons/bookmark_gray.svg" width="40px" />

Setting Up a Firewall on a Linux Device

• After I set up the firewall and logged out of the virtual host, it showed the below error when I tried to login again:

  ssh: connect to host 138.197.66.181 port 22: Operation timed out
  

• This is because even if I already allow ssh, my port 22 is still closed, causing my ssh request not going through. This is resolved by login via the digital ocean browser console. </aside>

Other

Command line cheat sheet from TOWER.