A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system.
When a client attempts to start a TCP connection to a server, the client and server exchange a series of messages which normally runs like this:
- The client requests a connection by sending a SYN (synchronize) message to the server.
- The server acknowledges this request by sending SYN-ACK back to the client, which,
- Responds with an ACK, and the connection is established.
This is called a three-way handshake.
A malicious client can skip sending this last ACK message. The server will wait for this bit for some time, as simple network congestion could also be the cause of the missing ACK.
If this so called half-open connection binds resources on the server or the server software is licensed per-connection, as is the case in many operating systems, it may be possible to take up all these resources or run out of CALs by flooding the server with SYN messages. Once all resources or CALs set aside for half-open connections are reserved no new connections (legitimate or not) can be made, resulting in denial of service. Some systems may malfunction badly or even crash if other OS functions get starved of resources this way.
Countermeasures include SYN cookies or limiting the number of new connections from a source per timeframe.
External link
- [http://www.cert.org/advisories/CA-1996-21.html Official CERT advisory on SYN Attacks]
Syn flood
Denial-of-service attack
A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system.
Methods of attack
A DoS attack can be perpetrated in a number of ways. There are three basic types of attack:
# consumption of computational resources, such as bandwidth, disk space, or CPU time
# disruption of configuration information, such as routing information
# disruption of physical network components
A nuke attack sends a packet, usually ICMP, which is malformed or fragmented in an invalid way, triggering a bug in the operating system and crashing the targeted computer. This is known as the ping of death.
WinNuke is a similar kind of attack, exploiting the vulnerability in the NetBIOS handler in Windows 95. A string of out-of-band data is sent to TCP port 139 of the victim machine, causing it to lock up and display a Blue Screen of Death. This attack was very popular between the IRC-dwelling script kiddies, due to easy availability of a user-friendly click-and-crash WinNuke program.
Various DoS-causing exploits can cause server-running software to get confused and fill the disk space or consume all available memory or CPU time.
Other kinds of DoS rely primarily on brute force, flooding the target with an overwhelming flux of packets, oversaturating its connection bandwidth or depleting target's system resources. Bandwidth-saturating floods rely on the attacker having higher bandwidth available than the victim; common way of achieving this today is via Distributed Denial of Service, employing a botnet. Other floods may use specific packet types or connection requests to saturate finite resources by, for example, occupying the maximum number of open connections or filling the victim's disk space with logs.
An attacker with access to a victim computer can bring it to a crawl or even to a crash by using a fork bomb.
On IRC, IRC floods are a common electronic warfare weapon.
Ping flood is based on sending the victim an overwhelming number of ping packets, usually using the "ping -f" command. It is very simple to launch, and a T1 owner can easily defeat a dial-up user.
SYN flood sends a flood of TCP/SYN packets, often with a forged sender address. Each of these packets is handled like a connection request, causing the server to spawn a half-open connection, by sending back a TCP/SYN-ACK packet, and waiting for an TCP/ACK packet in response from the sender address. However, because the sender address is forged, the response never comes. These half-open connections saturate the number of available connections the server is able to make, keeping it from responding to legitimate requests until after the attack ends.
A smurf attack is one particular variant of a flooding DoS attack on the public Internet. It relies on mis-configured network devices that allow packets to be sent to all computer hosts on a particular network via the broadcast address of the network, rather than a specific machine. The network then serves as a smurf amplifier. In such an attack, the perpetrators will send large numbers of IP packets with a faked source address, that is set to the address of the intended victim. To combat Denial of Service attacks on the Internet, services like the Smurf Amplifier Registry have given network service providers the ability to identify misconfigured networks and to take appropriate action such as filtering.
A "banana attack" is another particular type of DoS. It involves redirecting outgoing messages from the client back onto the client, preventing outside access, as well as flooding the client with the sent packets.
Attempts to "flood" a network with bogus packets, thereby preventing legitimate network traffic, are the most common form of attack, often conducted by disrupting network connectivity with the use of multiple hosts in a distributed denial-of-service attack or DDoS. Specific means of attack include: a smurf attack, in which excessive ICMP requests are broadcast to an entire network; bogus HTTP requests on the World Wide Web; incorrectly formed packets; and random traffic. The source addresses of this traffic is usually spoofed in order to hide the true origin of the attack. Due to this and the many vectors of attack, there are not comprehensive rules that can be implemented on network hosts in order to protect against denial-of-service attacks, and it is a difficult feat to determine the source of the attack and the identity of the attacker. This is especially true with distributed attacks.
Attacks can be directed at any network device, including attacks on routing devices and Web, electronic mail, or Domain Name Systemservers.
Effects of DoS
Denial of Service attacks can also lead to problems in the network 'branches' around the actual computer being attacked. For example, the bandwidth of a router between the Internet and a LAN may be consumed by a DoS, meaning not only will the intended computer be compromised, but the entire network will also be disrupted.
If the DoS is conducted in a sufficiently large scale, entire geographical swathes of Internet connectivity can also be compromised by incorrectly configured or flimsy network infrastructure equipment without the attacker's knowledge or intent. For this reason, most, if not all ISPs ban the practice.
Distributed denial-of-service attacks
In a distributed attack, the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and direct the attack, often through a botnet. With enough such slave hosts, the services of even the largest and most well-connected websites can be denied.
Unintentional/non-malicious DDoS attacks
This describes a situation where a website ends up denied, not due a deliberate attack by a single individual or group of individuals, but simply due a sudden enormous spike in popularity. This can happen when an extremely popular website posts a prominent link to a second, less well-prepared site, for example, as part of a news story. The result is that a significant proportion of the primary site's regular users - potentially hundreds of thousands of people - click that link in the space of a few hours, having the same effect on the target website as a DDoS attack.
News sites and link sites - sites whose primary function is to provide links to interesting content elsewhere on the Internet - are most likely to cause this phenomenon. The canonical example is the Slashdot effect, though sites such as Digg and Fark have their own corresponding "Effects".
Surviving distributed attacks
There are steps that can be taken to mitigate the effects of a DDoS attack. As mentioned in the previous section, the first thing to start is the investigative process. One determines which core router (a router that handles Internet backbone traffic) is passing the packets to one's border router (a router that connects his or her network to the Internet). One would contact the owners of the core router, likely a telecom company or the internet service provider, and inform them of his or her problem. Ideally, there will be a process in place which can expedite one's requests for help. They, in turn, need to determine where the malicious traffic reaches their network and contact the source. By that point, it is out of one's hands.
Since it is not likely that the administrator will be able to quickly stop the DDoS flood, there are a few steps which might help mitigate the attack temporarily. If the target is a single machine, a simple IP address change can end the flood. The new address can be updated on internal DNS servers and given to a few crucial external users. This is especially useful for key servers (e.g. email or database) under attack on one's network.
There is a chance that some filtering techniques can help. If the attack is unsophisticated, there might be a specific signature to the traffic. A careful examination of captured packets sometimes reveals a trait on which you can base either router ACLs (access control lists) or firewall rules. Additionally, a large amount of traffic may originate from a specific provider or core router. If that is the case, one might consider temporarily blocking all traffic from that source, which should allow a portion of legitimate activity through. One would also be blocking "real" packets, or legitimate traffic, but this may be an unavoidable sacrifice. However, depending on the method of attack, this option may be unavailable to you if, for example, the participants' IP addresses are spoofed.
A final option, one which might be available to larger companies and networks, is to throw more hardware or bandwidth at the flood and wait it out. Again, it is not the best solution, nor the least expensive one. It may provide a temporary fix, nevertheless.
The investigative process should begin immediately after the DoS attack begins. There will be multiple phone calls, call backs, emails, pages and faxes between the victim organization, one's provider and others involved. It is a time consuming process, so the process should begin immediately. It has taken some very large networks with plenty of resources several hours to halt a DDoS.
External links
- [http://staff.washington.edu/dittrich/misc/ddos/ Dave Dittrich's DDoS page]
- [http://chinese-school.netfirms.com/computer-article-denial-of-service.html Distributed Denial of Service Attacks] - general information of Distributed Denial of Service Attacks (DDoS)
- [http://www.surasoft.com/articles/ddosa.php SuraSoft DDoS] - DDoS Case study, concepts & protection
- [http://www.DoS-Attacks.com DoS/DDoS Attacks] - Everything you ever wanted to know about DoS/DDoS Attacks
- [http://www.tik.ee.ethz.ch/~ddosvax/ DDoSVax Research Project] - at [http://www.ethz.ch/ Swiss Federal Institute of Technology] in Zürich - [http://www.honeypots.net/incidents/ddos-mitigation DDoS Mitigation Techniques] - research papers and presentations
- [http://www.denialinfo.com/ www.denialinfo.com] - Denial of Service (DoS) Attack Resources
- [http://newssocket.com/foonet/ www.newssocket.com] - Distributed Denial of Service (dDoS) for hire
- [http://www.grc.com/dos/drdos.htm Dos attacks explained by grc.com]
Category:Computer securityja:DoS攻撃
Server
: This article is about computer servers. For food service use, see waiter.
In computing, a server is:
- A computer softwareapplication that carries out some task (i.e. provides a service) on behalf of yet another piece of software called a client. In the case of the Web: An example of a server is the Apache web server, and an example of a client is the Internet Explorerweb browser or the Mozilla web browser. Other server (and client) software exists for other services such as e-mail, printing, remote login, and even displaying graphical output. This is usually divided into file serving, allowing users to store and access files on a common computer; and application serving, where the software runs a computer program to carry out some task for the users. This is the original meaning of the term. Web, mail, and database servers are what most people access when using the Internet.
- Over the years, the term has been misinterpreted (but in common usage now) to also mean the physical computer on which the server software runs. Software ultimately requires computer hardware to run, and originally server software would be run on a large powerful computer such as a mainframe computer or minicomputer. These have largely been replaced by computers built using a more robust version of the microprocessor technology than is used in personal computers, and the term "server" was adopted to describe microprocessor-based machines designed for this purpose. In a general sense, "server" machines have high-capacity (and sometimes redundant) power supplies, a motherboard built for durability in 24x7 operations, large quantities of ECCRAM, and fast I/O subsystems employing technologies such as SCSI, RAID, and PCI-X or PCI Express. It is important to note, however, that computers referred to as "servers" do not necessarily run any server software, nor is it required that server software only be run on these types of computers.
Usage
Sometimes this dual usage can lead to confusion, for example in the case of a web server. This term could refer to the machine which stores and operates the websites, and it is used in this sense by companies offering commercial hosting facilities. Alternatively, web server could refer to the software, such as the Apache HTTP server, which runs on such a machine and manages the delivery of web page components in response to requests from web browserclient.
Server hardware
A server computer shares its resources, such as peripherals (i.e printer: print server) and file storage (i.e. disk: file server), with the users' computers, called clients, on a network. Thus, it is possible for a computer to be a client and a server simultaneously, by connecting to itself in the same way a separate computer would.
Many new devices now come with server capabilities. The X-Internet, Web Services, and Microsoft's .NET initiative all work to make even the smallest system a server.
Many large enterprises employ numerous servers to support their needs. A collection of servers in one location is often referred to as a server farm. It is possible to configure the machines to distribute tasks so that no single machine is overwhelmed by the demands placed upon it (called load balancing), and this is often done for hosts that expect tremendous amounts of activity. The terminology can be even more confusing in this case because the client (or user) will connect to a remote host to access the server application, and that server application may need to access other server software and/or another server machine.
Servers are normally specialist machines developed over a couple of years to provide the reliability expected by the business users. Servers are not normally available through high street resellers and therefore can only be purchased from branded resellers.
Pricing for servers start as low as $700 for small, non redundant servers, while it is possible to specify a single server that costs over $100,000, applications that require this level of computing power are usually run on many smaller servers that are in a load balancing configuration.
Due to the continual demand for ever more powerful servers in ever decreasing spaces, companies such as Hewlett Packard, IBM and Dell have developed higher density configurations, the most notable of which is known as the blade server. Blade servers incorporate a number of server computers – sometimes as many as fourteen – each housed inside a high-density module known as a "blade", within the space typically occupied by a single computer.
- [http://www.sun.com/servers/index.jsp SUN Servers]
- [http://www.ibm.com/servers/ IBM Servers]
- [http://welcome.hp.com/country/uk/en/prodserv/servers.html HP Servers]
- [http://www1.us.dell.com/content/topics/segtopic.aspx/products40/categories/en/servers_beta?c=us&cs=555&l=en&s=biz Dell Servers]
Server operating systems
The rise of the microprocessor-based server was facilitated by the development of several versions of the Unixoperating system to run on the Intel microprocessor architecture, including Solaris, Linux and FreeBSD. The Microsoft Windows series of operating systems also now includes server versions that support multitasking and other features beneficial for server software, beginning with Windows NT. The current Windows Server version is Windows Server 2003.
There are many servers running Linux versions such as Red Hat Linux, SUSE SLES, and Debian, which have generally proven to be more stable than Windows machines. There are an increasing number of servers running Mac OS X as organizations begin to realize the potential and stability that arises from having the hardware and software properly fitted and vetted. Most technical servers continue to be Sun, SGI, or HP workstations as they are proven and generally stable servers.
X Window server
The X Window System can cause some confusion in the understanding of servers and clients. One might expect that the "server" in X would refer to the computer on which individual programs are running and the client to be the computer the human user is physically in front of. In reality, an X server provides access (i.e. service) to computer input and output devices, such as monitors, keyboards, and mice. Thus the X client runs on the computer doing all the internal software computation, while the X server runs on the computer that actually displays the graphical output on its monitor, interacting with a human user.
The X Window System (which speaks the X protocol) is able to operate over a network, because it is designed to be client/server based. The only requirement for a client to connect to a server is a network connection. However, in most situations, the server and clients run on the same physical machine. In this case, either UNIX local sockets or a loopback interface act as transparent media for network connections between client and server.
Historical note
Mainframes and minicomputers were originally accessed using dumb terminals, which were unable to carry out any significant processing. This largely ended with the widespread use of personal computers, a.k.a. PCs, by users.
- [http://www.myserver.us/ Directory of Hosting/Server Providers]
- [http://www.cs.rice.ty.edu/CS/Systems/ScalaServer/ System support for scalable network servers]
- [http://www.kegel.com/c10k.html The C10K problem]
- [http://groups.google.de/groups?group=comp.programming.threads&threadm=580fae16.0312210310.1410bf2b%40posting.google.com Discussion "Writing a scalable server"]
- [http://faqs.lomonline.de/what-is-a-server What is a server]
als:Serverko:서버ja:サーバsimple:Serverth:เซิร์ฟเวอร์
Early computers lacked operating systems. A human operator would manually load and run programs. When programs were developed to load and run other programs, it was natural to draw their name from the human job they replaced.
Most current usage of the term "operating system" today, by both popular and professional sources, refers to all the software that is required in order for the user to manage the system and to run third-party application software for that system. That is, the common understanding includes not only the low-level "kernel" that interacts directly with the hardware, but also libraries required by applications as well as basic programs to manipulate files and configure the system.
The exact delineation between the operating system and application software is not precise, however, and is occasionally subject to controversy. For example, one of the key questions in the United States v. Microsoftantitrust trial was whether Microsoft's Internet Explorerweb browser was part of its Windows operating system or if it was a separable piece of application software. As another example, the GNU/Linux naming controversy is, in part, due to disagreement about the relationship between the Linux kernel and the Linux operating system.
The lowest level of any operating system is its kernel, the first layer of software loaded into computer memory when it starts up. As the first software layer, all other software that gets loaded after it depends on this software to provide them with various common core services. These common core services include, but are not limited to: disk access, memory management, task scheduling, and access to other hardware devices. Like the term "operating system" itself, the question of what exactly should form the "kernel" is subject to some controversy—with various camps advocating "microkernels", "monolithic kernels", and so on—with debates over whether things like file systems should be included in the kernel.
System Calls
System calls are operations/services that are requested by applications from the operating system. As noted on the System Call page, "System calls often use a special machine code instruction which causes the processor to change mode (e.g. to "supervisor mode" or "protected mode")."
Common core services
As operating systems evolve, ever more services are expected to be common core. Since the 1990s, OS's have often been required to provide network and Internet connectivity. They may be required to protect the computer's other software from damage by malicious programs, such as viruses. The list of common core services is ever expanding.
Programs communicate with each other through application programming interfaces, similar to how humans interact with programs through user interfaces. This is especially true between application programs and the OS. The OS's common core services are accessed by application programs through the OS's APIs. Thus an OS enables the communication between hardware and software.
CPU scheduling is also a main function of the operating system.
See also: POSIX
Today's operating systems
Firstly, there is a distinction between console OS's, using only the keyboard for input, such as DOS, and the modern visual OS's, focusing on the mouse and using a GUI (sometimes implemented as a shell around the former). Secondly, which OS can be used often depends on the hardware architecture, most specifically the CPU that is used, with only Linux and BSD running on almost any architecture. In the past there have been many types of OS's, but starting in the 1990's the choice for personal computers has come to be largely restricted to the Microsoft Windows family and the Unix-like family, of which Linux is becoming the major representative. Mainframe computers and embedded systems use a variety of different operating systems, many with no direct connection to Windows or Unix, but mostly closer to Unix than Windows.
- Personal computers
- IBM PC compatible - smaller Unix-variants, like Linux and BSD, and Microsoft Windows
- Apple Macintosh - Mac OS X, Linux and BSD
- Mainframes - Unix variants, Microsoft Windows and a score of other OS's, mostly related to Unix
- Embedded systems - a variety of dedicated OS's, and limited versions of Linux or other OS's
Unix-like systems
Embedded system.]]
The Unix-like family is a diverse group of operating systems, with several major sub-categories including System V, BSD, and Linux. The name "Unix" is a trademark of The Open Group which licenses it for use to any operating system that has been shown to conform to the definitions that they have cooperatively developed. The name is commonly used to refer to the large set of operating systems which resemble the original Unix.
Unix systems run on a wide variety of machine architectures. They are used heavily as server systems in business, as well as workstations in academic and engineering environments. Free software Unix variants, such as Linux and BSD, are increasingly popular. They have made inroads on the desktop market as well, particularly with "user-friendly" Linux distributions such as Ubuntu Linux.
Some proprietary Unix variants like HP's HP-UX and IBM's AIX are designed to run only on that vendor's proprietary hardware. Others, such as Solaris, can run on both proprietary hardware and on commodity x86 PCs. Apple's Mac OS X, a BSD variant derived from NeXTSTEP and FreeBSD, has replaced Apple's earlier (non-Unix) Mac OS in a small but dedicated market, in the process becoming the most popular proprietary Unix system.
Over the past several years, free Unix systems have supplanted proprietary ones in many markets. For instance, scientific modeling and computer animation were once the province of SGI's IRIX. Today, they are dominated by Linux-based clusters.
Microsoft Windows
IRIX
The Microsoft Windows family of operating systems originated as a graphical layer on top of the older MS-DOS environment for the IBM PC. Modern versions are based on the newer Windows NT core that first took shape in OS/2. Windows runs on 32- and 64-bit Intel and AMD computers, although earlier versions also ran on the DEC Alpha, MIPS and PowerPC architectures (and there was work in progress to make it work also on the SPARC architecture).
Today, Windows is a popular desktop operating system, enjoying a near-monopoly of around 90% of the worldwide desktop market share. It is also widely used on low-end and mid-range servers, supporting applications such as web servers and database servers. In recent years, Microsoft has spent significant marketing and R&D money to demonstrate that Windows is capable of running any enterprise application (see the TPC article).
Other operating systems
Mainframe operating systems, such as IBM's z/OS, and embedded operating systems such as QNX, eCos, and PalmOS, are usually unrelated to Unix and Windows, except Windows CE, Windows NT Embedded 4.0 and Windows XP Embedded which are related to Windows and several - BSDs and Linux distributions tailored for the requirements of an embedded system.
Older operating systems which are still used in niche markets include the Windows-like OS/2 from IBM; VMS from Hewlett-Packard (formerly DEC); Mac OS, the non-Unix precursor to Apple's Mac OS X; RISC OS, which is specifically designed to run on ARM processor architectures; and AmigaOS, the first graphical user interface (GUI) based operating system with advanced multimedia capabilities available to the general public.
Research and development of new kinds of operating systems is an active subfield of computer science. Microsoft Singularity is a research project to develop an operating system with better memory protection.
:
An operating system is conceptually broken into three sets of components: a user interface (which may consist of a GUI and/or a command line interpreter or "shell"), low-level system utilities, and a kernel--which is the heart of the operating system. As the name implies, the shell is an outer wrapper to the kernel, which in turn talks directly to the hardware.
Hardware <-> Kernel <-> Shell <-> Applications
| |
+----------+
1 2 3
In some operating systems the shell and the kernel are completely separate entities, allowing you to run varying combinations of shell and kernel (e.g. UNIX), in others their separation is only conceptual.
Kernel design ideologies include those of the monolithic kernel, microkernel, hybrid kernel(modified micro kernel) and exokernel. Many of the major commercial systems such as UNIX, Windows (dos based), and Linux use a monolithic approach, some systems use a microkernel (such as in AmigaOS, QNX, and BeOS) and others like Apple's Mac OS X and Microsoft Windows NT line use the hybrid approach. The microkernel approach is also very popular among research operating systems. Both approaches have produced successful systems and have their advantages. Many embedded systems use ad hoc exokernels.
- [http://www.world-os.com World-Os.com a website dedicated the operating system]
- [http://dmoz.org/Computers/Software/Operating_Systems/ Operating systems at dmoz.org]
- [http://cliki.tunes.org/Operating%20Systems Operating systems at TUNES] - wiki with reviews of operating systems
- [http://www.cbi.umn.edu/iterations/haigh.html Multics History] and the history of operating systems
- [http://www.elook.org/computing/operating-system.htm operating system at elook.org] - explains what an operating system is and provides various examples
- [http://mega-tokyo.com/osfaq2/ The "Write Your Own Operating System" OS Developer FAQ]
- [http://computer.howstuffworks.com/operating-system.htm How OSs Work]
- [http://www.groovyweb.uklinux.net/index.php?page_name=Operating%20system%20programming Operating System Programming] - tutorials and source code
- [http://www.osdata.com Operating Systems Technical Comparison]
- [http://www.osdcom.info/ OSDEV Community] - Amateur OS Development
- [http://www.osdever.net/ BonaFide OS Development] - resource for operating system developers
- [http://www.oshistory.net/ OS History] - Historic timeline of Non-Unix OS Developments
- Humor: [http://www.webaugur.com/bibliotheca/field_stock/os-airlines.html If OS's Were Airlines]
zh-min-nan:Chok-gia̍p hē-thóngals:Betriebssystemko:운영 체제ms:Sistem pengoperasianja:オペレーティングシステムsimple:Operating systemth:ระบบปฏิบัติการ
CALS
Computer-Aided Acquisition and Logistic Support (CALS) is a strategy for paperless process control.
CALS
SYN cookies
SYN cookies are particular choices of TCPinitial sequence numbers (ISNs) by TCP servers. SYN cookies are used to defend against a type of denial of service attack known as SYN flooding. Special calculations are used to create initial sequence number so that the difference between the server's ISN and the client's ISN is:
- top 5 bits: tmod 32, where t is a 32-bit time counter that increases every 64 seconds;
- next 3 bits: an encoding of a maximum segment size (MSS) selected by the server in response to the client's MSS;
- bottom 24 bits: a server-selected secret function of the client IP address and port number, the server IP address and port number, and t.
This choice of sequence number complies with the basic TCP requirement that sequence numbers increase slowly; the server's initial sequence number increases slightly faster than the client's initial sequence number.
A server that uses SYN cookies doesn't have to drop connections when its SYN queue fills up. Instead it sends back a SYN-ACK, exactly as if the SYN queue had been larger. (Exceptions: the server must reject TCP options such as large windows, and it must use one of the eight MSS values that it can encode.) When the server receives an ACK, it checks that the secret function works for a recent value of t, and then rebuilds the SYN queue entry from the encoded MSS.
----
This article includes text from http://cr.yp.to/syncookies.html
Talpidae
Les talpidés représentent une famille de mammifèresinsectivores. Ce groupe comprend des fouisseurs, des coureurs et des espèces aquatiques.
La famille des talpidés est divisée en trois sous-familles contenant les genres et espèces suivants :
- [http://sr.wikibooks.org/wiki/%D0%90%D0%B2%D0%B3%D1%83%D1%81%D1%82_%D0%A4%D0%BE%D1%80%D0%B5%D0%BB:%D0%93%D0%BB%D0%B0%D0%B2%D0%B0_XIX#.D0.91.D0.BE.D1.80.D0.B1.D0.B0_.D0.BF.D1.80.D0.BE.D1.82.D0.B8.D0.B2_.D0.BF.D0.BE.D1.80.D0.BD.D0.BE.D0.B3.D1.80.D0.B0.D1.84.D0.B8.D1.98.D0.B5. Август Форел: Борба против порнографије.]
Категорија:Друштвоорални секс или сексуално општење за новац. Особа која продаје сексуалне услуге је проститутка
- [http://sr.wikibooks.org/wiki/%D0%90%D0%B2%D0%B3%D1%83%D1%81%D1%82_%D0%A4%D0%BE%D1%80%D0%B5%D0%BB:%D0%93%D0%BB%D0%B0%D0%B2%D0%B0_XIX#.D0.91.D0.BE.D1.80.D0.B1.D0.B0_.D0.BF.D1.80.D0.BE.D1.82.D0.B8.D0.B2_.D0.BD.D0.BE.D0.B2.D1.87.D0.B0.D0.BD.D0.BE.D0.B3_.D0.BA.D1.83.D0.BB.D1.82.D0.B0. Август Форел: Борба против новчаног култа.]
Категорија:Друштво
Јасмина Михајловић
Јасмина Михајловић је рођена у Нишу, Србија. Писац је и књижевни критичар. Дипломирала је 1987. године на Филолошком факултету у Београду — Група за југословенске књижевности и општу књижевност. Од 1987. предавала је књижевност у средњим школама у Београду; 1989-19
Гарбиџ
Гарбиџ (Garbage) је међународна музичка рок група основана у Медисону у Висконсину, САД1993. године. Чланови бенда су:
- Ширли Менсон (вокал) (Shirley Manson) - Буч Виг (бубњеви) (Butch Vig) - Дјук Ериксон (гитара)
