Would it be possible to manually set or at least influence the path that a packet takes through the internet using socket programming for an application?
For e.g. suppose I don't want the program to send packets that go through routers based in country A, but to go around it instead.
Would that be possible? I am using C++ so advice in that context would be great but any language would be helpful as well.
No.
The whole point of packet-switched networks is that routing is determined collectively by the router located at each hop along the way. That is why they are called routers. It's fundamental to how a network as large as the internet can actually work in any useful way at all.
The originating machine does not and cannot hope to have enough information to decide on an inter-country network route and, even if it did, the rest of the internet would never abide by its decision.
Whatever bizarre and/or nefarious use you have in mind for this, you'll have to think of alternatives.
Related
So I've been looking into sockets and stuff, mostly c++. I've learned (not yet executed cuz I'm lazy) non-blocking IO, and once I actually start working on my project I may just have a really nice overall structure for the server to hold a lot of clients.
With the server it was always a given I'd have to port forward. And clients don't need to. But that got me thinking.
Torrent clients in general don't seem to need router port forwarding, and they're peer to peer. So how does that work??
Multiple times around the client you see "Port Forwarding". But what kind of port forwarding is that?
Am I missing something really freaking obvious here or just asking the wrong question? I can't seem to be able to find any answers to this.
So how does port forwarding for peer to peer work? If that's the right thing to even ask.
Thank you for your time!
Ok, so pay mentioned hole-punching which seems to be one of the techniques of NAT traversal, which basically "bypasses" or "goes through" NAT(and therefore port-forwarding).
I've now read a bit on this. Basically NAT makes it so traffic is routed to the specific system in question inside the network to which the port is open. As techniques such as hole-punching don't go though this system, there is no real way of knowing for and from which system inside the internal network it came from. One could just do something like using a key and encrypting traffic so that the only a certain computer inside the network with that key could decrypt it (would sorta be like a CA). Or if it's not sensitive info you could aswell just use random ports to connect to in each different system. A fairly big problem with this is that NATs may be different across routers so you might have to use different techniques and compatibility isn't assured.
Ok, so Hasturkun mentioned UPNP. I've also read a lil and basically it's a protocol that allows for your apps/programs to communicate with the router and set specific NAT rules for themselves, so it's like it basically does the port forwarding for you. It also means that unlike traversal techniques it drives the traffic directly to the desired system. One disadvantage is that it might not be active by default on your router, so then you can't use it at all. It's fairly "global" from what I've read, also unlike traversal.
All around IMO you should use both as an insurance policy, seems to me it'd be a hell of a lot of work, but anyways and as always, laziness leads nowhere.
I hope this could help someone as it helped me, have a nice day :D
So I have next situation - shared file system, over N alike machines. My app is run on all of them. I need to understand on which machine my app runs in each instance - some unique ID... Is there such thing, is it possible to emulate it? Is there any crossplatform library that would help with that?
There are two concerns here, security and stability of your matching.
Hardware characteristics are a good place to start. Things like MAC address, CPU, hdd identifiers.
These things theoretically can change. If a hdd failed you probably would lose whatever configuration you had on the system as well. I could see a system that sent a hash of each characteristic separately work alright. If 4 out of 5 matched, you could probably guess that their network card caught on fire and it was replaced.
If you just need a head count, you may not even be interested that this new system with a different signature used to be another one.
Usually, people aren't too concerned with security with these systems; they just want to track resources on a network. If someone wanted to spoof the hardware identifiers they could. For simple cases, I would look into an installer that registered a salted identifier. If you really need something terribly secure you might start looking at commercial products (or ask another question about the security aspects specifically).
Both of these are error prone obviously. I'm not sure you should even fully automate it in those cases. Think about a case where network cards were behaving weird and you swapped them with another machine.
Human eyes are pretty good, let an administrator use them. At worst, they can probably figure things out with a quick email. Just give them enough information to make an informed decision when something does go wrong. Really, if you just log everything a human should be able to recreate the scenario and make a decision. Most of these things won't change daily. There is more work when hardware fails, not every day.
Abis is the signals which are passed from BTS to BSC in mobile networks. The work they want to do is to collect the messages from BTS, analyse it to find some specific errors etc. So for doing these, I have to actually know how to do protocol analyser. the language which i am told is to use is c or CPP.
There are three main stages on analysing data for any protocol:
Capturing or generating the network traffic: For mobile networks, that generally involves very expensive receiver hardware - hardware that usually comes with its own analyser software that will be far better than anything you might code yourself. Base stations may allow for a way to monitor their operation and capture data. It is also theoretically possible to repurpose other hardware (e.g. a cell phone or a lab instrument), or to generate the data using a simulator.
Extracting the data of interest: You need to extract and isolate the data for the protocol that interests you. Depending on the encapsulation and encryption properties of the network, that might be impossible for data captured in the wild - in that case you'd need something that would act as a node in the network and provide access to its inner workings.
Analysing the protocol of interest: You need a piece of software that will not only implement the protocol, but that will provide far more extensive logging and error-recovery capabilities than any production implementations. That way it will be able to point out and handle misbehaving nodes.
If you intend to write a protocol analyser of your own, you need to aqcuire the protocol specification and code such an implementation. You should be warned that even the simplest protocols are in fact quite difficult to implement correctly.
Without more information on your development and target platforms, the source and format of the data and the resources that you have available, there is no way for us to provide more information.
PS: It would also help if your question contained an actual question that we could answer.
I know this is a big one. In fact, it may be used for some SO community wiki.
Anyways, I am running a website that DOES NOT use explicit authentication of users. It's public as in open to everybody. However, due to the nature of the service, some users need to be locked out due to misbehavior.
I am currently blocking IP addresses, but I am aware of the supposed fact that many people purposefully reset their DHCP client cache to have their ISP assign them new addresses. Is that a fact? I think it certainly is a lucrative possibility for some people who want to circumvent being denied access.
So IPs turn out to be a suboptimal way of dealing with this. But there is nothing else, is it?
MAC addresses don't survive on WAN (change from hop to hop?), and even if they did - these can also be spoofed, although I think less easily than IP renewal.
Cookies and even Flash cookies are out of the question, because there are tons of "tutorials" how to wipe these, and those intent on wreaking havoc on Internet are well aware and well equipped against such rudimentary measures I would employ.
Is there anything else to lean on? I was thinking heuristical profiling - collecting available data from client-side and forming some key with it, but have not gone as far as to implementing it - is it an option?
Due to the nature of the internet, this isn't practically possible. Yes, you can block specfic IPs, but as you've said, it's easy enough for the average "misbehaver" to simply change their IP. Even MAC addresses can be spoofed. This is why sites with these problems use authentication. It's the only real solution.
You are not going to be able to completely block a user who is determined to access your site. You can, however, make it difficult enough for them that it isn't worth their time.
As others have said, this is an impossible problem. Anyone determined enough can always find another way in. The canonical example of this problem is with Wikipedia, and you can read about the various blocking steps they take here: http://en.wikipedia.org/wiki/Blocking_policy
The simple answer is that this is impossible. As others (including yourself) have already said, anyone determined will find another way.
You can block IPs or use cookies, to deter the casual troublemaker. Someone who just wants to post rude words in blog comments will probably go elsewhere, but it won't scare off someone who wants to cause trouble on your site specifically,
If this misbehaviour is a serious problem for you, then I think your only recourse is to require authentication for any kind of access that could be subject to such abuse.
You can minimise the annoyance to your users by using OAuth, and accepting many different providers, much as SO does, rather than forcing all your users to sign up and memorise yet another set of login credentials.
The concurrency model can be either apartment-threaded or multi-threaded
Question:
How to ensure that both the Client and Server are operating from within the same concurrency model?
Sometimes you need to know. Two quick examples:
Performance hit of proxy/stub pairs is a problem
You need to pass around "unmarshallable" data or objects
So, the answer -- if you do need to know:
The server and the client must be designed and implemented to support the same or compatible models. Either one of these scenarios will do:
Both should be MTA, or
Both should be STA, or
The server should be "Both" (supports either)
The Server should be "free-threaded" (but that doesn't buy you anything extra compared to Both, in this scenario)
If you need to know, there's something wrong with your design: the client and server need too much information about one another's internals. Part of the point of client-server is to decouple the two.
That said, then, there is a registry value ThreadingModel.There's an MSDN article on these things as well.