I'm somewhat of a noob, so please be kind. I'm building a local IPv4 database but am having difficulty understanding something.
Here are two IP block examples:
50.131.150.0/25
50.131.150.128/25
I understand that these represent ranges, but how so? I don't know what 0/25 and 128/25 represent. If I have the IP 50.131.150.42, which block does it belong to?
Related
This question already has answers here:
How do you validate that a string is a valid IPv4 address in C++?
(17 answers)
Closed 6 years ago.
I'm currently trying to check the user input to be a valid URL (http(s)://www.abc.at or localhost) or a valid IP-Address (127.0.0.1, ...) using only the standard C++ methods like REGEX. I could use the libraries ASIO (standalone), regex and arpa/inet.h. Is there a way to do that in very simple ways?
Thanks for your help!
Usually you should be wary about doing such validations yourself because they tend to be a lot more complicated than it appears on first glance. For example to validate an IPv4 you cannot just check for “4 numbers separated by dots”. You’ll also have to check things like the range of each number (0-255), special cases like 0.0.0.0, etc. Then what about IPv6? URLs/hostnames aren’t any less complex.
To answer your concrete question: No, there is no simple way to validate an IP/hostname.
Either use a dedicated library for checking or simply try to do whatever it is you want to do with the address and handle errors appropriately. You might consider doing a rough sanity check for obvious errors in the beginning, mainly to provide better error messages to the user. But even that requires a bit of thought. For example, it’s easy to forget about IPv6 and reject perfectly valid addresses.
Just use this:
^https?:\/\/(.+\..{2,10}|localhost|(?:\d{1,3}\.){3}\d{1,3})\/?.*?$
This will match any address which starts with https:// or http://, followed by one of the following three cases:
any characters, followed by a dot . and a TLD with length of 2 up to 10.
localhost
an IP address with 4 segments of numbers with up to 3 characters (does not check the validity of the IP address, does accept 999.999.999.999.
Here is a live example.
So I've been looking into sockets and stuff, mostly c++. I've learned (not yet executed cuz I'm lazy) non-blocking IO, and once I actually start working on my project I may just have a really nice overall structure for the server to hold a lot of clients.
With the server it was always a given I'd have to port forward. And clients don't need to. But that got me thinking.
Torrent clients in general don't seem to need router port forwarding, and they're peer to peer. So how does that work??
Multiple times around the client you see "Port Forwarding". But what kind of port forwarding is that?
Am I missing something really freaking obvious here or just asking the wrong question? I can't seem to be able to find any answers to this.
So how does port forwarding for peer to peer work? If that's the right thing to even ask.
Thank you for your time!
Ok, so pay mentioned hole-punching which seems to be one of the techniques of NAT traversal, which basically "bypasses" or "goes through" NAT(and therefore port-forwarding).
I've now read a bit on this. Basically NAT makes it so traffic is routed to the specific system in question inside the network to which the port is open. As techniques such as hole-punching don't go though this system, there is no real way of knowing for and from which system inside the internal network it came from. One could just do something like using a key and encrypting traffic so that the only a certain computer inside the network with that key could decrypt it (would sorta be like a CA). Or if it's not sensitive info you could aswell just use random ports to connect to in each different system. A fairly big problem with this is that NATs may be different across routers so you might have to use different techniques and compatibility isn't assured.
Ok, so Hasturkun mentioned UPNP. I've also read a lil and basically it's a protocol that allows for your apps/programs to communicate with the router and set specific NAT rules for themselves, so it's like it basically does the port forwarding for you. It also means that unlike traversal techniques it drives the traffic directly to the desired system. One disadvantage is that it might not be active by default on your router, so then you can't use it at all. It's fairly "global" from what I've read, also unlike traversal.
All around IMO you should use both as an insurance policy, seems to me it'd be a hell of a lot of work, but anyways and as always, laziness leads nowhere.
I hope this could help someone as it helped me, have a nice day :D
Would it be possible to manually set or at least influence the path that a packet takes through the internet using socket programming for an application?
For e.g. suppose I don't want the program to send packets that go through routers based in country A, but to go around it instead.
Would that be possible? I am using C++ so advice in that context would be great but any language would be helpful as well.
No.
The whole point of packet-switched networks is that routing is determined collectively by the router located at each hop along the way. That is why they are called routers. It's fundamental to how a network as large as the internet can actually work in any useful way at all.
The originating machine does not and cannot hope to have enough information to decide on an inter-country network route and, even if it did, the rest of the internet would never abide by its decision.
Whatever bizarre and/or nefarious use you have in mind for this, you'll have to think of alternatives.
When validating e-mail addresses in .NET applications, it has been advised to just use the MailAddress(String) constructor, which is supposed to throw an exception if the argument is not in the proper format for an e-mail address. There are some myths about what does and doesn't qualify as a proper e-mail address, and even Google has been called out for providing a regex that, among other things, improperly disqualifies addresses with tick marks in them.
Now that being said, I've noticed an instance where a string of the format somestring#somestring. did not get invalidated by the constructor, despite nothing being to the right of the dot. I did think everything that didn't use an IP address required a dot and something to the right of it, but supposedly, admin#mailserver1 is in perfectly valid format. It's still not quite in the same format though, so I ran a couple of tests here:
o'reilly#somestring.com - valid
somestring#somestring. - invalid
And this source makes it sound like somedomain and somedomain. are both legitimate domain names, and that they are actually equivalent to one another, although it also says that some programs are better than others about handling things like that.
What am I supposed to believe exactly? There are a lot of .NET developers who use that constructor, instead of a regex, because of its supposed accuracy over most regexes that you would find on the Internet, in addition to it not taking a great deal of time and effort to get right. I have seen it work in pretty much all other cases I've personally tried.
Is somestring#somestring. of the valid format?
Valid email addresses are way more complicated than you'd think. Read RFC 2822 to get an idea of how complicated it is. As well as RFC 2821 and RFC 822
EDIT: RFC 5322 obsoletes 2822
These are all valid email addresses!
"Abc\#def"#example.com
"Fred Bloggs"#example.com
"Joe\\Blow"#example.com
"Abc#def"#example.com
customer/department=shipping#example.com
\$A12345#example.com
!def!xyz%abc#example.com
_somename#example.com
I also commonly use email+whatever#gmail.com to subaddress my email. It helps filter my email (and find out where spam came from). See RFC 5233
More on Phil Haack's blog
I know this is a big one. In fact, it may be used for some SO community wiki.
Anyways, I am running a website that DOES NOT use explicit authentication of users. It's public as in open to everybody. However, due to the nature of the service, some users need to be locked out due to misbehavior.
I am currently blocking IP addresses, but I am aware of the supposed fact that many people purposefully reset their DHCP client cache to have their ISP assign them new addresses. Is that a fact? I think it certainly is a lucrative possibility for some people who want to circumvent being denied access.
So IPs turn out to be a suboptimal way of dealing with this. But there is nothing else, is it?
MAC addresses don't survive on WAN (change from hop to hop?), and even if they did - these can also be spoofed, although I think less easily than IP renewal.
Cookies and even Flash cookies are out of the question, because there are tons of "tutorials" how to wipe these, and those intent on wreaking havoc on Internet are well aware and well equipped against such rudimentary measures I would employ.
Is there anything else to lean on? I was thinking heuristical profiling - collecting available data from client-side and forming some key with it, but have not gone as far as to implementing it - is it an option?
Due to the nature of the internet, this isn't practically possible. Yes, you can block specfic IPs, but as you've said, it's easy enough for the average "misbehaver" to simply change their IP. Even MAC addresses can be spoofed. This is why sites with these problems use authentication. It's the only real solution.
You are not going to be able to completely block a user who is determined to access your site. You can, however, make it difficult enough for them that it isn't worth their time.
As others have said, this is an impossible problem. Anyone determined enough can always find another way in. The canonical example of this problem is with Wikipedia, and you can read about the various blocking steps they take here: http://en.wikipedia.org/wiki/Blocking_policy
The simple answer is that this is impossible. As others (including yourself) have already said, anyone determined will find another way.
You can block IPs or use cookies, to deter the casual troublemaker. Someone who just wants to post rude words in blog comments will probably go elsewhere, but it won't scare off someone who wants to cause trouble on your site specifically,
If this misbehaviour is a serious problem for you, then I think your only recourse is to require authentication for any kind of access that could be subject to such abuse.
You can minimise the annoyance to your users by using OAuth, and accepting many different providers, much as SO does, rather than forcing all your users to sign up and memorise yet another set of login credentials.