My router can apply MAC-address based restrictions, e.g. to limit access hours for a specific device on the network. (Not to be confused with IP address restrictions to block facebook, youtube etc..) This seems to be a common feature in routers found in DSL modems.
If a rogue user on my LAN uses a VPN app to access the internet, is it correct that the desired access restrictions still apply? In other words, VPN cannot be used to circumvent these kind of restrictions? Although the answer seems almost self-evident from the question itself, I am not sure what is all possible with port-forwarding, MAC-address spoofing etc...
UPDATE: To prevent third parties from using the MAC address to track devices, Android, Linux, iOS, and Windows[5] have implemented MAC address randomization. In June 2014, Apple announced that future versions of their iOS platform would randomize MAC addresses for all WiFi connections. The Linux kernel has supported MAC address randomization during network scans since March 2015,[6] but drivers need to be updated to use this feature.[7] Windows has supported it since the release of Windows 10[5] in July 2015 https://en.wikipedia.org/wiki/MAC_spoofing#MAC_Address_Randomization_in_WiFi
So, based on the answers below, so far, the VPN would usually not be able to spoof the MAC address, but LAN access control based on MAC address is made difficult or impossible by the intentional address randomization within the device.
A VPN is nothing else than another TCP IP connection. So the best approach would always be to block the dst address of the VPN. However, since this is normally not easy (there are tons of vpn dst ips). The connection, should be dropped if the source host MAC address is not allowed. In other words, you should treat the VPN as a Webpage. Just as you would block yahoo, you should block the vpn provider. Once the vpn is established, the mac would be allowed to do whatever it wish .
As far as I am aware, there are no VPNs that do this. Theoretically spoofing a MAC address could work, but it isn't what a VPN is designed to do. Even then there aren't really any simple options for spoofing MAC addresses on Windows.
So the desired access restrictions will still apply.
As per OSI-Layer Model, the VPN Connection is just an Application with (hopefully) encrypted communication (OpenVPN, SSL/TLS-VPN, IPSec) on Layer 4 (e.g. TCP/UDP) the packages themself are handled by the PHY (e.g. Network card, WiFi Modul, etc.). Therefore your MAC filter will detect these packages as packages from this MAC even if it can't read the content. The only bypasses for the MAC filter are MAC spoofing or using another PC on the network as a proxy or NAT device than your Router with the MAC filter will see this PC as the sending device.
Related
I am looking for a way to get both the MAC Adress and the SSID of the currently connected WiFi Network in my project. I have used Tony Million's Reachability to decide when the user is on a WiFi network or not and was testing Kenial's NICInfo only to find out that it only provides the iPhone's WiFi MAC Address. Although both projects helped greatly in there own way, they do not get the job done.
I am wondering if there is a public API (for certain Apple App Approval) or some back door to achieve this.
This involves a few different things:
Getting SSID - This is independent of the MAC address issue. For this, check this SO answer: iPhone get SSID without private library. I don't know what the etiquette is regarding re-posting code from other answers so I'll just link.
Getting MAC address - since the majority of networking operates at Layer 3 (which is called, who would have guessed, the Network Layer - http://en.wikipedia.org/wiki/OSI_model) and the MAC address is at Layer 2 (the Data Link layer) you'll first need to get the IP address of the gateway of the WiFi interface. Just a side note - the question should be phrased as 'How do I get the SSID of the currently connected WiFi network and the MAC address of the WiFi router/gateway'. Anywho, to get the gateway address, see this SO answer: How to get the WIFI gateway address on the iPhone?
Once you have that, you need to convert it to a MAC address using ARP (Address Resolution Protocol, which is the protocol that all networks use to convert IP addresses to MAC addresses). Network interfaces don't communicate via IP, they communicate via MAC, so this actually happens everywhere, all the time. It's actually pretty easy to access the ARP table on a PC/Mac. For iOS, I found this SO answer to convert an IP address to a MAC address: Getting ARP table on iPhone/iPad
This question is not language-aware.
I wanna know how can I recognize a returning user on my website (Java, PHP, Coldfusion...) if he's using a dynamic IP.
Why? A lot of users of my web application use iPhone (with 3G networking) for accessing. IP changes each time, so I always see them as "new" users.
I know it's unlikely to track MAC address in web pages but.... what solutions are there for such a common problem?
Maybe a suitable iPhone app? ;-)
It's not quite possible to find original requesting machine's MAC address. You should use Cookies to track users.
You can find more info about MAC Addresses here.
A Media Access Control address (MAC address) is a unique identifier
assigned to network interfaces for communications on the physical
network segment. MAC addresses are used for numerous network
technologies and most IEEE 802 network technologies, including
Ethernet. Logically, MAC addresses are used in the Media Access
Control protocol sub-layer of the OSI reference model.
Why not do what everybody else does and use cookies?
As other said, you could easier get what you want with cookies...
and, reading your question and purpose, i'm not really sure that if a user uses it's iPhone via wifi and browse to your website and than it come back again via 3G the MAC address doesn't change... i thought that MAC address is unique not for a device, but for a single hardware component in it: this mean that an iPhone could have a MAC for wifi hardware and a MAC for 3g hardware... if it works as on my powerMac... i can see my computer has a mac address for my ethernet and one other for my wifi...
but i'm not an hardware expert, so (all readers), please consider this answer as a question too, and if there is any net expert on line...
I want to connect multiple devices through socket without any server implementation.I will use that only for getting the IP addresses of the devices that will register.
There are two major problems to peer-to-peer communications: discovery, and reachability.
First, you need to know the IP address of the other peers to connect to them. Once you're connected to a mesh of peers, they can all keep each other updated on the state of the network, suggesting better peers to each other, passing around notifications of new peers who've joined and left, etc. But you have to design and implement a mechanism for trading that information. More importantly, you need to jumpstart things in some way, because when a new peer starts up, it's in a mesh of just itself, and it has no information to give itself.
One possibility is to have a handful of well-known "superpeers" (that you run) that are always connected, and bake their addresses into the app. Or you can have "introduction servers" instead of peers, serving much the same function. Or you can have some external way of trading addresses (the simplest is that users trade them on a web forum or an IRC channel or in person and type them in manually), which can be automated to various degrees. There are also shortcuts that can help—Bonjour can get other peers onto the mesh as long as one peer on the LAN is already there; GameCenter/GameKit can be used as an automated external trading network; etc.
Once you've solved the discovery problem, you still have the reachability problem. Most iOS devices usually don't have publicly-accessible IP addresses; instead, they're behind routers that do Network Address Translation, whether they be a home WiFi router or a cell carrier's 3G network. This means you need some way to do NAT Hole Punching to get two iPhones talking to each other. Somebody who knows both the public address and the internal address of each device can arrange for them to set up a connection to each other. You can have either normal peers do this (although that makes the jumpstart problem even bigger) or have your superpeers/introduction servers/etc. do it.
If you want to build all of this yourself, you probably want to look at other implementations. BitTorrent (including trackers and DHT) is well-understood and documented at a continuum of levels ranging from "lies-to-children" for curious end users to detailed protocol specs and open source implementations. And then look at some other P2P networks, because BitTorrent is not perfect, and doesn't try to do everything that everyone's come up with.
You can use GameKit. It has the matchmaking api that can help you.
It can be used for non game apps.
I've been working on something similar and it's a giant pain in the ass. There are 3 considerations: 1) Reachability 2) Discovery 3) The connection itself.
1) Don't even consider using 3g/4g, it just won't work well for keeping an open socket connection.
2) I'd use some sort of broker service between the two on the internet to connect the two. For discovery, you can just list what devices are available on the service.
3) For the connection, I find the IOS socket libraries to be rather painful to use, but if you go down to the BSD socket level it's not as bad. I think it'd be very interesting to use zmq sockets; that might simplify writing the broker service.
You can't. If the device is all online with wifi, it maybe possible and rely on the router setting just like pc connect. If some device is connected with 3g or gprs protocal , they may have no ip address at all.
I'm completely new to the iPhone, so this is a newbie question.
The web development environment I use at work is set up on Windows 7, running Tomcat as a web server. Web Apps are tested by pointing a browser to "localhost".
I've been asked to port a web front end to the iPhone. Since I need to use this same development environment I need to connect the iPhone to the PC via USB or Ethernet.
There is this answer:
"http://stackoverflow.com/questions/3132105/how-do-you-access-a-website-running-on-localhost-from-iphone-browser"
but I was hoping to do it without wireless.
Other questions I've researched are about iPhone development, the SDK, etc. I'm not developing iPhone code, only trying to get the iPhone Safari browser to access the IP address of the local PC, 192.168.xx.xx or whatever.
Seems like it should be simple, a matter of cabling?
it would be an issue of cabling... if the iPhone had an eternet jack :)
But the wifi connection is the only "network jack" the phone has that you can connect to your own network directly with, the 3G or CDMA port gets routed via your mobile phone company, nothing you can do about that. Hence the need for WiFi to access non-routable addresses, like ...
Another option would be to make your server internet-routable, like middapark said. Then you can access it via your mobile phone provider's network and the public internet and can do away with the need to use Wifi.
A third option is to create a VPN tunnel from your iPhone to your local network, again via your mobile phone provider's network and the public internet. But I have no expereince with doing that, so I can not give further advice there.
The problem is most likely because you're trying to get your iPhone to view an internal (i.e.: not internet viewable) network. (Address such as 192.168.0.0, 172.16.0.0 and 10.0.0.0 and are non-routable as far as the internet as a whole is concerned.)
As such, unless you can access your internal network via wifi (or you're prepared to expose the machine in question to the internet, in which case you'll need to use a different IP address) this isn't possible.
Is it possible to connect a socket between two mobile devices (iPhones) over the internet?
I am trying to discover the IP of each device and connect directly. I know it can be done with Bonjour but that only works on local networks. I need a high speed connection between two devices over the internet.
Thanks.
If you had both the IP's and they were both routable, it should be possible. I'm not sure though if the IP's given out by the 3G network are routable. If you are using WIFI, the IP you get is almost certainly not routable. Assuming you have a routable IP though, it should be possible.
The trick is just discovering the IP of the other device. The best way to do that would probably be to have each device register its IP with a web service when your app starts up, then query that service to find the IPs of other devices.
It might get a bit tricky managing "unregistering" IPs when the app is closed or when an IP changes though, but it should be doable.
ETA:
If you have a server that they can both connect to, you should be able to implement a solution using that server (i.e. without the phones actually directly connecting to each other). This would avoid the issue of having routable IPs for the phones.
As for how to bridge the sockets together - your server program would basicly work like an old-school phone switchboard operator. You'd have some kind of registration & discovery protocol built into the server software that would allow a phone to register itself with the server, query a list of the other phones currently connected to the server, indicate which phone it wants to talk to, and accept connections from other phones.
Once it knows who wants to talk to whom, your server software would connect the two together by reading from one phone's socket and writing that data to the other phone's socket.
Only a suggestion, but if you can get each of them to connect to a third site, you'll then know the address of each. Send the address of phone A to phone B (and/or phone B to phone A) and then have them connect as you see fit.
Have you looked through all the 3.0 features? Specifically peer networking (the existence of which is public).
WiFi routers often have a feature called "Port Triggering" which allows internal hosts (in this case an iPhone) to inform the router that they would like to have a connections on particular port forwarded to them. I have no idea if the iPhone supports this protocol.
For IP lookup you may consider using DynamicDNS if the two hosts are known ahead of time OR as stated above a custom web service if they are not (i.e. friends exchanging hostnames vs. strangers discovering each other)
This is an old thread, but I just came across it. You could use a STUN server (or NAT-PMP) to get the public IP address/port combo and then SMS it over to the other phone. So long as you open a listening port on the first device, then your second device can just connect directly using the publi IP address/port you sent to it in the SMS (SMS push registry can automatically wake up your app on the second device to do this)
I have run into this issue with an app I was developing. I was trying to connect to a PC cell card from an iPhone. The problem is that AT&T doesn't enable mobile termination for iPhones so it is physically impossible for two phones on an AT&T network to connect to one another. This is straight from an AT&T antenna engineer.
I was able to get this to work by having the iPhone VPN into a server and then connect to the PC cell card but other than that, it wouldn't work.
I have a very strong feeling (but no evidence) that the iPhone address is going to be non-routable. Of course it actually depends on the operator but AT&T give out 10.x.x.x addresses.
Apple have sample (desktop) code that uses Bonjour to implement portmapping on a WiFi router that supports UnPnP.