I understand how to drop certain packets containing x protocols but I'm wondering how I would go about blocking an IP range, or more specifically, a subnet?
My instinct is to use the netmask to to determine the subnet and then zero out anything beyond that, then compare it to the range I want blocked, then drop it if it matches. But there is no netmask in the header of a packet, so this method won't work.
Has anyone done something similar? And if so, how did you accomplish this?
Related
I'm sorry if my question is too easy or obvious. I'm Comp. Science Student (it's my 6.th term).
I'm trying to combine the knowledges that I'm learning from 'Computer Networks and Security', 'Computer Organization' and 'Operating Systems' lectures in this term.
So, I cannot figure out that;
Does a computer or a phone has physical components for each 65535 ports/sockets?
Or
The machine has just one physical component. So that means port numbers are logical representations that can be shown as text-fields (like header entities or json attributes) of a request or something, to say to computer how to handle the request?
I used ports for connections of back-end and android and front-end. I know that a socket is a physical component, I worked 4 months as phone-repairer, I know these. But this makes me confused.
Thanks in advance..
Think of it this way: "the network interface is the phone system, IP-addresses are phone numbers, and socket/port numbers are like telephone extensions. (The network interface is the only physical device.)
Network traffic is carried by so-called "packets" which have various fields which tell the network how they should be routed. The IP-address will get the packet to the proper destination, then the port/socket-number will specify exactly what software process at that destination should actually handle this packet.
I am trying to detect intrusions on a CAN bus configuration. To do this I want to try protocol conversion from CAN to IP (UDP) in order to use snort. I really don't know where to begin as I have not seen anything on protocol translation for a CAN bus at all. Is it even possible? Has anyone tried it?
I basically used a raspberry pi and several Arduinos to take temperature readings (from thermostats) and control hot/cold fans in order to regulate temperature. I know this is not a lot to go on, but as I said, I am just in the beginning phase of planning this protocol translation.
You can use cannelloni on your RPi. There are also stand-alone CAN-to-TCP/UDP converters like for example this one.
For example, without mmu, leds are fixed at 0x110002E0, I can write values to this physical address to configure it.
Here is question:
Where are these values written to, leds' register or dram?
If they are written to leds'registers, what physical address I should write to, so that the values can be written to the same address in dram?
I'm trying to run the example in this website
tutorialspoint
But it's very slow. I thought it had something to do with buffering the response but changing print for syswrite did nothing so I added some debugging messages and found out that the function gethostbyaddr takes around 10 seconds to resolve.
I know there are other modules for socket programming but I was wondering if this problem is common.
I am running everything on localhost and I am using a mac
Of course it can be slow. It contacts other machines to lookup a DNS entry. (Specifically, looking up the host name for address w.x.y.z results in a DNS lookup for the PTR record associated with z.y.x.w.in-addr.arpa.) If the authoritative DNS server is unresponsive, your machine is basically waiting for a response that will never come until your machine has decided it has waited long enough.
If you find gethostbyaddr too slow, don't use it. Just work with the IP address. It's not like gethostbyaddr is all that useful. 216.58.219.46 has names lax17s04-in-f14.1e100.net and lax17s04-in-f46.1e100.net, but you know it better as google.com. And then there's 209.85.250.97 for which gethostbyaddr returns no names, no matter how many domain names resolve to 209.85.250.97.
Consider the following Ladder Program that checks if a connection is enabled (A202.00) then send a message from the PLC to the PC.
The documentation (Omron CX-Programmer) has a severe lack of explanation of the program convention. What I do not understand is:
To send a message from a node to a node. I should need to specify the receiver ID. It seems the function block does not have an option where I can insert an IP address. Am I supposed to MOV an IP address to a DM address (D300) then use it? If that's the case how (IP address has dots in between 4 bytes..)?
Can someone please explain what is S (First source word), D (First destination word) and C (First control word). Aren't they just memory address? E.g. sending content of a memory adress to another memory address?
[EDIT]
What am I trying to do?
I am trying to interface a measuring gauge (controlled through Ethernet by PC/C# application) to a robotic system (no RS232 or serial, no TCP/IP, only has the simplest I/O points) with an Omron PLC. When gauge completes a measurement, the C# app sends a command to the Omron PLC which, according to the command received, switch ON or OFF an output which triggers a voltage flow to the robot's I/O port.
Should I use FINS? What functions/protocol from the PLC I need to know to do this? I do not know so I am testing every function from the documentation. So far, zero progress.
1) All addressing information is encapsulated in the five control words (C -> C+4). C- "First Control Word" is the pointer to the first word in this table of five words you must have stored somewhere in your PLC to set up the communication.
2) First source word points to the first word in your PLC you wish to send. First destination word points to the first address in the PLC/device you wish to send to. In the example , the first control word specifies that 10 words should be sent. You point to the first one and it will send that one plus the next nine addresses as well.
To do this you have to use FINS communication - the PC stores a memory structure similar to the PLCs (CIO, DM, etc) called Event Memory and these are the addresses in the PC you are pointing to. The PC gets a FINS node number and address just like a PLC would - no IP addresses are involved. (see : FINS Manual) FINS is old, however, and has been superceded by things like Sysmac Gateway.
There are much better ways of communicating between PLC/PC, however, depending on what you are trying to do. Are you trying to write an HMI? If so, what language are you using?
Edit :
If you're using C#, I highly recommend you look into Sysmac Gateway and CX-Compolet. This is probably the most flexible, simple, and extensible way to get .NET working with Omron PLCs. If it is at all possible, however, a better way might even be to have the measurement unit communicate directly with the PLC via hardware I/O (relays, DIO, etc).
CX-Compolet, Sysmac Gateway link:
http://www.ia.omron.com/product/family/63/index_l_u.html