I haven't been able to find any documentation on how to predict the IP address that Azure sees you as.
Here's the IP that I'm referring to, in red:
I'm trying to implement CURRENT CLIENT IP ADDRESS xxx.xxx.xxx.xxx ADD TO ALLOWED IP ADDRESSES programmatically.
Here is what worked for me: There is a "AutoDetectClientIP" Management API call that updates an existing Firewall Exception to the caller's IP address.
But you need access to a Management Certificate that is valid for the given subscription, the subscription ID, the name of the SQL Azure Server and the name of the Firewall Exception.
public static bool SetFirewallRuleAutoDetect(string certFilename, string certPassword, string subscriptionId, string serverName, string ruleName)
{
try
{
string url = string.Format("https://management.database.windows.net:8443/{0}/servers/{1}/firewallrules/{2}?op=AutoDetectClientIP",
subscriptionId,
serverName,
ruleName);
HttpWebRequest webRequest = HttpWebRequest.Create(url) as HttpWebRequest;
webRequest.ClientCertificates.Add(new X509Certificate2(certFilename, certPassword));
webRequest.Method = "POST";
webRequest.Headers["x-ms-version"] = "1.0";
webRequest.ContentLength = 0;
// call the management api
// there is no information contained in the response, it only needs to work
using (WebResponse response = webRequest.GetResponse())
using (Stream stream = webResponse.GetResponseStream())
using (StreamReader sr = new StreamReader(stream))
{
Console.WriteLine(sr.ReadToEnd());
}
// the firewall was successfully updated
return true;
}
catch
{
// there was an error and the firewall possibly not updated
return false;
}
}
Your IP address is determined by the NATting of the network that you are on, unless you are coming from a machine that has a fixed public IP address. Unless you have client machines connecting from the same network, and you understand the network in detail, it is unlikely that you can reliably predict the client IP addresses. The only solution is to add a range from say 86.0.0.0 to 86.255.255.255 and hope that it covers the network that you are connecting from - but a whole lot of 'undesirables' will land up in that range too.
The client IP address functionality should not be used for anything other than direct admin access, which can be manually set from time to time as needed. It can also be locked down using local firewall rules too, by restricting access over port 1433 to specific local network machines. Any more general access should be restricted to a service of sorts - such as OData style, mobile services, or using some sort of port bridge, which can be facilitated by VPNs, VMs and other IaaS services.
I suggest you think strongly about your use case first - direct SQL access is not a viable pattern for cloud computing. Many alternatives exist that are faster, more secure, and more manageable. Besides, at the very least you are entering a world of pain trying to get the guys in security to poke holes in their firewalls for SQL ports.
Related
I need to pass String values to the devices connected through Wifi-Direct..how can i pass string between two connected device..I am using Wifi-Direct file transfer example available as reference.
In doInBackground method of FileServerAsyncTask I am using the code
ServerSocket serverSocket = new ServerSocket(8988);
Socket client = serverSocket.accept();
PrintWriter out = new PrintWriter(client.getOutputStream(),true);
BufferedReader in = new BufferedReader(new InputStreamReader(client.getInputStream()));
How do i modify onHandleIntent method? Any reference to this kind of implementation will be helpful. Thanks
There are some things that you should consider while sending data via wifi direct
Once connected, one device will be group owner and the other will be client
The group owner will have fixed IP address i.e. 192.168.49.1
You will know which became group owner only at runtime.
Once connected, you have to send some data from client to server that contains information about its IP address. This is done because server will have no idea of client's IP address.
That way, you can only send data. Because, by this time you will know which device has what IP address.
Cheers.
I want to connect clients to a server using ZeroMQ (java bindings, jzmq), but I need the TCP information badly, for example the TCP/IP address of a client request! The problem is, for being able to announce a service in the network I need to grab the TCP address of a request to be able to redirect clients to that service. The broker is a central "service registry" in that case. However, having ZeroMQ services on both sides, I do not see an option to retrieve that information.
What I do now, is to establish a dummy connection using a standard socket to the broker, after the connection is established I grab the IP address used for this connection and close the connection again. The IP address which has been retrieved is now being used for binding on it using a ZeroMQ socket on a random port.
I think this solution is the ugliest solution ever possible, so: What is a better solution to this problem?
Greetings.
0MQ doesn't provide the address of peers, for a number of reasons. It's also not that useful since what you really want is the endpoint to receive connections on, not the address the connection was made on.
What I usually do, and it's elegant enough, is pass bind a service to an ephemeral port, get a full connection endpoint ("tcp://ipaddress:port") and send that string in some way, either broadcast to peers, to a central registry, etc. along with my service name. Then, peers who want to connect back can take the service name, look up to find my endpoint, and connect back to me.
In ZMQ 4.x, you may get the string property "Peer-Address" or the "Identity" property. http://api.zeromq.org/4-2:zmq-msg-gets
The Identity is set in the other peer before connect(). http://api.zeromq.org/4-2:zmq-setsockopt#toc20
For example,
const char *identityString = "identity";
zmq::context_t context(1);
zmq::socket_t socket(context, ZMQ_REQ);
socket.setsockopt(ZMQ_IDENTITY, identityString, strlen(identityString));
socket.connect("tcp://127.0.0.1:5555");
Then the other side:
while(1)
{
zmq::message_t request;
if (socket.recv(&request, ZMQ_NOBLOCK))
{
const char* identity = request.gets("Identity");
const char* peerAddress = request.gets("Peer-Address");
printf("Received from %s %s\n", peerAddress, identity);
break;
}
}
I'm using CppZmq btw, you should be able to find the relevant calls easily.
Digging deeper into the libzmq code, I discovered that the library attaches to every message instance the file descriptor that it was received on.
This worked for me
int sockfd = zmq_msg_get(&msg, ZMQ_SRCFD);
sockaddr_in addr;
socklen_t asize = sizeof(addr);
getpeername(sockfd, (sockaddr*)&addr, &asize);
std::cout << inet_ntoa(addr.sin_addr) << ":" << addr.sin_port << std::endl;
Note that the FDs can and will be reused by other connections.
I'm working with version 4.2.1 of the api using the CZMQ binding and I found a solution for my case (ZMQ_STREAM). It works by setting an id before connecting.
The relevant socket option is "ZMQ_CONNECT_RID".
ZMQ api via zmq_setsockopt()
CZMQ api via zsock_set_connect_rid()
Some codes with redacted redacted ips.
const char endpoint1[] = "tcp://1.2.3.4:12345"
const char endpoint2[] = "tcp://5.6.7.8:12345"
zsock_t *stream = zsock_new(ZMQ_STREAM);
zsock_set_connect_rid(stream, endpoint1);
zsock_connect(stream, endpoint1);
zsock_set_connect_rid(stream, endpoint2);
zsock_connect(stream, endpoint2);
Then I get those 2 messages if there is a connection. First frame is the id and second frame is empty on connect/disconnect for ZMQ_STREAM sockets.
[Message1]
[019] tcp://1.2.3.4:12345
[000]
[Message2]
[019] tcp://5.6.7.8:12345
[000]
Another option is to use the zmq_socket_monitor() or czmq zmonitor. It was one of my first solution but I was looking for something lighter. I was able the get the endpoint that way without setting the id directly on the socket.
The zmonitor zactor make it possible to subscribe to socket events and then it sends a message with 3 frames:
[009] CONNECTED
[002] 14
[021] tcp://127.0.0.1:33445
Ok, the problem should be trivial but I can't get to the bottom of it.
I have two users A & B
Their JID's for this example will be A#123 and B#123 where 123 is the IP of the server.
I'm sending a message from A->B using the following code:
chat = chatmanager.createChat(username,
new MessageListener() {
public void processMessage(Chat chat, Message message) {}});
String sendUsername = username + "#123";
Message msgObj = new Message(sendUsername, Message.Type.chat);
msgObj.setBody(message);
chat.sendMessage(msgObj);
I've hardcoded the IP so that I'm 100% sure that I attach the "#123" at the end of the nickname so there are no incorrect JIDs.
So A#123 sends msgObj to B#123. This is how I understood XMPP messaging to work. That you can't send from A->B but it must be A#123 -> B#123.
However, my server seems to think otherwise. It continuously informs me of the following error:
2010.12.27 19:02:52 [org.jivesoftware.openfire.session.LocalOutgoingServerSession
.createOutgoingSession(LocalOutgoingServerSession.java:258)] Error trying to
connect to remote server: A(DNS lookup: A:5269)
java.net.UnknownHostException: A
In both A and B's roster on the Openfire server, they have each other as a contact with the proper JIDs (username#123).
Can anyone provide some insight? I'm lost.
Edit
I'm trying to use Wireshark to catch the XML sent to and from the Openfire server to determine if the recipient of the message is named properly (A#123 instead of A).
Upon using Wireshark, I received this as the XML being transferred:
\302\3469\223\341\3429\000\000\000\000\377\377
I have disabled SSL, I have connected un-securely. I'm not sure why I'm getting SSL type XML, is that what it is?
Turns out the answer to this problem was something that was just overlooked.
In the first line of code:
chat = chatmanager.createChat(username, new MessageListener() {
public void processMessage(Chat chat, Message message) {}
});
I didn't make the variable "username" have the proper IP extension. So it was merely "A" instead of "A#123"
Moving "sendUsername" to the top and Changing "username" to "sendUsername" makes everything work great :)
Silly mistake.
Using IP addresses is almost always more confusing than you think it is.
There's a good chance you have OpenFire misconfigured, so that the IP address isn't a valid hostname. Go into the admin console, under "System Properties", and make sure that the xmpp.domain property is set to your IP address.
Edit: Answered on serverfault. Thanks!
A product I'm testing appears to freak out when it receives an ARP request with a Sender IP Address of 0.0.0.0. This is not an ARP probe, as the request is addressed to my module, and the customer's system sends the request just before it starts using its own valid IP address, which is different than my module's IP address. The problem is recreating that here in the lab rather than having to travel to the customer's site.
Is there software I can use to generate an ARP request from a fake address? This is similar to, but not quite the same as, ARP spoofing, since I'm trying to fake the request and not the reply. Do any of the spoofing tools have this functionality? Or is there a way to force Windows or Linux to send an ARP probe?
You can use Python2 to do that job. That's really quite simple task. You will need root privileges to open RAW sockets and some little knowledge with Python.
import socket
import struct
#Packet structure explanation:
#destmac = 0xff,0xff,0xff,0xff,0xff,0xff
#sourcemac = 0x00,0x11,0x22,0x33,0x44,0x55
#etherflags = 0x0806,0x0001,0x0800
#arpflags = 0x6,0x4,0x0001
#sourcemac = 0x00,0x11,0x22,0x33,0x44,0x55
#sourceip = 0xc0,0xa8,0x2b,0x7a
#targmac = 0x00,0x00,0x00,0x00,0x00,0x00
#targip = 0xc0,0xa8,0x2b,0x0c
packet = struct.pack('!12B3H2BH10B10B', 0xff,0xff,0xff,0xff,0xff,0xff, 0x00,0x11,0x22,0x33,0x44,0x55, 0x0806,0x0001,0x0800, 0x6,0x4,0x0001 ,0x00,0x11,0x22,0x33,0x44,0x55, 0xc0,0xa8,0x2b,0x7a, 0x00,0x00,0x00,0x00,0x00,0x00, 0xc0,0xa8,0x2b,0x0c)
sock = socket.socket(socket.PF_PACKET, socket.SOCK_RAW)
sock.bind(('eth0', 6)) # 6 its protocol number
sock.send(packet)
sock.close()
I'm writing a SIP stack, and I need to insert an ip address in the message. This address needs to be the one used for sending the message. I know the destination IP and need to determine the NIC (its address) that will be used to send the message....
To expand a bit on Remy Lebeau's comment, GetBestInterfaceEx() is your best bet, if you're on Windows XP or newer. That will work for both IPv4 and IPv6 addresses.
GetBestInterface/GetBestInterfaceEx return the index (call it IDX) of the most appropriate interface to use to contact some address.
Then you can map that index into a local IP address by getting your interface<->IP address mapping using GetIpAddrTable or GetAdaptersAddresses if you're dual-stacking (supporting both IPv6 and IPv4).
Iterate over that table and find the interface with the dwIndex (or IfIndex, in the case of GetAdaptersAddresses) matching IDX.
It's usually best to allow the IP address your SIP stack will operate on to be set as an adjustable configuration option. It means the user will need to set a configuration option but at least your stack will know the IP address it's operating on.
If that's not feasible then an approach you could use is to send out the SIP request on all IP addresses using a dummy value in the Via header such as 0.0.0.0 and set the interface you get a response back on as the default one. This approach alos as the advantage that the SIP response will tell you the public IP address the request was received from which can be useful if your SIP stack is behind a NAT.
Over TCP, I think you can get the address of the local side of the socket after connect(). I don't know if the same is true for UDP (I suspect not), but it might be worth a try.
The socket will allow you to Bind to a local endpoint before calling connect (both UDP and TCP).
That is all ok if you know the port. However, if you want the port to be ephemeral (e.g. some random port number) then you must come up with your own algorithm to do so and robust code to handle the cases where the port is exclusivly taken by another application.