(This question has been downvoted, which I find strange. How have I offended?)
Am I right to think that running a swank server usually opens port 4005 to the world, not bound to localhost-only connections?
So anyone hacking in a café is not only allowing passers-by to execute arbitrary code on their computer, but is giving them a nice interface to do it with.
It appears that when I run a swank server with either 'mvn clojure:swank', or 'lein swank', or (swank.swank/start-server "/tmp/yo")
then I get something like (thanks Mike!):
$lsof -i -P
java 11693 john 13r IPv6 6701891 0t0 TCP *:34983 (LISTEN)
and indeed I can connect from an emacs running on another machine on the same network.
(swank.swank/start-server "/tmp/yo")
If I start the server by hand, it produces the following output
Connection opened on local port 34983
#<ServerSocket ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=34983]>
Whereas:
(swank.swank/start-server "/tmp/yo" :host "localhost")
produces:
Connection opened on local port 40368
#<ServerSocket ServerSocket[addr=localhost/127.0.0.1,port=0,localport=40368]>
Which seems more like I was expecting.
Is there any good reason for doing this?
Any ideas on how it the more conventional ways of starting it could be persuaded to only accept connections from local processes?
Totally valid question.
After opening a slime server, you'll notice:
eames:~:% lsof -i -P | grep 4005
java 41477 mjd 33u IPv6 0x0b8956d0 0t0 TCP [::127.0.0.1]:4005 (LISTEN)
The connection is listening on the local address at port 4005. This interface isn't exposed to the network, so other devices on the network can't connect to your slime server.
edit:
This was my result of starting swank using leiningen, which provides "localhost" as an argument to swank.swank/start-server. You may want to double check that the leiningen plugin is opening non-local ports.
You're right that swank opens the connection on every address if a host isn't explicitly provided. The relevant code is swank.util.net.sockets/make-server-socket, and this behavior is documented. I agree, it seems like the wrong default.
it only accepts one connection so even if it is exposed to the world it stops listening once you connect.
If you're using the clojure-maven-plugin, version 1.3.4 was recently released which now start the swank server against localhost to prevent this problem.
This behaviour can be configured in your pom.xml file with:
<configuration>
<swankHost>someotherhostname</swankHost>
</configuration>
or from the command line with:
mvn clojure:swank -Dclojure.swank.host=someotherhostname
Related
Im doing a challenge (CTF style) and everyting we got is an IP.
Scanning that IP only one port is open.
If I connect to that IP and port using netcat, I got a kind of "dance" doing in CMD, with a message at the end that says "Check socket 12345".
I need to understand again what truly a socket is because im not getting anywhere trying to connect to that socket.
Its possible to connect to a socket from a specific port? or I only can make a connection from a open port and there the web servers redirect my connection automatically to a socket?
You can use netcat nc and its -p option to set the source port.
Netcat man page say:
-p port
local port number (port numbers can be individual or ranges: lo-hi [inclusive])
Try "nc -p 12345 dest_IP dest_port"
I am trying to get irssi to work over SSH on my Bluehost dedicated IP server.
Bluehost support says port 6667 is open, but you have to have an app listening to it, so running nc -l on the server and then telnet'ing in works, but if I run irssi on the server then it can't connect to freenode.net - it says the connection timed out.
If you do nmap -v -sT then you see the 6667/TCP port, but it's listed as closed.
How can get irssi to run using an ssh shell on Bluehost?
It Would be great to have under a Screen session you could re-login to from anywhere.
Make sure that you ask them if 6667 is open outbound TCP and UDP.
Sometimes they can mistake it for inbound or only open TCP for example. You can telnet to your IRC host on port 6667 even if something is not listening on the Bluehost side, assuming IRC is up and accepting connections, and Bluehost has the port opened, a telnet from your Bluehost account to the IRC server will work fine.
I just installed PostgreSQL on Snow Leopard and can't connect to the database server via pgAdmin 3.
I'm on my local machine, however I keep getting this error:
Could not connect to server: connection refused. Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5423?
I'm a bit of a noob when it comes to Postgres, so I'm not really sure what the problem is.
I can, however, log in through the command line, via psql -U postgres, and start and stop the server successfully.
Any help would be much appreciated.
The error message pointed out that you tried to connect to server on port 5423. However, postgres server listens on 5432 by default.
From your above comment (SHOW port; gives me "5432"), I think you need to change the port to 5432!
UPDATE: Tuan Dang spotted it. I'll leave this answer in place in case it helps someone else for whom the issue isn't quite the same.
Since you can connect via the command line, run:
SHOW port;
from psql. You'll probably see that the port is not 5432. You need to connect to the port PostgreSQL is actually running on from your application.
It's also possible that it just isn't listening on TCP/IP. Run:
SHOW listen_addresses;
to see what it's listening for.
The reason you can connect via the command line is likely to be because the command line psql you're using is connecting over a unix socket (since you didn't specify a host) and your app is connecting via tcp/ip.
Is there a dedicated port (lower than 1024) specifically for clients to send text based console output to a server? I've googled extensively but to no avail. What's the best port (lower than 1024) for sending text based console output if any?
A port is just a number. You can see well known port assignments in /etc/services.
You need a server application to be listening on the given port to accept your input. There are number of remote terminal protocols and their implementations, among which are Telnet (port 23) and Secure Shell, or SSH (port 22).
The simplest way to test your socket client is to setup netcat on the server to listen on whatever port you want (port is 777 in the example bellow), and then try to connect to it from somewhere else:
server:~# nc -l -p 777
then
client:~$ nc server 777
Note that on Unix you normally need super-user (root) rights to bind "privileged", i.e. bellow 1024, ports.
I'm going to use telnet (port 23) since that's closest to what I want. Sending console messages to a server from a client. okey dokey thanks!
I have an Ubuntu server running Tomcat, and I want to connect my Eclipse EE to it so I can work with JSP.
I have no problem connecting to a similar Tomcat service when it's installed on my machine (not a server), but whenever I try to connect to the remote server I don't seem to have the option of choosing a Tomcat service.
Is there some guide you can recommend (I didn't find one), or is there something I did wrong?
The "remote" Tomcat (or more generally the app server) must be configured to permit such connection.
Did you start the remote server with these parameters:
-Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n
Alternatively you can add the word jpda at the end of the startup.sh (or .bat) script just when calling the catalina.sh script.
Everything is documented on the Apache Tomcat Wiki.
After enabling those options, you have also another task to do: enabling the network connection to the configured port (8000 in the above options). It depends which firewall is installed on the server but usually it is iptables.
Example of iptables command to enable connection to port 8000:
sudo iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
If your server have a GUI installed, one easiest way is to use the "ufw" – short for 'uncomplicated firewall' as explained in this site which is just a graphical way to configure the iptables.
One way to test the connectivity to the server (if the port is open) is to use telnet from your computer like this:
telnet your.distant.host 8000
and if the command opens, the port is accessible, if the telnet command times out, the port is closed.