Having an issue with the product I code for where our licensing service is unable to find a host MAC address. We don't have much idea why this is happening and it is only happening to very small percentage of users.
The method to get this MAC address is using the Java NetworkInterface methods. If this fails and returns NULL (or users JRE is <1.6) we then fall back to using Sigar to get our address. However it seems this is also failing. The problem is either that it can't obtain the IP address (and then further to this can't get the MAC address) or just can't get the MAC. This issue is happening across all OS' we support (AIX, Solaris, Win7/8, Win Server, Linux & MAC).
As such, my first thought was that these users were enabling the Java security manager (as this is a common factor), but this is looking less likely as I try to reproduce it as this requires a lot of extra configuration steps with permissions to even get our product to run. As such we would have expected to see users asking us for what they need to enable to get our software to run, but this does not happen.
As such I am wondering what is causing this to fail. My only lead now is that it is something lower level (within the OS) that is being enabled to block Java's attempts to natively get this information. I am searching for this now, but it is slow going and an odd thing to search for.
My question is, is this kind of behavior possible (i.e. disabling calling of native methods to discover network info to anything other than trusted code within the OS?), on any/some of the platforms listed above?
Has anyone had this problem before with Java NetworkInterface methods?
Related
Happy new 2020.
I have a question regarding the functionality of blocking IP addresses that have reached a honeypot system.
I have a real system A and a honeypot B.
The honeypot (B) is a completely different application from A.
Both systems (A and B) are Spring Boot applications.
However, what I want to achieve is when, let's say, a hacker reaches the honeypot B, its IP address to get dynamically blacklisted in the real application A but also the hacker should be able to keep operating with the honeypot B.
Update: After the IP address is blocked for the real system, the hacker should still be able to interact with the honeypot.
Describing the following scenario:
A hacker opens the real system and by hidden hints inside the HTML source code of the application, they navigate to the honeypot system.
The honeypot system itself contains low hanging fruits that seem open to attacks - such as fields where you can execute SQL injections.
When the hacker makes attempts to perform SQL injections - the honeypot is collecting all the information - what the intruder is doing.
And once the intruder hits the honeypot - their IP address gets blocked for the real application but remains active for the honeypot.
So the hacker doesn't know that they were blocked for the real application and they keep performing SQL injections to the honeypot.
The first solution that came up to my mind is to make an http call from the honeypot to the real system - providing the IP address of the intruder and blacklisting it with internal mechanism from the real system itself. /however, I am not sure if it is the best approach here/
Update: The internal mechanism of the real system is nothing else but an internal cache holding IP addresses that should not interact with the real system itself. When there is an incoming request the IP address of the client is checked and those requests coming from a blacklisted IPs are not served.
Another solution is to use a reverse proxy but I was not able to find a suitable way of doing it.
I would appreciate your help in finding an easy solution or providing me an idea for a different approach in this situation.
Thank you in advance.
I'm working in Groovy 1.8.6, running on JDK 1.6.0u33. When my program is starting up, it attempts to connect to another process on the same host by connecting to a telnet port on the host address. It uses the standard Java class InetAddress to determine the local host address. However, for some reason when I start the program up on a Windows XP VM, the host address resolves to garbage and the connection fails.
The startup script includes this line for diagnostic information:
def serverAddress = "http://${InetAddress.localHost.hostAddress}:${config.ServerPort}/DigitizerService?wsdl"
The output when serverAddress is printed to the terminal is:
http://0.1.0.5:8989/DigitizerService?wsdl
The address is not always the same- another time it came out as 0.2.0.5. But it always comes out as something that's not even a valid address, let alone the actual address for this host.
This same codebase is in production on a large number of boxes out in the wild and I've never seen an issue like this coming up, so I guess it must be specific to this new devbox it's on- or it's a bug in the new JDK.
Does anyone have any idea what might be causing something so basic as this to output garbage? Thanks in advance.
While I tried restarting before posting this question (of course, this is Windows after all), and it did not help, a second reboot of the VM seems to have fixed the issue. It was in the process of installing a big pile of Windows updates, as it was an old VM that I'd just dusted off, so I suppose that may have somehow scrambled things internally in the OS.
So I'm still very confused as to how this came about, but I think I can conclude that it was not Java at fault. Probably.
I've been working on a Java project for year. My code had been working fine for months. A few days ago I upgraded the Java SDK to the newest version 1.6.0_26 on my Mac (Snow Leopard 10.6.8). After the upgrade, something very weird happens. When I run some of the classes, I get this error:
Invalid memory access of location 0x202 rip=0x202
But, if I run them with -Xint (interpreted) they work, slow but work fine. I get that problem in classes where I use bitwise operators (bitboards for the game Othello). I can't put any code here because I don't get an error, exception or something similar. I just get that annoying message.
Is it normal that the code doesn't run without -Xint but it works with it? What should I do?
Thanks in advance
When a JVM starts crashing like that, it is a sign that something has broken the JVM's execution model.
Does your application include any native code? Does it use any 3rd-party libraries with native code components? If neither is true, then the chances are that this is a bug in the Apple port of the JVM. It could be a JIT compiler bug, or a bug in some JVM native code library.
What can you do about a bug like that?
Not a lot.
Reduce your application by progressively chopping out bits until you have a small testcase that exhibits the problem.
Based on the testcase, see if there's some empirical way to avoid the problem.
Submit a bug report to Apple with the testcase.
I just came across this situation and it turned out to be related to a piece of code that was serializing a JSON object with a cyclic reference to itself. I removed the cycle and the error went away. I suspect this is related to a memory overflow error that is now handled differently by newer JVMs on Mac OSX. In this case, I was running Mac OSX 10.7.
For completeness the errors I was receiving were:
Invalid access of stack red zone 0x10e586d30 rip=0x10daabba6
Bus error: 10
And:
Invalid memory access of location 0x10b655890 rip=0x10a8baba6
Segmentation fault: 11
Also verify that you are building the GUI on the event dispatch thread and never updating a GUI component from any other thread.
Related errors are notoriously hard to reproduce, but the change associated with altered timing is suggestive.
Please check if /etc/hosts is empty and verify that it include these configurations :
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
I know this is a long shot but is there any way of getting the serial number or a uniquely identifying piece of information on Linux?
If so, how can this be programmed into a Java program?
In context, I need to build a license validator that locks down to one machine. If you have any other suggestions they are welcome.
Here is an excerpt of a blog post by Lennart Poettering about IDs in general. It is about unique IDs, not necessarily about unique IDs in relation with security:
/sys/class/dmi/id/product_uuid: The main board product UUID, as set by the
board manufacturer and encoded in the
BIOS DMI information. It may be used
to identify a mainboard and only the
mainboard. It changes when the user
replaces the main board. Also, often
enough BIOS manufacturers write bogus
serials into it. In addition, it is
x86-specific. Access for unprivileged
users is forbidden. Hence it is of
little general use.
CPUID/EAX=3 CPU serial number: A CPU UUID, as set by the CPU manufacturer
and encoded on the CPU chip. It may be
used to identify a CPU and only a CPU.
It changes when the user replaces the
CPU. Also, most modern CPUs don't
implement this feature anymore, and
older computers tend to disable this
option by default, controllable via a
BIOS Setup option. In addition, it is
x86-specific. Hence this too is of
little general use.
So /sys/class/dmi/id/product_uuid seems like a good candidate for your validation daemon but means that your validation code needs to be run as a privileged user. The full blog post is really a valuable read!
Unless you can actually get a hardware dongle to the users machine, you cannot devise a copy protection setting that cannot be circumvented.
If you just want to tell the user that "hey, you are already running this license on another machine on your network, get another license", then a good way is to do network broadcasts so they can find one another. The simplest way to do reliably is probably using Zeroconf with the jmdns library.
If you want to be certain that the program is only being run at one place with a given serial number, the only way to do so with generic PC's is to have the program call a central mothership over the internet while being run and register where it is being used. The mothership then returns a snippet containing important code needing it to be run. You could most likely implement this using Java WebStart.
I use the MAC-Adress as an unique id.
InetAddress address = InetAddress.getByName("192.168.1.1");
NetworkInterface ni = NetworkInterface.getByInetAddress(address);
byte[] mac = ni.getHardwareAddress();
Mac address can be changed. Check this. Also, Mac-Address is tied to an interface (Ethernet/Wireless/HPNA etc). So a smart user can easily tweak this up. There is a similar problem discussed on stackoverflow. Check this.
The MAC address is not a good choice, as it can be changed on some systems. If you want to stay in native Java then logical system parameters such as the machine ID and user log-in account are your only options. For some cases machine name is adequately secure as there can't be two machines on the one network with the same name.
I have a java application that I run from eclipse 3.5.
My OS is WinXP(SP2) and the JRE version is 6.05.
I run the application on two identical computers (or so I think) but the application behaves differently on each computer.
The computers are the same Dell Optiplex model with the same amount of memory and have the same GPU.
On the first computer, the application runs flawlessly. However, on the second one the application freezes for a couple of minutes and then returns to run normally.
The strange thing is that the CPU usage on the second computer is not high at all. It seems as though my application does not receive any CPU for no apparent reason.
Computers should be deterministic so I assume there must be some difference between the machines but I don't know where to look.
I would love some ideas on where the problem might be.
Thanks,
Yoav.
I've found the problem.
The application that was unresponsive was run in debug mode.
Sorry to have wasted your time...
It may help you to get a Thread Dump when the app freezes. This will hopefully tell you exactly what is holding you up (i.e. waiting for IO somewhere).
Well, I would first update your JRE version as there are newer versions now.
As for both computers being identical, are they really identical? I find it difficult to believe that both have the same exact software and setup and that anything you have done to one, you have always done to the other. If this is indeed the case, you may want to try to debug your application on the second machine (the one that hangs) and find out specifically where it hangs.
It may also help us if you give more information about your application. The problem may not be your computer at all if the application is doing things like web access, network access, etc.
So both computers have nearly identical hardware. A few other things to check
Do they both have Eclipse 3.5, WinXP(SP2) and JRE 6.05 installed?
And behave differently when run from within Eclipse (on both machines or on one run from command-line)?
Is this reproducible? If yes When does it happen? On startup? Or on some specific action?
Does the program have a GUI?
Is there maybe some kind of virus scanner or another comparable software installed on one of the machines which could delay the program
Is networking, file acccess, multithreading involved?
I can think of two non-application possibilities:
Memory Paging. There's something extra happening on the slow machine, so your JVM is not getting a fair share of CPU time. A large daemon process or some such.
Network access. Your app is making some kind of network call and it's glitching or timeing out. Perhaps going and fetching some XML schema, perhaps a disk acesss to a mounted drive.
I've seen all manner of weirdness when apps attempt to access hosts by name and DNS is not well. One machine has an etc/host entry the other does not. Even each machine might want to resolve itself.