We have a master program and agents (both) on the customer side on different computers. The network configuration can be any type (we don't know). The agents connect to the master program and currently we only can get the IP and computer name as information. How do I distinguish if two IPs belong to the same computer?
Computers may have more than one ethernet cards.
Thanks.
There is no way to tell just by looking at the IP addresses.
Some computers have unique identifiers, but you would need JNI to access them and your code would be very platform-specific. It might be a better idea to generate a GUID and write it to a file in a temp folder on the machine. Then, all instances of the software that run on that machine would read the same GUID and can provide this data to the server when a connection is made.
You can modify the agents to send the MAC(s) of the machines in question. Beyond that, you can't really determine if they are the same.
You say you're getting the computer name - can't you de-duplicate based on that value?
From across a network, and given only an IP address, you can't tell. The way NAT works, and the fact that today's laptops and wireless devices often hop from network to network throughout the day, all you see is the public-facing IP address of that machine, which is very likely shared across a group, or entire organization of machines.
Unless you modify the agent application to also include a unique identifier (such as MAC address - which even then only tells you it's a unique NIC, not necessarily a unique machine if machines have multiple NICs), you're out of luck. You can't determine uniqueness from the IP address alone.
Not sure what your use case is, but if it's for banning/tracing actions within the application, then it's better to require some kind of unique identifier for the machine to access the system (such as a username) so you know that you can ban/trace a single instance of the app, or a single user logged into any instance of the app, rather than trying to solve that kind of a problem through IP addresses.
You could create a service in its machine that will expose a unique identifier. You could then call this service using different IPs as the host name and compare the values.
Related
Happy new 2020.
I have a question regarding the functionality of blocking IP addresses that have reached a honeypot system.
I have a real system A and a honeypot B.
The honeypot (B) is a completely different application from A.
Both systems (A and B) are Spring Boot applications.
However, what I want to achieve is when, let's say, a hacker reaches the honeypot B, its IP address to get dynamically blacklisted in the real application A but also the hacker should be able to keep operating with the honeypot B.
Update: After the IP address is blocked for the real system, the hacker should still be able to interact with the honeypot.
Describing the following scenario:
A hacker opens the real system and by hidden hints inside the HTML source code of the application, they navigate to the honeypot system.
The honeypot system itself contains low hanging fruits that seem open to attacks - such as fields where you can execute SQL injections.
When the hacker makes attempts to perform SQL injections - the honeypot is collecting all the information - what the intruder is doing.
And once the intruder hits the honeypot - their IP address gets blocked for the real application but remains active for the honeypot.
So the hacker doesn't know that they were blocked for the real application and they keep performing SQL injections to the honeypot.
The first solution that came up to my mind is to make an http call from the honeypot to the real system - providing the IP address of the intruder and blacklisting it with internal mechanism from the real system itself. /however, I am not sure if it is the best approach here/
Update: The internal mechanism of the real system is nothing else but an internal cache holding IP addresses that should not interact with the real system itself. When there is an incoming request the IP address of the client is checked and those requests coming from a blacklisted IPs are not served.
Another solution is to use a reverse proxy but I was not able to find a suitable way of doing it.
I would appreciate your help in finding an easy solution or providing me an idea for a different approach in this situation.
Thank you in advance.
I want to create Java Network servers which share one IP address. Something like the Piranha cluster:
Is there any solution similar to this?
P.S They have to work as a cluster. If one server is down the second one should handle the traffic.
Well the obvious solution would be to try to build your Java servers behind the Piranha layer; i.e. implement the application services on "real server 1", "real server 2", etcetera in Java
I'm pretty sure that you can't implement a Piranha-like solution in (pure) Java. The IP level load balancing is implemented in the network stack in the OS kernel (I think) of the "director". That rules out (pure) Java for two reasons:
It is impractical to put Java code inside the kernel.
To do it in user space in Java would entail using native code to read and write raw network packets. That is not possible in pure Java.
Besides, the chances are that you'd get better network throughput if the director layer was not implemented in Java, pure or otherwise.
Of course, there are other ways to do load balancing as well ...
Just create your standalone tcp/ip servers to listen on different ports (and ofcourse the IP address would be same as this is your requirement)
I need to making multiple(more than 100) HTTP requests to Google Scholar, from a Java code to collect data. However, the site prevents this after around 20 requests or so, and produces a captcha. I have heard of 'Amazon Spot Instances' letting the IP address of requesting system change periodically and thus avoid the occurence of captcha, by ensuring that the requests do not come from a single IP. Can anyone help me through this, with further details?(an alternate method other than Amazon EC2 spot instances is also fine)
Changing IP addresses periodically aren't a unique feature of Spot Instances within the Amazon Environment (it's also available on the On demand and Reserved Instances), the Amazon CLI will allow you to assign, attach, deattach and release IP addresses as well.
Amazon's SDK will allow you to call the creation of a Spot Instance and attach an IP address, for the latter http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-RunInstances.html is a good starting point. It's well supported across a wide range of languages.
For Java I would look at http://aws.amazon.com/sdkforjava/ and get your feet wet, it's a powerful API!
Depending on how much experience you have with the AWS environment there is a bit of extra stuff to keep in mind, especially with Spot Instances. Spots can terminate at any time (literally mid-query) so you should build your app to be stateless, a good solution is to send the results into an S3 bucket. It has the added benefit of being able to deploy multiple instances at one time and have a single endpoint of data collection.
I need Java code to detect current connected devices to my network.
I tried the following idea :
- for all possible addresses check if this address is connected ( 254 loop )
- to speed up this process I created a thread for each check to make them run in parallel
Is there any way more efficient ??
Well there are lots of ways of detecting networked devices and you give no specifics on the nature of your situation.
The simplest (and most simplistic) approach I can think of would be to ping the broadcast address of your IP network and then consult the system's ARP table.
Unfortunately I have no particular strategy for accessing the ARP table from Java to suggest.
I know this is a long shot but is there any way of getting the serial number or a uniquely identifying piece of information on Linux?
If so, how can this be programmed into a Java program?
In context, I need to build a license validator that locks down to one machine. If you have any other suggestions they are welcome.
Here is an excerpt of a blog post by Lennart Poettering about IDs in general. It is about unique IDs, not necessarily about unique IDs in relation with security:
/sys/class/dmi/id/product_uuid: The main board product UUID, as set by the
board manufacturer and encoded in the
BIOS DMI information. It may be used
to identify a mainboard and only the
mainboard. It changes when the user
replaces the main board. Also, often
enough BIOS manufacturers write bogus
serials into it. In addition, it is
x86-specific. Access for unprivileged
users is forbidden. Hence it is of
little general use.
CPUID/EAX=3 CPU serial number: A CPU UUID, as set by the CPU manufacturer
and encoded on the CPU chip. It may be
used to identify a CPU and only a CPU.
It changes when the user replaces the
CPU. Also, most modern CPUs don't
implement this feature anymore, and
older computers tend to disable this
option by default, controllable via a
BIOS Setup option. In addition, it is
x86-specific. Hence this too is of
little general use.
So /sys/class/dmi/id/product_uuid seems like a good candidate for your validation daemon but means that your validation code needs to be run as a privileged user. The full blog post is really a valuable read!
Unless you can actually get a hardware dongle to the users machine, you cannot devise a copy protection setting that cannot be circumvented.
If you just want to tell the user that "hey, you are already running this license on another machine on your network, get another license", then a good way is to do network broadcasts so they can find one another. The simplest way to do reliably is probably using Zeroconf with the jmdns library.
If you want to be certain that the program is only being run at one place with a given serial number, the only way to do so with generic PC's is to have the program call a central mothership over the internet while being run and register where it is being used. The mothership then returns a snippet containing important code needing it to be run. You could most likely implement this using Java WebStart.
I use the MAC-Adress as an unique id.
InetAddress address = InetAddress.getByName("192.168.1.1");
NetworkInterface ni = NetworkInterface.getByInetAddress(address);
byte[] mac = ni.getHardwareAddress();
Mac address can be changed. Check this. Also, Mac-Address is tied to an interface (Ethernet/Wireless/HPNA etc). So a smart user can easily tweak this up. There is a similar problem discussed on stackoverflow. Check this.
The MAC address is not a good choice, as it can be changed on some systems. If you want to stay in native Java then logical system parameters such as the machine ID and user log-in account are your only options. For some cases machine name is adequately secure as there can't be two machines on the one network with the same name.