tags:

views:

333

answers:

3
+1  Q: 

How to determine an incoming connection is from local machine

I have a SocketServer accepting incoming connections. For security reasons I should only allow local connections (connections from the machine on which server is running).

How can I determine if an incoming connection is from another machine? Is the following code safe for this?

Socket socket = someServerSocket.accept();
String remoteAddress = socket .getInetAddress().getHostAddress();
if (!fromThisMachine(remoteAddress)) {
    // Not from this machine.
}

while fromThisMachine() method is like this:

public boolean fromThisMachine(String remoteAddress) {
    try {
        Enumeration<NetworkInterface> interfaces = NetworkInterface.getNetworkInterfaces();
        while (interfaces.hasMoreElements()) {
            NetworkInterface networkInterface = interfaces.nextElement();
            Enumeration<InetAddress> addresses = networkInterface.getInetAddresses();
            while (addresses.hasMoreElements()) {
                InetAddress inetAddress = addresses.nextElement();
                String hostName = inetAddress.getHostName();
                String hostAddr = inetAddress.getHostAddress();
                if (hostName.equals(remoteAddress) || hostAddr.equals(remoteAddress)) {
                    return true;
                }
            }
        }
    } catch (Exception e) {
        e.printStackTrace();
        return false;
    }
    log("Unauthorized request to server from: " + remoteAddress);
    return false;
}

Thanks, Mohsen

+3  A: 

If you want to limit connections from the localhost, then specify that when you open the ServerSocket. If you only listen on localhost, then you'll only get connections from localhost.

 int port = .....
 SocketAddress socketAddress = new InetSocketAddress("127.0.0.1", port);
 ServerSocket serverSocket = new ServerSocket();
 serverSocket.bind(socketAddress);
 serverSocket.accept();

edited to use hard-coded 127.0.0.1

skaffman  2009-10-09 07:59:25
It doesn't work. See:I'm on 192.168.0.1 and someone else on 192.168.0.2. I want to deny his access to my server socket listening on 192.168.0.1:port, but this solution doesn't work. It only caused that connecting to 127.0.0.1:port doesn't work from my own machine.
Mohsen  2009-10-09 08:30:38
+1  A: 

Thanks skaffman. The following code worked with a little manipulation (hard-coding 127.0.0.1).

int port = .....
SocketAddress socketAddress = new InetSocketAddress("127.0.0.1", port);
ServerSocket serverSocket = new ServerSocket();
serverSocket.bind(socketAddress);
serverSocket.accept();

If I read local address from InetAddress.getLocalHost(), other network users on the same subnet are still able to see my server.

Mohsen.

Mohsen  2009-10-09 08:57:26
D'oh, yes, I forgot that `InetAddess.getLocalHost()` doesn't give you 127.0.0.1, it gives the external IP address of that local host. My bad.
skaffman  2009-10-09 09:00:03
Yes, I've found InetAddress.getLocalHost() doesn't really work as expected too.
spender  2009-10-09 09:02:06
Be warned that the "I'm listening on 127.0.0.1 so only local users can connect to me" assumption sometimes fails - eg if you have a proxy running on your machine that can be coerced into connecting to 127.0.0.1 on behalf of a remote user.
caf  2009-10-10 12:07:35
+3  A: 

InetAddress.getByName( null ) always returns the loopback address. See the javadoc

    int port = .....
    SocketAddress socketAddress =
        new InetSocketAddress( InetAddress.getByName( null ), port);
    ServerSocket serverSocket = new ServerSocket();
    serverSocket.bind(socketAddress);
    serverSocket.accept();
Alexander Pogrebnyak  2009-10-09 14:17:30
Nice one. Wish I'd known this a while back. I got terribly confused.
spender  2009-10-10 14:27:49
This is one of the worst examples of feature creep. Providing `InetAddress.getLoopbackAddress()` would be so much cleaner. I discovered this simply by incident. The address string in my application got nulled under some condition and instead of NPE my application still chugged alone. This has taught be a valueable lesson to read Java API carefully and with full attention.
Alexander Pogrebnyak  2009-10-12 15:01:54

related questions

How do I get the external IP of a socket in Python?
How Do Sockets Work in C?
How do you send and receive UDP packets in Java on a multihomed machine?
Can't Re-bind a socket to an existing IP/Port Combination
Reading from a socket in C#
Sockets and Processes in Java
Stream data (such as music) using PHP (or another language)
How to forcibly close a socket in TIME_WAIT?
How do I make persistent network sockets on Unix in Ruby?
What's the idiomatic way to do async socket programming in Delphi?
How do you minimize the number of threads used in a tcp server application?
WSACancelBlockingCall exception
C# Performance For Proxy Server (vs C++)
How to get your own (local) IP-Address from an udp-socket (C/C++)
Free Network Monitor
Reconnect logic with connectivity notifications
Maximum buffer length for sendto?
Configure a Java Socket to fail-fast on disconnect?
Sockets in Pascal
Firefox plugin - sockets
How can I determine the IP of my router/gateway in Java?
ActionScript 3.0 sockets can't reconnect
Reverse DNS in Ruby?
Asynchronous multi-direction server-client communication over the same open socket?
How to use the C socket API in C++ on z/OS