[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNUnet-developers] #1211
|
From: |
Christian Grothoff |
|
Subject: |
Re: [GNUnet-developers] #1211 |
|
Date: |
Sat, 11 Apr 2009 20:57:18 -0600 |
|
User-agent: |
KMail/1.11.0 (Linux/2.6.27-11-generic; KDE/4.2.0; i686; ; ) |
Hi!
I think you're misunderstanding the issue a bit. Writing a port scanner is
not the problem; what we need is a way to ensure that a malicious
hostlist/webage that pretends to help us discover our external IP address is
unable to trivially do a man-in-the-middle attack on all of our connections.
This requires some not trivial changes to how we process HELLOs (which, btw,
are in the works), the website itself is only a tiny part of it.
Now, I was not even thinking of having the website trigger a port scan on the
requestor, that's an interesting twist to detect port changes due to say NAT,
but I'm not sure this feature would be considered acceptable by the hostlist
operators...
Finally, I'm not sure your code is really correct; in case you are interested,
here is some slightly more comprehensive C port-scanner code that I've lying
around here:
/* open a tcp connection to an ip address and port number to see if
* it's open */
int poke_port(char *addr_name, char *port_name, int *error)
{
struct addrinfo hints;
struct addrinfo *addr;
int socketfd;
int success = 0;
unsigned int len;
static char c;
u_long mode;
fd_set rset;
fd_set wset;
struct timeval tv;
addr = NULL;
*error = 0;
bzero(&hints, sizeof (hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
/* get the address info structure for a tcp connection */
if (getaddrinfo_r(addr_name, port_name, &hints, &addr)) {
perror("Error in either the address name or the port name:");
*error = 1;
if (addr != NULL) /* can this happen? */
freeaddrinfo_r(addr);
return 0;
}
/* create the socket */
socketfd = socket(addr->ai_family, addr->ai_socktype, addr-
>ai_protocol);
if (socketfd < 0) {
perror("Error creating socket:");
freeaddrinfo_r(addr);
*error = errno;
return 0;
}
/* connect to the tcp address and port number */
mode = 1;
ioctl(socketfd, FIONBIO, &mode);
success = 0;
if ( (0 != connect(socketfd, addr->ai_addr, addr->ai_addrlen)) &&
(errno != EINPROGRESS) ) {
freeaddrinfo_r(addr);
*error = errno;
close(socketfd);
return 0;
}
FD_ZERO(&rset);
FD_ZERO(&wset);
FD_SET(socketfd, &rset);
FD_SET(socketfd, &wset);
tv.tv_sec = TIMEOUT;
tv.tv_usec = 0;
/* a little bit different way to check the socket, where I later check
socket options to grab any socket errors correctly. Note that
select
here will return a value > 0 if the socket was ready for
reading or
writing (ie, the handshake completed). I set the error to
operation
timed-out since that's really what we want to know */
if (1 > select(socketfd+1, &rset, &wset, NULL, &tv)) {
*error = errno;
close(socketfd);
freeaddrinfo_r(addr);
return 0;
}
if (FD_ISSET(socketfd, &wset)) {
len = sizeof(*error);
if (getsockopt(socketfd, SOL_SOCKET, SO_ERROR, error, &len) < 0)
*error = errno;
else if ((*error) == 0) {
if (1 != send(socketfd, &c, 1, MSG_DONTWAIT ))
*error = errno;
else
success = 1;
}
}
/* close the socket */
close(socketfd);
/* free up the addr info structs */
freeaddrinfo_r(addr);
return success;
}
Best,
Christian
On Friday 10 April 2009 10:32:33 am Wolfgang Brehm wrote:
> I wrote a simple threaded portscanner in java.
> I hope it will be usefull. It is my first projekt, sadly my C/C++ is too
> bad to contribute right now.
> It shoul't be difficult for me, to integrate the wished HELLO, I will have
> to read the documentation If this is wished
>
>
> /**
> * Scanner
> * @author (wolfgang brehm)
> * @version (10.4.2009)
> */
>
> import java.util.ArrayList;
>
> public class Scanner
> {
> String host;
> int lowerport;
> int upperport;
> static int j=0;
> static ArrayList ports = new ArrayList(16);
> public Scanner(String host, int lowerport, int upperport)
> {
> this.host=host;
> this.lowerport=lowerport;
> this.upperport=upperport;
> }
>
> /**
> * Scanning method: threaded
> *
> * @param String host The host, which ports will be scanned
> * @param int lowerport the lowerport
> * @param int upperport the upperport
> * @return ports[] ports The ports, which responded
> */
>
> public Object[] main()
> {
> for (int i=lowerport; i<=upperport; i++) {
> scan current = new scan(host, i);
> Thread th = new Thread(current);
> th.start();
> try{
> th.sleep(1);
> }catch (InterruptedException e){}
> }
> return ports.toArray();
> }
> }
>
> ---------------------------------------------------------------------------
>--
>
>
> /**
> *
> * Thread scan, that is actually scanning.
> * @author (wolfgang brehm)
> * @version (10.4.2009)
> */
>
> import java.io.IOException;
> import java.net.Socket;
> import java.net.UnknownHostException;
>
> public class scan implements Runnable
> {
> int port;
> String host;
> public scan(String host, int port)
> {
> this.host=host;
> this.port=port;
> }
>
>
> /**
> * THE run() method a Runnable must implement
> *
> */
> public void run()
> {
> try {
> Socket target = new Socket(host, port);
> Scanner.ports.add(port);
> target.close();
> }catch(UnknownHostException e){
> System.out.println(host+" is unknown");
> }catch (IOException e){}
> }
> }
>
> Wolfgang Brehm aka Lykos
>
>
> _______________________________________________
> GNUnet-developers mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/gnunet-developers