Can I check remote address connecting to a ServerSocket before accepting?

I have a ServerSocket for which I'd like to implement an IP filter, using an allow or deny list to control which IP addresses can connect. After accepting the connection, I check the remote address on the Socket that is created, and apply the filter. However, if I close the connection to a denied address, the client sees that the connection was accpeted, but then it throws a SocketException when it tries to write to it.
That accomplishes the purpose of the filter, but it doesn't seem like good behavior from the client's perspective. I'd like to implement a ServerSocket that doesn't even accept the connection if the remote address is not permitted. Is there any way to do that?

Why not write a connection accepted/refused message
to the client and then carry on (or close the
socket/streams at both ends)?I'm not sure I understand your suggestion. When ServerSocket.accept() returns by providing a Socket object, that is the first time the server code can determine the IP address of the client and apply an IP filter. However, the connection has already been established at this point, so it's not possible to make an accept/refuse decision for the connection based on the client IP address. By the time the server code sees the IP address, the connection has already been accepted, and the only recourse is to close the connection from the server (by calling close() on the Socket object that was returned), and the client will then throw an exception with the message saying that the software closed the connection.
Legitimate users trying to connect may interpret this as a software problem, if they don't know any better. Intruders will discover from this behavior that the port is open through the firewall, and may conclude that IP filtering is being applied, and if they have some idea of what IP addresses are allowed, they could easily spoof them. Or they could keep trying, hoping to catch the server when the IP filtering is turned off.
It would be better to mimic the filtering behavior of a firewall, whereby the connection is not established. Then the client would report that it could not establish the connection, and the user would be more likely to look into whether the port is open or IP filtering is occurring, rather than thinking there is a software problem. And the intruder would conclude that the port is not open and go somewhere else.
I would need a different implementation of ServerSocket to do this. I checked jakarta commons net, but that only provides client side utilities. I'm currently untangling the source code of java.net.ServerSocket to see how difficult it will be to override the accept() method to provide filtering behavior. This seems like a useful thing, and I thought perhaps someone had already done so. Or perhaps someone can tell me why this is not a good idea.
Message was edited by:
MidnightJava

Similar Messages

  • Can I use Remote Desktop Connection (windows server 2008) even if no user is logged in?

    I'm configuring a Server, running Windows Server 2008, to be accessed remotely. Suppose no user is logged in in the server (if it was just turned
    on, for instance). Can I use the "Remote Desktop Connection" feature to log in remotely in this case? Or is it always necessary to have a user locally logged in, to remotely log in to one of the users available?

    If its a fresh installation, RDM might not work at first.
    1. You need to check firewall and allow Remote Desktop. To be specific, communication to port 3389 TCP
    2. Right click My Computer --> Properties --> Remote tab
    Enable Remote Desktop
    Allow connections to this computer
    Click users and grant the permissions for the users. By default, Administrators do have the permission. An also, the users who are members of the 'Remote Desktop Users' security group also have the permission

  • How can I disable remote access connection window ?

    When I try to connect (via TCP/IP) with a VI in another PC (in my local network) it appears the remote access connection window.
    How can I disable this (programmatically if possible) ?
    A big thanks for your answers.
    Linus

    Randy,
    attached the image of the Remote Access Connection Window that appears when I connect to the VI.
    It is the Operating System (Windows) classical panel for Remote Access connections using a modem.
    Many thanks.
    Linus
    Attachments:
    Remote_Access.jpg ‏22 KB

  • How can I check a jdbc connection

    With Sun Java App Server, after I create a JDBC connection, I use a button to check if the connection was OK.
    I cannot find the same button or method to see if my Sybase connection is correct because all I get is "is not bound in this Context".
    I installed the sybase jdbc driver in the install_dir\lib_directory.
    In the jdbc wizard I use the Sybase Driver: com.sybase.jdbcx.SybDataSource
    TIA,
    Lorenzo Jimenez

    With Sun Java App Server, after I create a JDBC connection, I use a button to check if the connection was OK.
    I cannot find the same button or method to see if my Sybase connection is correct because all I get is "is not bound in this Context".
    I installed the sybase jdbc driver in the install_dir\lib_directory.
    In the jdbc wizard I use the Sybase Driver: com.sybase.jdbcx.SybDataSource
    TIA,
    Lorenzo Jimenez

  • How can i check if my connection is b, g or n?

    Hello, I can log on through wireless at my school. I have a wireless n airport card. How can I check in my macbook to see if I am using n or just b or g? I couldn't find it under the network utility or in my preferences. Please let me know! Thanks!

    In Network Utility under the Info tab, select the Network Interface (en1) for the WiFi, (en0 is the wired Ethernet port) and it will report the Link Speed and the Network Adapter Type. I don't know if you can tell what protocol (a/b/g/n) is actually being used, other than by inferring from the link speed.
    With my Airport Extreme Base Station in g/n mode I am getting a Link Speed of 130 Mb reported on my MacBook. My Dell M90 operates only in (g) mode gets around 55 Mb. Of course my DSL ISP is only about 10 Mb service...

  • HT4061 How can I check a used Imac if is stolen before I buy it

    I am trying to buy an used Imac
    how can I check if this Imac is not stolen?

    Make sure the seller has prepared the iMac for sale according to this Apple document: What to do before selling or giving away your Mac - Apple Support.  If it's not prepared that way there's a good chance that use of the App Store and other features requiring  your Apple ID will be blocked.
    When it's booted up it should present the setup window as if it were a new iMac.
    If it's old enough that I would have come with Snow Leopard or earlier as the operating system make sure the disks that came with the iMac are included.
    I would not purchase one if it hadn't been prepared that way or unless I knew and trusted the seller so that if there are problems that pop up they can unlock them.

  • WRV210- Can't establish Remote Desktop Connection over IPSec

    Hi there,
    I changed the  BEFVP41 with WRV220 and configure the VPN  the same way, succeed to establish IPSec VPN connection with TGB VPN client with no problems but now Remote Desktop Doesn't work. I changed the firmware that didn't help. That didn't help as well, the answer is the same:The client could not connect to the remote computer. Remote connection might not be enabled or the computer might be too busy to accept new connections.The Remote connection works fine in local and with BEFVP41 (even thou I had different problems with this one) the only change is the WRV210....Did you have this issue?
    Thank you
    Vesna

    As a sort of work around, you could configure a dhcp reservation for that pc. Leave the machine as dhcp but know that it will always "recieve" a specific address. I think the problem the WRV210 experiences in this situation, is the mac address table times out and it flushes the pc's mac to ip binding. Therefore, it does not know who to send the request for X ip address to, because it no longer has a mac to port mapping.
    However, when the router has the client via DHCP, the dhcp protocol takes care of making sure the mac does not time out in the CAM table. When the lease is somewhat close to expiration, the client renews and everything works fine. You can staticly map up to 20 addresses in the WRV210 (confirmed with configuration in lab).
    With this solution, your RDP sessions and port forwardings will continue to work, and your mac will never timeout of the CAM table.
    Bill

  • Checking remote TCP connections

    I have a computer that we will call A, and I want other computers (B, C, D, ...) to send data to a specific TCP port on A.  I have that working, but the problem I am having is that I want only one computer at a time to be able to send the data to A. 
    For instance, if B is already communicating with A, I want C to throw an error.  I have ran some simple tests and it appears that B and C can write to the same port on A at the same time.  The port seems to create a buffer that collects the data from both computers. 
    Is there a way to configure the port to be a single writer like you can in shared variables?  (By the way, i have tried the shared variable route but wasn't liking the communication speed.)
    Or is there a way when I try to open a connection from B, C, ... that it checks to see if A's port is already connected to another computer?
    I hope this A, B, C description isn't too confusing.

    Hi ejw,
    attached you will find an example of a server which can only have one connection simultaneously.
    Hope it helps.
    Mike
    Message Edited by MikeS81 on 06-10-2008 09:21 PM
    Attachments:
    client.PNG ‏4 KB
    server.PNG ‏8 KB

  • How can I check who is connected to my network?

    Hello,
    can someone suggest me a tool or widget that allows me to verify who is connected to my private wireless network?
    I am also looking for a tool or widget that warns me when a new user has entered the network.
    Thanks in advance
    Tom

    If you use WPA then no unauthorised user will be able to connect to your network.
    Depending on the age of your Mac, the Airport Management Tools will allow you to see who is connected to your wireless network.
    Airport Management Tools
    iFelix

  • I can't add gmail address to iMessage -was working before

    Hi
    My children have iPad airs set up under my apple ID (I have an iPhone 5s). All software is up to date.
    Until recently they were using their own email(gmail) addresses (over wifi only) in iMessage to message their friends. All of a sudden their email addresses disappeared from their devices and only my phone number and email address is available to use. So they started receiving all my private text messages on their device - I have disabled the phone number since then but not been able to add their email address back.
    I have tried repeatedly (like 10x) on both devices to "Add another email". It is stuck on verifying (and no verifying email is in the gmail account, I have checked repeatedly). The gmail accounts are enabled for less secure connections and also two-step verification is disabled.
    I'm at my wit's end!
    thank you
    Renia

    Hello Renia,
    Thanks for using Apple Support Communities.
    For some initial troubleshooting on this issue where you're unable to add an email account to an iMessage account, I'd like you to first turn off iMessage, and then turn it back on.
    Messages settings - iPad User Guide
    Take care,
    Alex H.

  • How can I check the billing address on file for me at iTunes?

    i received an email stating a change in my billing address. I did not make a change. How can I check the address on file? 

    You can viee the billions my address on your account by logging into the accontunt's nt via the Store > View Account menu option on your computer's iTunes, or via the 'manage your apple id' button on http://appleid.apple.com
    But the email may be a phishing email : Identifying fraudulent "phishing" email
    t

  • Remote Desktop Connection Not Going To Full Screen on EIZO MX340 Monitor 1536x2048 Resolution

    I am using a EIZO Rx-340 as a secondary monitor. So far I am only able to get into full screen by using Ctrl-Alt-Fn-Pause but it does not change the resolution. It does not help to move the slider to large. There is a black space at the top and bottom
    of the display.

    Hi,
    Please take a try with the steps below:
    1. Start "Remote Desktop Connection".
    2. Click on "Options".
    3. Click on the "Display" tab.
    4. On "Display configuration" settings, you can change the "Remote Desktop Connection" display by moving the slider from "Small to Large".
    5. By moving the "Slider" all the way to large, the display settings will automatically set to "Full Screen".
    Here is the screenshot:
    Also please take a check if the monitor itself is configured well.
    Hope this may help
    Best regards
    Michael Shao
    TechNet Community Support

  • How to check whether internet connection is avaliable or not from Swing

    Hii Javaties
    I am developing a application in Swing .
    I need to call a servlet from Swing.
    So how can i check tht internet connection is avaliable or not. ?

    i am also fatching this type of problem. my applet is playing a audio file from server. during the playing time if network connection failed then NoRouteToHostException occurs from some PCs. but there are some PCs it doesn't occur though the playing is stoped.
    all PCs OS windows XP and jre jdk1.5.0_06
    i can't find out the problem. can any one help me for this?
    code:
    URL testURL = null;
                                try {
                                    testURL = new URL(sourcePath);
                                    //inputStream = testURL.openStream();
                                    URLConnection connection = testURL.openConnection();
                                    connection.connect();
                                } catch(NoRouteToHostException e) {                
                                    System.out.println("NoRouteToHostException block: " + e.getMessage());
                                }thanks
    bashar

  • ICWeb Client, How check flashing buttons, before accepting a call?

    Good morning,
    I need with ABAP CODE, to check if there is the flashing button, before accepting call.
    Do know anyone how check this state in the interection center?
    To check if the call is accepted I use the following code:
    data: ref_intman type ref to cl_crm_ic_interaction_manager.
    ref_intman = cl_crm_ic_interaction_manager->get_instance( ).
    check ref_intman->has_current_interaction( ) eq abap_true.
    I need also to check if the user is ready or not ready to receive a call.
    Many thanks.
    Marc

    No, Marc, this is defenitely a standard method. Programmers at SAP also make mistakes not renaming methods when copying them Nobody is perfect.
    The code in it is quite simple and similar to get_currentchatid:
    METHOD get_currentphoneid.
       ev_phone_sessionid = m_phone_sessionid.
    ENDMETHOD.
    where ev_phone_sessionid is a returning paramater of the method with type STRING.
    m_phone_sessionid in turn is a protected attribute of the class with type STRING.
    It is filled in IF_CRM_IC_EVENT_LISTENER~HANDLE_EVENT method of the class in following way:
    METHOD if_crm_ic_event_listener~handle_event.
    CASE event->get_name( ).
       WHEN cl_crm_ic_mcm_contact=>c_event_accepted.
         event->get_param( EXPORTING name = 'Parameter1' IMPORTING value = itemchannel )."#EC NOTEXT
         IF itemchannel EQ cl_crm_ic_mcm_contact=>c_channel_telephony OR
            itemchannel EQ cl_crm_ic_mcm_contact=>c_channel_email OR
            itemchannel EQ cl_crm_ic_mcm_contact=>c_channel_chat.
           event->get_param( EXPORTING name = 'Parameter2' IMPORTING value = itemid )."#EC NOTEXT
           contact = get_contact( itemid ).
           IF contact IS BOUND.
             contact->set_status( cl_crm_ic_mcm_contact=>c_status_accepted ).
           ELSE.
             var1 = itemid.
             cl_crm_ic_mcm_proxy=>addbspmsg( iv_msg_type   = 'W'
                                             iv_msg_number = 19
                                             iv_msg_v1     = var1
                                             iv_msg_v2     = ''
                                             iv_msg_v3     = ''
                                             iv_msg_v4     = '' ).
           ENDIF.
         ENDIF.
         IF itemchannel EQ cl_crm_ic_mcm_contact=>c_channel_chat.
           m_chat_sessionid = itemid.
         ELSEIF itemchannel EQ cl_crm_ic_mcm_contact=>c_channel_telephony.
           m_phone_sessionid = itemid.
         ENDIF.
       WHEN cl_crm_ic_mcm_contact=>c_event_ended.
      ENDCASE.
    ENDMETHOD.

  • I have a time capsule connected directly to fiber connection. I have connected a windows server directly to TC and configured it for remote desktop connection. From my interanet I can access srvr but not from my home. What config I need on TC?

    I have a time capsule directly connected to fibre optic point out. All pcs and macs are connected wirelessly to the internet. I have connected a windows server pc to TC. When configured for Remote desktop connection, I can access windows server from within interanet but don't know how to access it from internet. I guess I need to change some settings in TC to get some ip adress for the remote desktop connection from my home. Anyone who can help me out? Appreciate it.
    Narmin

    I am a little lost now.. I have read again your title and your first post.. and they seem inconsistent.
    In the title you state.
    From my interanet I can access srvr but not from my home.
    Interanet is not a word I know.. I assumed intranet...are you talking about internet or intranet? And just to be clear say WAN or LAN.. !! Is your home part of the interanet??
    In the first post you state,
    I can access windows server from within interanet but don't know how to access it from internet.
    Now this is more normal.. the issue is not in the home at all, it is accessible from there but fails from internet. If this is correct, then you can do a few obvious things to determine where the problem is.
    But first I need to know are you actually testing from a different internet connection to your home lan.. you are not just trying the public IP from inside the LAN as that will fail due to the TC not doing NAT Loopback.
    I am also assuming the TC is the only router in the network, and has the public IP on the WAN interface.
    And I am also assuming you have turned on the ping responder and you can actually ping your public ip from the internet and get a response. This helps no end in figuring out where there are issues. Strange but I have no idea if there is a ping responder in the TC WAN so you might need to forward that as well. Also if you have a dynamic public ip address are you using dyndns or no-ip or some other service to connect.
    1. Test bypassing the TC.. plug the internet connection straight into the windows server,, and test if you have access. If yes, the TC is the problem.. if not, your setup on the windows server is wrong.. look at firewall in particular.
    2. Assuming from test 1 the TC is the problem, Post the screen shots of the port forwarding setup for us to look at.. that is by far the easiest way to check it out.
    There are lots of references to port forwarding in the TC.. eg
    http://must-know-mac.blogspot.com/2008/07/how-to-port-forward-time-capsule.html
    The things that generally go wrong are firewall on the computer that is accepting the port.
    The ISP doesn't allow connections on a particular port. (not likely in your case)
    The router is behind another router.. double NAT will kill any port forward.
    Upnp has already allocated a port.. not an issue as TC doesn't use upnp although a reboot of everything after you set port forwards is well worth it.. amazing how things don't stick properly without a reboot.
    IP on the receiving device is not static and so changes.
    Not enough or right type of ports are opened. This is always messier than it looks as one port is often not enough for two way communications.

Maybe you are looking for

  • Home setup - network switch and 2 Time Capsules

    I have an ADSL modem/router (Billion BIPAC 5200G). I have used it previously with wireless turned off. I then used a time capsule  in bridge mode so that NAT etc is turned off, and then use it to broadcast wifi and as a backup. It is attached to the

  • [Solved] CD Mount doesn't work, DVD does

    So, I am able to mount DVDs but cannot mount CDs.  Evidently, this is problamatic. Here is my fstab. # /etc/fstab: static file system information # <file system> <dir> <type> <options> <dump> <pass> devpts /dev/pts devpts defaults 0 0 shm /dev/shm tm

  • Pse9-problem importing photos from pse5

    Just installed pse9.  I can open editor and organizer but having trouble getting all my photos into organizer.  When I open pse5 I see all photos.  Help says I can import catalogs but I do not see this option in editor or organizer.   Help says I can

  • Convert Un cleared checks

    Dear experts, We need to conver uncleared checks from legacy to SAP system. Can someon please explain what would correct approach? So I need to post a payment document type zp which should also have check number? What are the tables I should map this

  • Changing colour of certain words/lines in JEditorPane

    Hi, Is there any way to change the colour of only certain lines/words/phrases etc in a JEditorPane without having to add HTML or anything to the file? I've never used any of the editor kits, so I might be misinterpreting them, but isn't it the case t