When a listening socket receives a new request for a connection, is it possible to know the IP of the incomming connection before accepting it? Thomas
Nope, I believe that in WinSock "accepting" means sending your info to the client and asking his info back, so there's no way around it (at least I haven't found one). BTW, nice logo :cool:
I'm working on a file transfer program and I thought maybe I can add a little IP restriction to it, only allowing certain IPs to connect with the server. It's not that important, but it would be nice. Thanks, Thomas
At the begining of every connection, there is 3-way-handshake, if A wants to connect to B, A first sends some special packet, B adds stuff to packet sent by A and sends it back to A, then A sends another packet to B. So, if someone is trying to connect to somewhere, that server surely knows what IP address the request is coming. You must check packets, or use some function that do that...
Why don't you accept all connections, using the 'accept' function call? The far end address is one of the optional parameters, which you can check, and close the connection if the address is not to your liking. Nick
Geecko: I think examining the packets requires a lower level than winsock, but maybe there is an API to do it. But I haven't found it yet. Nick: That would work but is not really secure. Of course this doesn't really matter with my program but the connection IS accepted for a moment. There's always a time between the accept and close, it might be just enough time for an attack if that was possible. Thomas
In my opinion, I'd go with nick's suggestion. Only instead of filtering out IPs you add a password verification system for establishing connection, or if you want a strong data encryption for file transfer which is better if you really want security (or you could add both). I think you would be just wasting your effort to try to sniff a 3-way handshake to see if the IP info is acceptable (connection is done anyway plus it can't be trusted). Any form of attack is inevitable on the internet sad to say (denial of service, etc.). Packets *can* be manipulated and *can* lie, therefore it is not wise just to trust on the IP address to establish your service. It's not possible to do a %100 foolproof IP filter (I once thought it can be done) :( - clip This message was edited by clip, on 5/3/2001 10:18:05 AM
Security isn't really a problem for my program. After all, when the actual data is sent it isn't encrypted or something so it can easily be intercepted. I think I'll just use nick's suggestion. Thanks everyone, Thomas