I want to get ACPI Base Address(ABASE) to access PMC I/O Based Registers, the specification mentions that I must get the address of ABASE before accessing PMC I/O Based Registers, but I can't get the address of ABASE directly, how should I find it?
Yes, I have the offset (D:31/F:02/offset 40h) from the specification, but still have to get the address (like 0x1800, 0xE0000...) to access.
Related
I use the Ble library, but I want to connect/pair only the first device/phone. After this only the first device is allowed to reconnect. How do I implement this? Is there a best practice? Do I need to filter the deviceid? Or are there better ways to acchieve this?
That can be achieved using the Filter Accept List (previously known as White List), which is standard in the BLE spec. How to use it depends on the Bluetooth stack you are using, so you should check the manual for the Bluetooth stack you are using (you didn't mention).
If you want to support Random Resolvable addresses, you can use the Resolving List where you put the corresponding IRKs.
But a personal opinion is to instead always let any device connect to your device, and then secure sensitive services using MITM-secure authentication instead (pairing). That could potentially lead to a better experience for the user, because otherwise any connection attempt from "wrong" device will just lead to a unknown connection error from the user which might be hard to understand.
I am using RTI DDS 5.2.3.17 and would like to get the IP address of the remote DataReader/Subscriber that I am sending messages to, to add to some log messages.
How would I go about doing this I am having some trouble in just forming the logic of what to do?
The mechanism described for your question here, using the SampleInfo, will not work for obtaining the IP address of DataReaders
Depending on the situation, the easiest approach would probably be to install a listener on your DataWriter and inspect the last_subscription_handle parameter when the DataWriterListener’s on_publication_matched() callback is invoked. As explained in the RTI Knowledge Base article Accessing the GUID of Connext DDS Entities, the instance handle is essentially another GUID for you to inspect.
If you have many readers that you need to keep track of, it might be easier to subscribe to the BuiltinTopics used for discovery, as explained in that same KB article. That is more work though.
Again, all of this is assuming you are looking for the IPv4 address. Also note that this is not a publicly exposed mechanism, so things might change in the future. And all of this breaks at the moment that your application explicitly sets its GUID.
I have big access log (~30Gb) and I'm looking for ways for find suspicious/bot IP addresses. Of course, we can replace IP with (IP + User_Agent). So my questions are:
find average requests number that are done from any IP
find IP addresses that are making more requests than average (see previous point)
find IP addresses that are doing requests regulary (every hour for example) during day
you recommendations about how to detect bot
This log is rather big and I don't think that R lang could process it. Should I use some kind of storage behind R (hadoop or something similar)? I absolutely have no experience in processing/analyzing big data so any ideas, recommedations & tuts/articles are appreciated.
The access log probably contains a lot of data which you may not need based on your question, if you only care about the time of the request and the orginating IP you could easily reduce the data size by extracting "columns" from the input before reading it into R, some standard command line tools such as cut or awk should do the trick.
If you want to keep more details another option could be to load the access log into a database and use this for further processing, 30GB is not a lot for a database, but of course this means some additional work: design a datbase schema and a way to load the data in the database.
You can also do the following type of analysis
Getting the geo location of IP addresses and comparing access frequency based on geo_location + time at geo_location (the access frequency could be normal during day time at the geo location but not after midnight)
If you have username information, check whether multiple IP addresses are using the same username during same time period
WSO2 has done some Anomaly Detection work using their Analytics Platform which is pretty scalable for most anomaly detection scenarios. Check it out - http://wso2.com/analytics/solutions/fraud-and-anomaly-detection-solution/
This might be a better option than doing through R, since it allows you to do complex event processing (through SQL like queries) as well as machine learning.
You can also do the following type of analysis
a) If the IP address is from data center range, it is likely from a bot than normal user.
b) If the IP address is from search engine range, it is high likely from a search engine bot.
You can get the geolocation database from IP2Location which has the usage type information to detect data center or search engine.
Check goaccess.io - works for me. With logs for different websites, distributed on several servers. Allows usage of GEOiP and identifies bots out of the box.
Check out https://ipdetective.io it tracks IP addresses that originate from datacenters, vpns, proxies, tor node and bot nets. It offers a free API as well so you can test it out.
I hear that the creator of the melissa worm was convicted based on the fact that the GUIDs generated could be linked back to a MAC Address of a computer he used.
How hard is it to do this? And what data do they need other than the GUID? Like the MAC Address itself or the time it was created?
That relates to a specific version 1 UUID included in the office document that contained the macro virus, this was becuse it came from UuidCreate/Sequential which did contain MAC info;
For security reasons, UuidCreate was
modified so that it no longer uses a
machine's MAC address to generate
UUIDs. UuidCreateSequential was
introduced to allow creation of UUIDs
using the MAC address of a machine's
Ethernet card.
It depends on how and by what OS/library that GUID was generated. As of Windows and its standard UuidCreate() function:
The UuidCreate function generates a
UUID that cannot be traced to the
ethernet address of the computer on
which it was generated. It also cannot
be associated with other UUIDs created
on the same computer.
Here: http://msdn.microsoft.com/en-us/library/aa379205(v=vs.85).aspx
Whether or not you can identify someone based on a UUID (GUID) depends entirely on the implementation.
RFC 4122 (the RFC for UUID) has three reference implementation (see http://www.ietf.org/rfc/rfc4122.txt) the first of which uses the MAC-address in the unique node identifier, but the other two uses random numbers instead. I've seen both in libraries and sometimes libraries have a switch between these methods, so the only way to know for sure is to read the documentation/source for the specific library you use for UUID/GUID generation.
Usually the MAC-address is hashed, so you could compare the original to the generated, but not decypher the original MAC-address only from knowing the UUID. So far I have only seen UUID generators that don't hash the timestamp so that is easier to find. There is a simple tool that can decode a UUID for you (see http://linux.die.net/man/1/uuid)
I am making an EventLog which will log the transaction log in my website. The details of the log will include the Public IP from where the transaction has orginated and also the local IP address (under the public IP).
I have found ways to obtain the Public IP Address, but i am unable to find out the local IP or machine IP from where the transaction is made.
A large number of entries will be done by people using the same connection. ie 5 or 10 computers connected to the same connection.
I need to find the machine IP (192.168.0.1 for 1 system 192.168.0.2 for the next) of the machines making the transactions and also the Computer name...
Is this possible
To clarify, you want the private IP address of a client when the client is connecting through a router? Then no, there isn't a way to do this.
Are you doing this purely to distinguish between different users?
Can you use another method like cookies?
If your client connects from behind a NAT or firewall you cannot reliably get his address or computer name. If you need such information then your protocol should request them as part of the request and the client machine should voluntarily provide them. There is no way to validate the information provided (short of deploying a trusted cryptographic infrastructure, ie. you establish a strong trust in the client machines themselves).
Sadly, the answer is no. No modern browser will present that private address in the HTTP transaction. The client's router which performs the NAT (Network Address Translation) offers only the public client IP address when making the IP connection.
Not likely. See a short discussion in http://javascript.about.com/library/blip.htm
Well yes we are doing this just to differentiate between the computers to know who is doing the entries...
Since you guys say that tracing the IP is not very reliable are there any other methods that i can use to do the same thing
I just need to know from which computer each entry is entered.
Any suggestions would be welcome
You are making the false assumption that there is a way to know from which computer each entry is entered. Nobody has the job of ensuring that this information exists. Often, it will not exist.
The only way to make sure each computer is uniquely identified is for you to identify it. You can do this through client certificates, for instance. In general, if you want each computer to have a unique identifier, then you need to create a unique identifier, then put it on that computer. You then need the computer to send that identifier back.
There is no other unique identifier for computers.
This is probably way beyond what you're looking for but it makes for an interesting read: Remote physical device fingerprinting
This allows you to uniquely identify a remote physical device without its cooperation, across NAT or whatever else you can imagine.