Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I live in the UK and my ISP BT has blocked the pirate bay. I know you can just use proxies. I thought I'd be smart and get the pirate bay IP and connect to it that way, but it turns out BT has blocked the pirate bays IP. So I was wondering how does an ISP block you from accessing IP addresses?
Your ISP is by definition on path to anything you access. It can just keep a list of IPs that they will not let you access and can hijack connections to them.
So for example when you connect to 192.0.2.1 they can just reply directly instead of letting the packets go to the real IP, and their reply is just a page displaying something like "site blocked etc".
Alternatively they could just not pass the packets forward and you would get a timeout. The gist of the matter is that since they are always on path they can always just check the destination IP in your packets.
They Know each Root u go, logic compairs Target ip with blacklists! Thats it
Considering all your traffic goes through your ISP, it's within their power to block anything or everything from their side.
Also take note, a websites "address" only exists in the pretty version(www.something.com) because it makes it easier to read for people, than a bunch of numbers(an IP).
But in practice, when you visit a website, the first is always converted into the latter, so there's no difference if you visit piratebay.com or whatever it's IP number is.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 months ago.
Improve this question
So I happened to input "blue.com" into the browser to see if the domain was available. It timed out immediately, which I thought was odd, so I used tracert in the Windows console and saw it was equivalent to inputting localhost (resolves to 127.0.0.1).
It may be worth noting that green.com resolves to nothing, and is registered by MarkMonitor Inc, where blue.com is registered by Domain The Net Technologies Ltd. Both are domain management companies.
I cannot find anything online about this at all. Can anyone explain why blue.com resolves to localhost while other domains do not?
Any domain name can be registered to "point" or "resolve" to any IP address. This is done using what is called an "A Record" or "Address Record". Various other kinds of records can be found here.
In short, when someone registers a domain name as an "Address Record", they can choose any IP address they wish, including "127.0.0.1". Why Domain The Net Technologies chose to do so is something only they know, but technically there could be any number of domains which point to that address.
To learn more about how domain name servers work internally, check out this site which explains how you can make one yourself.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I am studying networking and operating systems and I stumbled upon this statement:
If there is no default gateway in the routing table we can't transfer packets to all the addresses.
I am asking whether the above statement is correct?
Yes the statement is true. Here is the definition from wikipedia
A default gateway in computer networking is the node that is assumed
to know how to forward packets on to other networks. Typically, in a
TCP/IP network, nodes such as servers, workstations and network
devices each have a defined default route setting, (pointing to the
default gateway), defining where to send packets for IP addresses for
which they can determine no specific route.
A routing table can not store information of all the possible routes to which the computer may connect. So it needs a default mechanism to send traffic to computers for which no known path exists. The way is to route all such packets to default gateway.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have this scenario: an IP (eg. 192.168.0.109). It's possible to make some requests from the same IP but thru different ports ? More, each port to be from a different zone. Something like a proxy, but for ports.
So, I would like to achieve something like this:
192.168.0.109:20000 -> Paris
192.168.0.109:20457 -> Lyon
192.168.0.109:21341 -> Sydney
I read something about TCP Proxy but I am not sure if this is exactly what I am looking for.
Can anyone explain me if this is achievable and if so, describe me the entire process and what would the steps be in order to have something like this running ?
Each new TCP connection will automatically be assigned a local IP and random port number from the kernel's ephemeral ports pool by default. You can optionally bind(2) the socket to the desired local IP and/or port before connect-ing to the server. You can bind() to a desired IP and let the kernel choose the port for you.
Have the client create a socket and call connect with the details of the server IP:Port. In this case, the OS automatically provides the local IP:Port to which the client binds to. This is default behavior.
If you wish, you can have the client bind to a specific IP - call bind before connect. You can leave the bound Port set to 0 so the OS will still choose a random local Port for you.
Now, when you want to make another connection, simply do the same thing as above. Nothing more is required.
So, you keep creating as many sockets as you want and making connections for them. They will automatically be from the chosen "zones" that they are bound to.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I've noticed that my employer blocks outgoing traffic on a few problematic ports, such as SSH. It looks like a timeout to every application being blocked. Why isn't this implemented by refusing the connection? Is this simply that the SYN doesn't make it to the destination? I'm trying to make a list of ports that I am sure are blocked and I'm thinking perhaps I can just port scan a known host outside of the network, such as my VPS.
Are these statements true for most implementations?
If the connection is refused or accepted, then the port is open
through the firewall.
If the connection times out but the host
certainly exists and doesn't have any kernel-level features turned on
to make it look like it doesn't exist, then the firewall is blocking
it.
Your firewall may block/allow depending on IP address as well, so the port alone doesn't say anything.
If the connection is accepted, it doesn't mean the firewall isn't blocking, it might just mean the firewall redirects it elsewhere. For example, redirect all traffic to port 80 outside your organization to some "you can't get there from here" webpage.
If the connection times out, it may have lots of reasons, one of them being the firewall, but it might also be your DSL line is down, or routing is misconfigured somewhere, or just about anything that can go wrong on the network.
Even if the connection is accepted AND connects the correct target (your VPS), it might have been redirected to a transparent proxy.
Think twice about the port scan. If the network people of your company manage their network well, they will detect the port scan, and you'll have to answer some embarrasing questions to them.
It's a security consideration. Sending a reset (refusing the connection) indicates that the resource exists, which is itself an information leak. Sending nothing reveals nothing, leaks nothing: it is indistinguishable from the case where the entire host doesn't exist. There was one firewall product in the 1990s that sent resets, which was considered poor practice.
I'm away from my library at the moment but I'll provide more details on Monday.
You can profile what outbound ports are blocked with Firebind.
Check out scanme.firebind.com
It uses a custom client/server solution to specifically enumerate firewall rules.
Dave
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Say i'm communicating with a computer A in a remote network .
Is it possible to know what are the hops that he is going through?
In other word, is it possible to detect what is computer A route to my computer?
I know that A might have a various routes to my computer , it just want to find a route. My whole problem begins with that fact that some networks "hides" there inside computer ( like NAT ) and just give you the gateway ip.
(I'm not talking about my route to his computer that can be easly achived by traceroute)
thanks!
The IP option Record Route asks routers along the way to include their address in the datagram so the route can be tracked. The trick is, many routers and firewalls are not keen on giving out this information and DROP packets with this option set. And, you'd have to get the remote peer to set the flag, so it would only be useful if you're in control of the software on the remote peer too.