|
Posted by Sterling Wight on May 16, 2005, 1:24 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I have a suite of programs that work client-server, and that are often
configured to work on a single machine. In that situation, I call bind to
get an available socket from the server, note the information in the local
registry (this is for Windows) and listen on the socket. The code is roughly
as follows:
sockaddr_in socketName;
memset(&socketName, 0, sizeof(socketName));
socketName.sin_family = AF_INET;
socketName.sin_port = (::htons (0));
socketName.sin_addr.s_addr = ::htonl (INADDR_ANY);
if (::bind (fMainSocket, (sockaddr*) &socketName, sizeof(socketName)) ==
SOCKET_ERROR) {
_Module.LogEvent (_T ("Failed to bind to socket on port %d"),
proxyPort);
throw SilentException (); // throw to get into the catch block's
clean-up
}
const int kBackLogLimit = SOMAXCONN;
if (::listen (fMainSocket, kBackLogLimit) == SOCKET_ERROR) {
_Module.LogEvent (_T ("Failed to listen to socket on port %d"),
proxyPort);
throw SilentException (); // throw to get into the catch block's
clean-up
}
This works fine. However, when clients have some firewalls installed, such
as Norton Internet Security, it seems to default to blocking all socket
binds. Usually the client gets a scary dialog that says that the program is
trying to listen for connections to other compters. I believe at other times
it simply blocks the connection without any alert at all (perhaps because
this code is part of a service that can be run at startup, which might be an
awkward time to bring up the alert)
So my question is whether there is a way to set up the request so that
firewalls do not perceive it as a threat. Also, it might be a good idea to
take the threat seriously, in which case my other question is how can I
modify the code so that it only accepts connections from the local machine?
|
|
Posted by Eirik Seim on May 16, 2005, 6:39 pm
If you were Registered and logged in, you could reply and use other advanced thread options
On Mon, 16 May 2005 13:24:22 -0500, Sterling Wight wrote:
[snipped detailed explanations]
> So my question is whether there is a way to set up the request so that
> firewalls do not perceive it as a threat.
No. Most of these personal firewalls are crap, written by people
who understand neither networking nor network security. There are
exceptions of course, but the majority of the software I've seen
does some fantastic stupid things.
> Also, it might be a good idea to
> take the threat seriously, in which case my other question is how can I
> modify the code so that it only accepts connections from the local machine?
Listen to localhost only,
socketName.sin_addr.s_addr = ::htonl (INADDR_LOOPBACK);
....but I wouldn't be to sure those pesky personal firewalls would
understand the difference, it'll probably percieve it as a threat
anyways. But testing won't hurt. Good luck.
--
New and exciting signature!
|
| Similar Threads | Posted | | What is blocking my ports? | May 25, 2006, 10:13 am |
| need help blocking ports on sonicwall router | June 29, 2005, 9:35 pm |
| blocking layer 4 ports using accesslists | February 15, 2007, 12:18 am |
| Netgear FVS124G Blocking Ports | July 30, 2007, 5:35 pm |
| Blocking ports 1024-1030 excessive? | December 18, 2005, 3:47 pm |
| ZoneAlarm Pro 5.0 open ports problem | July 28, 2004, 10:35 pm |
| Yahoo, MSN, AOL, etc Instant Messenger ports for firewall blocking | July 21, 2004, 9:25 am |
| Blocking By Schedule Problem | December 6, 2006, 11:02 pm |
| Call for articles | May 18, 2005, 11:29 pm |
| ISP-09 call for papers | November 2, 2008, 2:07 pm |
|
XML site map