How does the browser reach an IP address? [closed] - web

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed last year.
This post was edited and submitted for review last year and failed to reopen the post:
Original close reason(s) were not resolved
Improve this question
When I type a domain URL in the browser (or send a ping or write code that fetches a particular IP) the browser gets the associated IP address based on DNS lookup in a distributed database system - the DNS name servers.
But once the IP is obtained - how does the browser know how to go to the particular computer that this IP represents?
import urllib.request
nf = urllib.request.urlopen("http://192.168.1.2")

The operating system will compare the target IP address with its own IP address. If both addresses are part of the same network, the OS will issue an ARP request to obtain the physical address (the MAC) of the target interface.
If both IP addresses are not part of the same network, the OS will forward the traffic to the gateway responsible for the subnet that is addressed. If it has no such a route, the OS will forward the traffic to the default gateway.
From there the game starts anew.

Related

Reverse proxy in home network [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I want to set up a reverse proxy in my home network. The idea is to route traffic to correct port number based on subdomain in the request URL.
Example: I'm setting two subdomain A records on my domain: nas.mydomain.tld and wiki.mydomain.tld. Both A records point to my dedicated IP address at home. I want a reverse proxy that routes:
nas.mydomain.tld => 192.168.2.2:5001
wiki.mydomain.tld => 192.168.2.2:8090
Can this be done in e.g. my ASUS RT-AC55U router, or can I route all traffic to my file server and have a reverse proxy there route the traffic to correct IP addresses and ports?
From what I found out, the problem lies in that the functionality I want (multiple types of content retrieved from the same IP and port) cannot be done without some kind of middle-man; a reverse proxy server that fetches the content based on the URL and relays it.
Asus router: My ASUS RT-AC55U router doesn't have a reverse proxy server, at least not with standard firmware. I haven't researched if some unofficial kind of firmware contains a reverse proxy server for doing this. So the only option is to use a NAT record to route port 80 to a specific port. The downside is that it only supports one web service on the IP address.
Web hotel: Creating a rewrite in a .htaccess file on the web hotel of a registrar, but it will only redirect and not rewrite/mask URL. Otherwise, the registrar would need a reverse-proxy server to fetch the content from the web services to relay it. I don't think my current registrar supports this, and I can understand if they don't want to do it from a security standpoint.
Apache reverse proxy server: Apache supports this using the mod_proxy module and an entry in the conf file. More info on it here: https://httpd.apache.org/docs/2.4/vhosts/examples.html#proxy
CCProxy: CCProxy is definitely the easiest solution that I've found so far. It's a simple GUI application where you can add URL's, host names/IP addresses and ports, and the application takes care of the rest. Also has a very nice graphical representation of usage/bandwidth, and a graphical log of ongoing sessions. More info here: http://www.youngzsoft.net/ccproxy/

Why do some public hosts resolve to 127.0.0.1? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I was to check this URL:
http://geotool.servehttp.com
Is this some sort of suspicious behavior? I can't understand.
My local hosts file (I am using Windows 7 - 64 bit) shows nothing about this domain.
I also made an online whois query on it and there I found 127.0.0.1 as its IP address!!!
What's the magic behind this?
Edited
When I point to this URL, using my browser, the localhost (WAMP server) homepage loads.
Whoever configured the DNS records for geotool.servehttp.com pointed that subdomain name to 127.0.0.1.
It is not usual to point a public hostname to a private IP address, but it is possible.
Here are the results from dig +trace geotool.servehttp.com A:
geotool.servehttp.com. 60 IN A 127.0.0.1
servehttp.com. 86400 IN NS nf3.no-ip.com.
servehttp.com. 86400 IN NS nf4.no-ip.com.
servehttp.com. 86400 IN NS nf2.no-ip.com.
servehttp.com. 86400 IN NS nf5.no-ip.com.
servehttp.com. 86400 IN NS nf1.no-ip.com.
;; Received 151 bytes from 83.222.240.75#53(83.222.240.75) in 153 ms
Four Years ago, I asked this question and now, I am posting an answer to it for any further reference.
DNS Information
TXT Record:
AUTHORITY
servehttp.com. IN SOA nf1.no-ip.com. hostmaster.no-ip.com.
This text record tells us that the domain geotool.servehttp.com probably belongs to no-ip.com.
Visiting internet website for http://no-ip.com (which currently redirects to https://noip.com), a simple slogan tells us everything:
Create an easy to remember hostname and never lose your connection again.
Our Dynamic DNS solution makes it easy to remote access any internet connected device.
That is, a Dynamic DNS service. It helps you reach your local hosted application or network through internet by assigning a dns name to your dynamic always changing ip address.
That's it.
The question asks 'why', so I would like to share my reason.
I wrote a proxy software called vproxy, so I bought domain vproxy.cc.
In the software it runs dns health check periodically to see if the dns server is still available (otherwise it will stop sending dns requests to that server).
The health check is enabled by default, so I have to choose a domain which simply does nothing but returning a constant A record (ipv4 address).
So here comes 127.0.0.1.special.vproxy.cc, which resolves to 127.0.0.1. The domain and address are hardcoded into the software as the default dns health check settings.
Using 127.0.0.1 is simply because it's a loopback address and if someone accidently send traffic to this domain/address, he/she would be sending to local and would not cause any trouble for other people.
And the reason I'm not choosing other 127.x.y.z ips is because they are not so well known as 127.0.0.1 do. Most people don't know that 127/8 are all loopback addresses, but people do know 127.0.0.1.
And for geotool.servehttp.com, maybe the maintainer simply want the same thing as I do? Just some const address which is choosen to be 127.0.0.1.

linux route specific machine traffic throw specific output interface [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have a linux machine Iam using as a router with multible interfaces and multible internet connection
say eth0--isp1
eth1--isp2
eth2--isp3
the gateway is eth0 throw isp1
and eth3--local1 10.0.0.x
eth4--local2 192.168.1.x
i need local1 ip 192.168.1.10 to go throw isp3, eth2
thanks
You need to use policy routing for this. You create a new routing table and use it when the source IP is 192.168.1.10.
ip route add ... table $TABLENUM # your usual routes, for the new table
...
ip route add default via $ISP3 table $TABLENUM # gateway for the new table
ip rule add from 192.168.1.10/32 lookup $TABLENUM # use the new table for this IP
ip rule add to 192.168.1.10/32 lookup $TABLENUM # make it symmetric, for clarity
Try route add 192.168.1.0 netmask 255.255.255.0 dev eth4--local, on the assumption these are locally-connected networks. If not, you will need to specify a gateway machine to route the packets through also. Truthfully your question is malformed (and probably belongs on serverfault). If you already have addresses on those networks, these routes should already exist. If you do not, your problem is likely more complicated than you think it is.

ARP Spoofing/DNS Spoofing - difference [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Is there a difference between ARP Spoofing and DNS Spoofing, or they are one and the same thing?
ARP (Address Resolution Protocol) Spoofing is when an attacker sends out fake replies to an ARP Request. This is done usually to impersonate a router so that an attacker can intercept traffic.
DNS (Domain Name Service) Spoofing is when an attacker replies to DNS Requests (sent to resolve the IP address of a hostname) with false IP information. This is typically used to redirect users to false websites.
ARP spoofing is when the attacker is sending out ARP messages from a non-authoritative DHCP server in order to change the IP/Gateway, or in that case the DNS servers of the victim.
Once the DNS server of the victim has been changed then the attacker can start the DNS-spoofing attack, which means that the victim's DNS requests are now redirected to a non-authoritative DNS server which may lie about the IP address of a bank.
By doing so the attack can get the victim to surf to http://www.yourbank.com, using a valid SSL-cert from the bank, but the IP of the server will be another one. That way the attacker can get access to your bank information and pretty much empty your account. WEB browsers will not complaint about wrong URL in the SSL-certificate.
Basically both methods try the same (redirecting or forwarding traffic to malicious hosts), but they work at a different level, ARP spoofing only within a LAN up to the next router. See http://en.wikipedia.org/wiki/ARP_spoofing and http://en.wikipedia.org/wiki/DNS_Spoofing

Undetectable DoS attack with an invalid IP [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
in Security+ book, it has been told that DoS attack can be undetectable and an attacker can use an invalid IP address.
what did it mean by Invalid IP address? is it a zombie IP? how can we face with that?
It means spoofing. Spoofing means sending a packet with a source IP that doesn't belong to you.
It's simple, really. The attacker sends a constant stream of packets to the victim and populates ip.src with 127.0.0.1 or 74.125.39.105 or something like that. It does this to hide his identity. If he didn't, you could go to his ISP "Hey, this guy is DoS'ing me! Shut him down".
You must understand that when a packet leaves a host there are not magic rules that ensure it's correct. Most serious operating systems that support IP allow you to send whatever you want in an IP packet.
The attacker can send a packet to the target and spoof the sender IP address. This means he can use any IP address he wants. So the IP address is not really invalid, only there may not be a host connected to the IP address.

Resources