I want to build a service like gmail or yahoomail.
It will be open for all.
For security purpose i can save the IP address for each action i.e sending mail, reading mail, deleting mail and all other actions.
I also want to save mac address of the computer from which mail is sent and i also want to
save mac address of the computer which is used to read the mail.
I am sure that i can build a program like this , but i have very little knowledge in the area
web security. Please suggest me how can i save mac address. Is it possible or not.
Where can i study about it.
Thank You
The MAC address of the client is part of the layer 2 protocol, and is used for address resolution (ARP) only on the subnet local to the client. Internetworking is done with TCP/IP (layers 3 & 4), which are transparent to layer 2. In other words, the protocols and equipment between your server and your clients make it impossible for your server to learn the MAC of your clients. This is by design.
If you are looking for a unique identifier for your clients, you should adopt the standard methods like cookies, certificates and the like. Both MAC and IP addresses can be spoofed.
Related
So here is an approach I was thinking of:
PROBLEM:
- after you have done everything possible to secure your servers and client app. I wanted to add an extra layer to make sure even if a user looses access to their data, they can only really affect their own little space in a shared database. (obvisouly authentications are in place but this is the basis of the authenticatino model)
SOLUTION I HAD IN MIND:
- I wanted to add a "hidden" field that stores users IP addresses.
This means when a user does the normal password and usenrame entry, they also have to verify whether the machine they are using is their own, and thus we store that IP address by taking it from their request.
Later if they need to log in again they can, but if they want to retrieve data, the look up on the router server will recieve the IP from the request, add that onto the message as part of the filter parameters.
Once it queries the database if the combination of IP + data that users wants is found then it sends that back.
If a different IP is detected then no data exists in the server so nothing is sent back. which would initially be done on login and would trigger a mail to the user to verify the machine they are using is trusted.
Is there an easier way? is this overegging?
Thanks,
Alex
Tried ip-request module in Express, works fine, but wanted to know if there was a potential security threat with the way I am using this and it will be implemented before proceding.
First off, an IP address your server sees is often not the actual IP address of the computer the user is on because there is often a NAT device or proxy in between that maps a private network IP address of the user's machine to a public IP address for use on the internet. This would be true whether you were using a computer on your home network, using a computer at work, connected via WiFi at Starbucks, etc...
User Computer (private IP 192.168.1.x) => Gateway (some public IP address) => Your server
If the same computer connected to your server the same way over and over, it "might" be assigned the same public IP address every time it does so. But, in other circumstances it might not.
If the same computer is mobile at all (phone, laptop, tablet) and connects to the internet in different ways (WiFi, cellular), then it may show as a different IP address every time it connects from a different location.
So, in these days of lots of mobile devices and a user that may even access a service from more than one device, an IP address is just NOT a good measure of whether this is a risk or not.
Furthermore, in the case of shared NAT such as a WiFi hotshot or connecting from a corporate network, it's possible for lots of different users to all appear to be coming from the same public IP address.
I would not suggest using IP address at all as any security indicator. You will just get lots of false indicators of an invalid IP address that changed since last access and you may even get false positives where a different user appears on the same IP address as a legit user. In these days of NAT and mobility, there is no one-to-one correspondence between a public IP address and a user. Trying to pretend there is will cause all sorts of problems.
I created a Tcp server using net module in NodeJS and tried to get the mac address info from each client to generate uuid. However, in the Socket object, there is no information about it. Also I tried to get read mac address from arp table, but it's not working either. Any other ways to figure it out?
Because the MAC address belongs to the layer 2 of the OSI layers you will not be able to access it unless you are in the same address space because it gets stripped out by routers.
Explanation
MAC address, belongs to layer 2 "Data Link Layer" of 7 OSI Layers. The clients' MAC addresses are only visible to the routers they directly connect to.
Routers will partially disassemble the packet to get at the layer 3 "Network Layer" headers in order to determine where the packet should be shipped, where IP address is being used.
Then, Layer 4, "Transport Layer", is where you're talking about specific protocols, like TCP.
Therefore, as a server, you CANNOT get the clients' MAC address unless you are connected to your clients in layer 2.
I did something similar before for class rooms in production environment. In my case, I have access to all client machines. Either you have admin access to all clients or you can pre-register the client into your database somehow, you can do the following. If not, please ignore this answer.
Create another NodeJs program hosted a web service in Clients (Don't forget to implement some kind of security). This program could be just a simple ExpressJs with getmac node module.
Register all IPs or domain name of the clients to Server database. Could be manual or, in my case, when Client turned-on it's auto send a request to server to register itself. (Implement client-server validation if needed)
When Server needed the mac from client, Server app sends a request to each pre-registered client to get its mac address or any other information Server needs from clients.
Net client in node js does not provide the mac address. You have the choice between :
1- sending the #mac your self: i mean in the client side you send the Mac address as data when you establish connection with the server.
2- use socket.io insteed net . It will afford you all the information you want
I'm working on a software written by a developer that didn't leave any documentation for the company and I've to understand how a server communicate with a device.
I think it sends it some strings over a socket (to log-in in the device and check some parameters), I've the public IP address of the server and the public IP address of the device.
I'd like to know if there is a way to see what the server 'tells' to this device and vice-versa, I gave a quick look to Wireshark but I can't understand how to use it correctly.
I am doing some penetration testing, and im trying to find out, if i can get the IP address of an router if i got the bssid, or any i can get with the AIR tools?
I use Linux Kali with the Air tools atm.
I would say this is pretty damn bad if its possible. Basicly most peopleĀ“s rounters can be reached through their outside IP. Even companies. :O
So far i tried:
- Passive TCPDUMP
- Active scanning
So basicly, is there a way, if so please give me a hint or the answer :-)
I am 100% refering to some sort of scanning. All kind of cracking, bruteforce, password guessing, access stealing is not what im asking about :-)
You can't do that if target access point is protected with WPA/WPA2.
This is why. Getting WiFi to work involves following steps:
Associate with target access point. If access point is using WPA/WPA2 and you don't know the password, then you cannot proceed to further steps, and certainly cannot know anything about IP address of target access point.
After association, your client (which is typically configured to use DHCP) has no IP address assigned (its IP address is 0.0.0.0). Technically, you can use sniffer at this stage to scan the network and find out IP addressed used, but most sniffers don't like to work with 0.0.0.0 address. To proceed further, your client sends DHCP request, which is served by access point. After getting successful DHCP ack with new IP address, client can proceed to next step.
After getting IP address, client can talk to access point and finally knows its IP address (it was served as default router in DHCP ack) - and that would be the answer to your question (yes, that late in the game!). However, even at that point, full network connectivity cannot be assumed. If access point implements captive portal, then your network access may be restricted until you open up web browser and (depending on wireless provider) either accept usage terms, provide some credentials or pay with credit card.
After passing captive portal, it is possible (but not common) that access point automatically re-associates and gives you completely different IP address (and access point also has different IP address now, from completely different subnet). This would mean that IP address you learned in previous steps was completely useless to you in terms of knowing actual network infrastructure.
You would need a Firewalking tool to get past the 0.0.0.0 you would essentially also need a password cracker that attempts different brute forcing to get the matching wep password for example, if there are not max tries it could work.
My application is running on CentOS 5.5
I need to send raw packets using libpcap API:
pcap_inject() or pcap_sendpacket()
To the specific IP address
How can I determinate MAC address belongs to a specific target?
It looks like what you want is ioctl and SIOCGARP. That should let you query your arp cache.
I'm assuming that the host in question is on your local network or all you're going to get is your router.
You can also read from /proc/net/arp, which seems easier. You'll need to get an arp request returned first but you'll be doing that whether your tool does it or some third-party makes the request.
In general, MAC addresses don't matter for remote targets. They are not routable; a router here at my office doesn't know the MAC addresses of network cards across the Internet. That's what IP addresses are for. Do you mean local only?