I am working in PHP. I need a computer dependent login system. I mean to say that a user cannot login using multiple computer it will be restricted to only one machine. If so, I will need administrator to handle this case. I tried to make this IP dependent, but I saw that in a network I can login with all computers as they are sharing the same internet connection.
You can try to get the MAC Address which is unique for every machine and is given by the Constructor of the machine.
PS:
#Emmanuel: You can have the same computer name on two machines.
UPDATE:
Some links form getting MAC address in PHP:
http://nazmulb.wordpress.com/2008/07/04/getting-mac-address-using-php/
http://forums.techarena.in/software-development/1179119.htm
Related
My setup is that I have a machine running little eclipse server in node, and I want to configure other machines on the LAN to run a website off of that first computer. Everything is working fine, but I have to manually tell the other computers which local IP address to use when opening chrome.
All computers at this point are running ubuntu.
Ideally I'd like to make a bash script on any new computer which finds the IP address of the computer running the express server, then opens chrome at that address.
Googling tends to get me answers for the question 'how to see all computers on my LAN'. It seems that I can achieve that in many ways, most notably nmap.
NMap works fine, but now my question is how I can make the server computer broadcast its status as the desired machine, then extract its sepcific IP address?
Some of the other possibilities I've considered are the following (I state why I'm not sure they're right for me, but please correct me if I'm wrong):
Hosts File
This requires setup for each collection of computers, which is undesirable
DHCP+DNS on router
Again requires set up on the router, which can't be guaranteed to have the required functionality every time.
DNS server on a machine
Again this requires knowing the IP address of the server
What I'd really like is for the process to be automatic – the server machine is happily running its local website, then any other computer that joins the network is able to find it then open that website in chrome, without the person installing the computer having to know the server's IP address. Is such a thing feasible?
I am trying to identify computers with a unique code based on their machine. However, I can't find any way to do this. I've tried to use mac addresses, but you can only the server's mac address when you're using a linux server. I would use the clients ip address, but it can change if they're using a proxy or vpn, or even if they just unplug their router for a bit.
Can anyone recommend something that would be good for this?
Thanks.
There is no secure way to uniquely identify computers based on hardware, and why should you?
The better practice would be to use an artificial key.
If you want to identify a person - you give it an ID (passport, driving license...), do the same here:
Use the session (apache generates automatically a session ID), or generate a UUID (there are many ways to do this). Or if you need to go beyond - use ssh key pairs, save them somewhere on the PC.
Now to the problem:
1. A client could lie about his hardware, his mac address, VIN/PID, serial number of the SATA cable. You can (and must) never trust such info!
2. Clients hardware could change, and then?
I got an email from my ISP that i have been victim of the mirai botnet as it decided to take over my security cameras. I thought i was safe from this since none of my devices use default passwords but it appears there was also a telnet vulnerability the bastards were using and were able to create an admin user on the camera server and hijack it. (I've since updated the firmware and wiped out the users and turned off UPNP)
With that said, i would like to get a much better handle on my network after this incident.
I have an ASUS RT-AC66R Router running Merlins firmware instead of stock ASUS.
I have scoured every settings page of the router and cannot find what i am trying to do. How can i setup a white list of MAC addresses to prevent unauthorized access to the camera server on my network? The only devices that should have access are my local machines and my phone which i can all get the MAC's for. I saw some options for IP address white/black listing but that will only do my good on the local network since my IP could be anything on my phone when connecting remotely.
So my next guess is that i need to setup a linux box to act as a firewall before my router?
Can someone point me in the right direction here? Newbie to networking but i know linux basics and and do software development in vb.net/js.
Also, how can i get some logging going so i can start looking at who is hitting my IP on a daily basis and start locking down my network better.
Thanks!
I have several applications which works together and need to communicate.
These applications can be installed on different host, which can be in different local networks, but all are connected together via a global network.
The host can be Linux (CenOS, Debian, Ubuntu) or Windows (7/10).
Now, I need to identify which host is running an application.
The requirements are :
- every application running on the same host have the same "host ID"
- every "host ID" is unique among all hosts
Since the host can be physical machines, virtual machines or even docker instances, I don't think I can use the hostname as a "global unique ID".
Since the host can be in different local networks, I don't think I can use local IP address as a "global unique ID".
So, which data can I use ? Maybe the Network adapter MAC address ? Is it
guaranteed to be unique, even between multiple instances of the same docker ?
Thanks.
On modern / recent Linux distro, linux generates for you a unique id in the /etc/machine-id file when the system is created the first time. Some distributed services such as etcd rely on this file to identify machines in a cluster.
Nothing prevents you from creating and persisting on disk something like a uuid. You can use uuidgen command on Linux for that.
You can say the MAC address is unique. However, if you are concerned about security, do not use the MAC address. The MAC address can be spoofed easily.
To generate a unique ID for the machine, you can use a combination of many items such as MAC Address, IP Address, hostname etc., throw in a random salt and take a sha256 hash of them. Since the host can run on many operating system, I would suggest against using any OS-specific parameters.
Without going into too much detail, the chances of finding a collision in sha256 is improbable to say the least.
You can see the SHA256 of different text here.
http://www.xorbin.com/tools/sha256-hash-calculator
Almost every programming language, these days, has a function/API for creating a SHA256 hash.
Looks like /var/lib/dbus/machine-id contains what you need.
read more here: http://man7.org/linux/man-pages/man5/machine-id.5.html
On linux I solved my problem just by changing the contents of the /var/lib/dbus/machine-id file
I develop software running laptops from various companies. The employees are allowed to bring these laptops home or on holidays. I want to be able to reliably detect whether the laptops are in the office or not. The laptops are connected to the company network via some kind of VPN (though various solutions are used), so I cannot say that if they can access internet, they are in the office. To make this question even more interesting, please notice that a company might have multiple locations.
Edit: I need to detect this on the laptop.
Speculation: One thing you could look at are the IP addresses allocated to the machine. If you run a VPN then at home then there is probably one IP for the Internet connection and one for the VPN.
I think the answer from Rob is close but maybe you should take into account the gateway used by the NIC.
And if you have time enough a tracert to a known server in your office.
That will give you the route and the intermediate NIC's between the laptop and the known server.
You only have to make sure in that case that on the office location the route to the VPN concentrator is different but that should be possible with a clever dns/dhcp setup.
You might try a more specific question on serverfault.com
This cannot be done reliably, because branch offices can be setup up the same as a home network. And from experience, I'm not saying "almost the same as a home network". I mean literally the same, with non-clued managers buying network equipment from the cheapest local shop, and running copies of Windows XP HOME.