堆栈内存溢出
  简体   繁体   English

带有DatagramPacket的getAddress()是否返回可信赖的IP地址?

[英]Does getAddress() with DatagramPacket return a trustworthy IP address?

 原文  2018-02-23 18:49:02       java/ udp

问题描述

I have programming a little Authentification System and I use this code to get the IP of the user: 我已经编写了一个小小的身份验证系统,并使用以下代码来获取用户的IP: 

DatagramSocket socket = new DatagramSocket(port);
DatagramPacket packet = new DatagramPacket(buffer, buffer.length);
socket.receive(packet);
InetAddress address = packet.getAddress();
String ip = address.toString().replace("/", "");

My question is: Can we trust the value given with the string "ip" ? 我的问题是:我们可以信任字符串“ ip”给定的值吗? Can somebody put a fake ip in a header of the packet ? 有人可以在数据包的报头中放入伪造的ip吗?

It is very confusing, does a UDP header contain the IP of the sender of the UDP packet, if so can we change this header to modify with another IP ? 这非常令人困惑,UDP报头是否包含UDP数据包发送者的IP,如果可以的话,我们可以更改此报头以使用另一个IP进行修改吗?

1 个解决方案

解决方案1
 1 已采纳  2018-02-25 11:54:11

In an established TCP connection, you can assume that the remote IP address is valid because otherwise you could not send anything back to the host (and the TCP handshake would not succeed -- see SYN flood ). 在已建立的TCP连接中,您可以假定远程IP地址是有效的,因为否则您将无法将任何内容发送回主机(TCP握手将不会成功-请参见SYN Flood )。

However, you have no guarantee that the remote IP address actually belongs to your user, so it's a really bad way to perform authentication. 但是,您不能保证远程IP地址实际上属于您的用户,因此这是执行身份验证的一种非常不好的方法。

One of the commenters gave the example of a proxy. 其中一位评论者给出了代理的示例。 It doesn't have to be TOR: if you use the common practice of an NGINX or Apache server in front of your application, then you'll always get the IP address of that server (ie, your own server). 不必一定是TOR:如果在应用程序前面使用NGINX或Apache服务器的常规做法,那么您将始终获得该服​​务器(即您自己的服务器)的IP地址。

Also, we live in a world where most users are behind a NAT. 而且,我们生活在一个大多数用户都在使用NAT的世界中。 Which means that you may have dozens or hundreds of distinct users that all appear to come from the same IP address. 这意味着您可能有数十个或数百个不同的用户,这些用户似乎都来自同一IP地址。

And the IP address will potentially change. IP地址可能会更改。 This is particularly common with connections made from cellphones 这在使用手机建立连接时尤为常见

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 DatagramPacket中没有地址 - No address in DatagramPacket DatagramPacket.getAddress()。getHostName()阻止了我的线程 - DatagramPacket.getAddress().getHostName() is blocking my Thread 为什么这不会返回IP地址? - Why does this not return the IP address? DatagramPacket发送者的MAC地址 - MAC address of the sender of a DatagramPacket InetAddress类getLocalHost()如何返回“首选”IP地址? - How does InetAddress class getLocalHost() return “Preferred” IP address? 为什么getRemoteHost()在部署应用程序时会返回IP地址? - Why does getRemoteHost() return an IP address upon deploying the application? DatagramPacket何时将其IP字段从destinationIP更改为sourceIP? - When does a DatagramPacket have its IP field changed from destinationIP to sourceIP? Android功能返回IP地址 - Android function to return IP address 如何将DatagramPacket发送到多个IP地址? - How to send a DatagramPacket to multiple ip addresses? CA如何确定实体是否值得信任 - How does a CA decide if entity is trustworthy
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM