1

I've got a question on Sockets in C#. I've got a Server which I want to prevent from connecting to clients where the IP was banned. Both are made with .NET 4.0 .

The server is running via Internet (No-ip hostname), not just in a local network. The problem is that the IP of the clients is changing every day, so I don't know how to ban these clients permantly. I know that I can ban them by simply comparing the IP of the Client with any banned adress.

if ( banned_ip == clients_ip )
{
     client.Disconnect();
}

But how do I fetch the Client's IP I can ban permantly ?

If you need some more infos, I'm gonna post them.

Joe

DealerJoe
  • 95
  • 2
  • 12
  • 3
    don't ban at the client level. ban at the firewall level so they can't even reach your client. – Marc B Nov 14 '12 at 17:05
  • Duplicate of http://stackoverflow.com/questions/1904160/getting-the-ip-address-of-a-remote-socket-endpoint ? – René Wolferink Nov 14 '12 at 17:09
  • 1
    There are many sites on internet that try to restrict the access by location of IP address , but this doesn't stop people accesing them. – L.B Nov 14 '12 at 17:18

3 Answers3

2

Banning IP addresses permanently is a bad idea since many ISP:s use dynamic addressing. There is no easy way to achieve what you ask for without alot of collateral damage.

The only way I can think would work would be to implement a simple authentication mechanism.

qstebom
  • 719
  • 4
  • 12
  • The Problem is that I am planning to translate the client into java as a mod for a game, so it's really easy to bypass this authentification system. – DealerJoe Nov 14 '12 at 17:33
0

I agree with Marc that you should ban at the firewall level.

If you wanted to get the IP of the client then use the RemoteEndPoint Property of the socket and then you can cast that Endpoint (parent class) to an IPEndPointand use the Address property and the ToString to get the IPv4 or IPv6 nice format.

Brad Semrad
  • 1,501
  • 1
  • 11
  • 19
  • He clearly stated that he knows how to ban the client, his problem is that the IP address of the client changes from day to day. – Sean Airey Nov 14 '12 at 17:11
  • @Sean Right that is why I included how to get the IP address with the Socket class. – Brad Semrad Nov 14 '12 at 17:19
  • Yes but if you get one IP on monday and the banned party's ISP used dynamic addressing and it changes on monday night, he will not be banned on tuesday because his IP address is different. – Sean Airey Nov 14 '12 at 17:30
  • Yea the question is how to ban an IP Address. This maybe one of many solutions that the OP is using. – Brad Semrad Nov 14 '12 at 17:35
  • But even if I would ban this IP at the firewall level, it would still change. So isn't that pointless too ? – DealerJoe Nov 14 '12 at 18:06
  • What banning at the IP level would do would temporarily stop that IP from contacting the server. It is like a bandage fix and would recommend a time off on the ban list. It can be a temporary but effective way to stop those malicious request. – Brad Semrad Nov 14 '12 at 18:08
  • So this means I just add a new Item to the firewall, select deny connection and as IP I just enter the one I got from RemoteEndPoint ? – DealerJoe Nov 14 '12 at 18:13
  • Yea but I would put a time constraint on how long it stays on the ban list because of the dynamic nature. – Brad Semrad Nov 14 '12 at 18:15
0

clearly there is no way until you get your clients' MAC addresses (however the best way is to handle it via a hardware firewall).

See this if you need to find MAC addresses: Reliable method to get machine's MAC address in C#

Community
  • 1
  • 1
Farshid
  • 5,134
  • 9
  • 59
  • 87
  • He clearly stated that he knows how to ban the client, his problem is that the IP address of the client changes from day to day. – Sean Airey Nov 14 '12 at 17:11
  • 1
    You can't use the client's MAC address unless the client is on the same LAN as the server, which he stated in the question its on the internet so you can't get the client MAC. – heavyd Nov 14 '12 at 17:21