weblog d’un abbe

20060225

IPC using TCP/IP under Windows XP Firewall

Filed under: Hacking — abbe @ 1436

After the release of Microsoft Windows XP Service Pack 2, there is a builtin firewall. Any software, that attempts to listen on any TCP/IP port is caught by this firewall. And, for small applications which uses TCP/IP on the same computer for IPC (Interprocess Communication) also get caught by the firewall. To ensure that they won’t get stopped by firewall, change server to always listen on only local loopback address. Whereas usually, any server written will listen on all interfaces. Since, it is not required in this kind of application, for the purpose of security you should avoid this. There is a java sample code, I’ve written to illustrate this, although you can write any equivalent code in C/C++ or any language which has an interface with BSD Sockets, or Winsock.

import java.net.Socket;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.SocketAddress;
import java.net.InetSocketAddress;

import java.io.IOException;

public class FirewalledServer {
 private static int PORT = 19450;

 private static void Main() throws IOException {
  // instead of starting using traditional way:
  // ServerSocket server = new ServerSocket(PORT);
  ServerSocket server = new ServerSocket();

  // Get localhost:PORT address
  SocketAddress sockaddr = new InetSocketAddress(
       InetAddress.getLocalHost(), PORT);

  // Bind and listen to it with backlog 3 (you can have any backlog)
  server.bind(sockaddr, 3);
  Socket client = server.accept();
  System.out.printf("Connection arrived from %s\n", client.getRemoteSocketAddress());
  client.close();
  server.close();
 }

 public static void main(String[] args0) {
  try {
   Main();
   System.exit(0);
  } catch(IOException e) {
   System.err.printf("I/O Error: %s\n", e.getMessage());
   System.exit(-1);
  }
 }
}

// vim:ts=4

I’ve tested above code in JDK 5.0 update 4 and it may work on earlier releases too. For accurate information check for the availability of routines. I was using Jext and whenever I started Jext, firewall blocks. So with the help of my friend’s Unix Networking Programming by W. Richards Stevens, I got this idea.

Anyways, its a good practise to perform only what is required accurately or precisely

Advertisements

3 Comments »

  1. It will work on earlier releases of J2SE, but in that case you might have to change printf statements to their equivalent println representation.

    Comment by Ashish Shukla alias Wah Java !! — 20060403 @ 1207

  2. still researching.

    thanks.

    Comment by Dora — 20091224 @ 1947

  3. Hi!
    I tried to use this technique with localhost and have found that InetAddress.getLocalHost() does not return ‘localhost’. It returns the real IP-address of the machine. Instead of InetAddress.getLocalHost() the code above must use InetAddress.getByName(null). The latter returns the loopback address as stated in docs: http://download.oracle.com/javase/1.4.2/docs/api/java/net/InetAddress.html#getByName%28java.lang.String%29.

    Comment by Alexander — 20110524 @ 0855


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: