Tcp filter IP Connection

[clongz]

hi, hope someone can help me =)

im wondering if it is possible to create a program with autoit

that it will serve as a gateway to filter the connection before it goes through the main server

My Idea Was..

Main_Client ->> Gateway_Client ->> Server_Gateway ->> Main_Client_Server

the sequence will be when i launch the Main_Client, the client-gateway will send a trigger to the server gateway that the connection to be establish is from the Main_Client, then that will be the time that the server_gateway will allow the Main_Client for it to connect to the Main_Client_Server..

i hope someone can help me, this was for a online game security purpose,

cause some were sending packets on my server using packet sender, i think it will be prevented if there will be someone that will filter and verify a legit connection before it pass through the Main_Client_Server.

[Shimgreen]

Ive spent a lot of my time in networking, I could possibly help. Maybe get rid of gateway client... Have main client Verify its legit by connecting to several different servers in certain pattern, and send certain packets that verify its legit? Also maybe script the server to block certain Ip addresses or set up a function to disconnect a client if it starts spamming packets...

Also encrypting packets never hurts either

[clongz]

Ive spent a lot of my time in networking, I could possibly help. Maybe get rid of gateway client... Have main client Verify its legit by connecting to several different servers in certain pattern, and send certain packets that verify its legit? Also maybe script the server to block certain Ip addresses or set up a function to disconnect a client if it starts spamming packets...

Also encrypting packets never hurts either

oh thank God!! someone replied with my thread,. just pmed you sir =)

[CodyBarrett]

Instead of a gateway, how about something like this?

tcpstartup ()
$mainsocket = tcplisten (@IPAddress1,4444)
Dim $socketlist[100]
For $n = 0 To UBound ($socketlist)-1
    $socketlist[$n] = 0
Next
while 1
    _IncommingConnection ()
wend
For $n = 0 to ubound ($socketlist)-1
    TCPClosesocket($socketlist[$n])
next
tcpclosesocket ($mainsocket)
TCPshutdown ()
exit
func _IncommingConnection ()
    local $n, $socket = tcpaccept ($mainsocket)
    If $socket = -1 then return
    If SocketToIP ($socket) = TCPNameToIP ('Google.ca') Then Return ;Line Of Interest!!!
    For $n = 0 To UBound ($socketlist)-1
        If $socketlist[$n] = 0 Then $socketlist[$n] = $socket
    Next
EndFunc
Func SocketToIP($SHOCKET)
    Local $sockaddr, $aRet
    $sockaddr = DllStructCreate('short;ushort;uint;char[8]')
    $aRet = DllCall('Ws2_32.dll', 'int', 'getpeername', 'int', $SHOCKET,'ptr', DllStructGetPtr($sockaddr),'int*', DllStructGetSize($sockaddr))
    If Not @error And $aRet[0] = 0 Then
        $aRet = DllCall('Ws2_32.dll', 'str', 'inet_ntoa', 'int', DllStructGetData($sockaddr, 3))
        If Not @error Then $aRet = $aRet[0]
    Else
        $aRet = 0
    EndIf
    $sockaddr = 0
    Return $aRet
EndFunc

Edited November 3, 2010 by CodyBarrett

[clongz]

wow!! thanks sir cody for this.

but how this thing works?? any infos?? thank you sir! =)

much apprciated! =)

[CodyBarrett]

well... here is a commented version, i also added a few things i forgot to last time.

expandcollapse popup

Hotkeyset ('#x','End') ;Sets a hotkey to close the script.
tcpstartup () ;Starts TCP services (only need to call this once).
$mainsocket = tcplisten (@IPAddress1,4444) ;This creates a listening ear (socket) for incomming connections.
Dim $socketlist[100] ;creates an array to capture the connected sockets, 0-99 including 0 it would be 100 possible elements.
For $n = 0 To UBound ($socketlist)-1 ;For beggining To End Of Array.
    $socketlist[$n] = 0 ;Sets The Elements To 0.
Next
while 1
    _IncommingConnection () ;alternately you could use ADLIBREGISTER ('_IncommingConnection') which might actually be better but for now this is good enough.
wend
func _IncommingConnection ()
    local $n, $socket = tcpaccept ($mainsocket) ;tcpaccept accepts a pending connection. (Called From TCPCONNECT())
    If $socket = -1 then return ;If error (no pending connections, then return).
    ;------------------LINE OF INTEREST---------------------------------
    If SocketToIP ($socket) = TCPNameToIP ('Google.ca') Then ;Use this line for whatever IP you want to block.
        TCPCloseSocket ($socket) ;Closes the established Socket because you blocked its IP.
        Return
    EndIf
    ;-------------------------------------------------------------------
    For $n = 0 To UBound ($socketlist)-1
        If $socketlist[$n] = 0 Then ;searching for an empty elemtent in the array.
                $socketlist[$n] = $socket ;once the first empty element is found then use it.
                Return
        endif
    Next
    TCPCloseSocket ($socket) ;This is called if there is no open elements.
EndFunc
Func SocketToIP($SHOCKET) ;im not entirely sure what this function does but it returns an IP or 0.
    Local $sockaddr, $aRet
    $sockaddr = DllStructCreate('short;ushort;uint;char[8]')
    $aRet = DllCall('Ws2_32.dll', 'int', 'getpeername', 'int', $SHOCKET,'ptr', DllStructGetPtr($sockaddr),'int*', DllStructGetSize($sockaddr))
    If Not @error And $aRet[0] = 0 Then
        $aRet = DllCall('Ws2_32.dll', 'str', 'inet_ntoa', 'int', DllStructGetData($sockaddr, 3))
        If Not @error Then $aRet = $aRet[0]
    Else
        $aRet = 0
    EndIf
    $sockaddr = 0
    Return $aRet
EndFunc
Func End ()
    For $n = 0 to ubound ($socketlist)-1
        If $socketlist[$n] = 0 Then
            TCPClosesocket($socketlist[$n]) ;Closes EVERY Socket that is still connected.
        EndIf
    next
    tcpclosesocket ($mainsocket) ;CLoses the Listening EAR.
    TCPshutdown () ;shuts down the TCP services.
EndFunc

EDIT

if the comments still don't explain it:

this is a Server\ip blocking script.

creates server, and all its variables, then has an infinite loop waiting for a client to connect to it, the function filters the ips, and keeps the ones you want to keep, the connection creates a socket, it saves the socket ID into an array, and returns for another waiting game for another client to connect to start the accepting connnections functin again.

Edited November 4, 2010 by CodyBarrett

[clongz]

wow sir coddy this will really help with what i want,. but can i make a request sir??

cause i dont know which part should i edit,.

what i want to happen is,.

i want to block ips to connect on port 9991 if they are not connected with port 9992 and 9993

the reason thats why i want to block it, its because they are connecting directly with my port 9991 and sending bad packet which

causes my server to crash..

thank you again sir =)

Edited November 5, 2010 by clongz

[CodyBarrett]

wow sir coddy this will really help with what i want,. but can i make a request sir??

cause i dont know which part should i edit,.

what i want to happen is,.

i want to block ips to connect on port 9991 if they are not connected with port 9992 and 9993

the reason thats why i want to block it, its because they are connecting directly with my port 9991 and sending bad packet which

causes my server to crash..

thank you again sir =)

so you are hving how many open ports? and which ips go to which port?

[clongz]

yes sir coddy,.

all of the ports are public with my public ip,. and the sequence of connection with my server was

9991 >> 9992 >> 9993

what i want is if they havent connected to 9991, they cannot connect to 9992 and 9993

will that be possible sir??

thank you for the quick response =)

[CodyBarrett]

well... possibly.

it depends on how your client is configured.

if you're talking about:

server having port 9991

client getting error on 9991

client moving on to 9992

server give error

client move onto 9993

that would be a client code factor.

if you're talking about

server having port 9991

client connects to 9991 and can from there connect to 9992 and 9993 BUT client doesn't connect to 9991 and so it can't connect to 9992 and 9993.

this would be a server code, saving all the IPs into an array and checking on each port after 9991 if the IP is already connected to the server on port 9991 then it allows them on the other ones.

did that answer your questions? maybe i'm not understanding fully what you hop to accomplish.

[clongz]

not really sir coddy,.

its just that

the port 9991 was the login server, the connection should be first initiated there,.

9992 was the authentication server, and 9993 was the main server

what happening is they are using packet editing softwares to send bad packets with my 9992 and 9993

i just wanted that if an ip havent connected yet with port 9991, theres no way that they can connect with my 9992 and 9993,

will that be possible sir?

[CodyBarrett]

yeah. its possible.

like i said, save the IPs into an array and check them per connection for certain IPs that have bipassed your login server. if the arrays don't match up then simply block the IPs that haven't connected to the login server.

[clongz]

how to code that sir coddy??

sorry.. i really dont know how does tcp on autoit works =(

maybe the best thing to explain is..

the only ip that i want to connect on my server ports 9992 and 9993 was those ip that will connect

on my port 9991 first...

tha autoit code will probably serve as the gateway,... to filter the conection.

Edited November 6, 2010 by clongz

[clongz]

sir cody??