Is it possible to read out the NAT-Header of an IP-Package to identify the sending machine in php.
My goal is to identify on how many computers my users are logging in to my page.
Best regards
It's not possible to do - there are numerous routers between you and final user.
The NAT is organized using NAT Tables which are stored in routers memory, so there is no sensible information in the network packages. So it's not possible by definition.
Short answer: NO!
The server gets only the last public ip of the request, in the case of NAT, the ip of the router.
Related
I'm creating a website which needs do some data gathering anonymously. I ran an Ubuntu server with Apache, and normally when I want to run my script, target websites and servers can determine my server real IP. Is there any solution to hide Apache server IP and use random IPs per each request?
The target website will generally always be able to see your real IP address; you'd have to make each request from a different server, or via a different network connection.
Depending on why and how you're doing this, from where and to whom, it's likely to be an effective way to get banned, sued and/or prosecuted for a DDoS attack (or some other kind of attack).
Please don't do this.
Is there a safe way, to identify a device which might be behind a Router (so the IP is not unique) in PHP?
Background: I have several embedded devices (self programmed & adaptable) which contact a webserver (php+mysql) with status updates. These updates are then - if the source is confirmed - saved to the database.
As I understand it $_SERVER['REMOTE_ADDR'] usually can be trusted (except some IIS configuration where it may - under special circumstances - wrongfully return 127.0.0.1; but different story)
Anyhow since I use SSL, the IP address really should not be a problem, because there a handshake is required and if the IP is faked or simply wrong, the connection should not be established
For now I require IP addresses to be whitelisted by admin, for an status update to be acceppted
The device additionally sends the MAC address via $_POST to identify the different modules with identical IP address (I know this can very easily be forged, and right now will be trusted if the IP address is trusted)
So first of all I am not sure if the IP address in itself is enough for it to be safe from attacks from the outside
Secondly if the device is behind a router, it will have the same IP address as every PC/device on that network. So about anyone there could forge a status update with a fake MAC address (simply as post variable), and since the IP address is whitelisted it will be trusted
So is there any way of confirming the identity of a device, or do you know a better way of doing this?
Aside: Going the other way, and have the webserver poll the different devices might be an option, but since there might be many (> 2000) devices of which we need the very last status (change) I thought it to be inefficient.
IP addresses can be spoofed, MAC addresses can be forged, so theses methods are not sufficient. The general approach is to assign a key to each client device (possibly the same key to all devices, even if this probably a bad idea). The "key" can be anything from a predefined string (weak, think username/password) to a signed certificate (strong, think SSL).
Both can be implemented either at the application level (by PHP) or at server level. If your application runs on Apache httpd server, I would rather recommend using its built-in features as it supports both approaches.
How to change ip address such that it does not reveal our original address when using $_SERVER['REMOTE_ADDR']; in php
You need to use a proxy server if you're trying to access a website from a different IP than your own. Wikipedia has more information.
There are several options I have in mind for this. I will go from the simpler to the more complicated one.
First, you could use a proxy server and ask him through an HTTP request made by your program or your browser, to fetch a resource for you. The proxy server will take the role of querying a resource in your place to the target service.
Example :
You want to retrieve the main page of the domain stackoverflow.com. You ask the proxy server to ask stackoverflow's HTTP server to send him the main page and he will forward it back to you.
To SO webserver, the superglobal $_SERVER['REMOTE_ADDR'] variable will correspond to the proxy server's IP address and not yours. However, the HTTP protocol implements some fields such as HTTP_VIA, HTTP_X_FORWARDED_FOR, or HTTP_FORWARDED which can be used to know if the current HTTP request is made by a proxy or not.
A transparent proxy will not specify those fields and will not modify your request whereas a non-transparent proxy may reveal the original IP address of the original requester. You got to use a reliable proxy which will act as you intends it to act. Another thing to consider is the use of an SSL tunnel between you and the proxy to avoid eavesdropping.
The second solution is to use a VPN (Virtual private network) server. It would be too complicated to fully explains how this works, but remember this, when you are connected to a computer using a VPN service (like l2tpd, pptpd ...) it's like you were on the same LAN with this computer. So you can transparently make requests to a webserver and he will never find out what's your real IP address.
A third solution could be to use linked nodes based network such as TOR. It's a free network you can connect to, and you will be completely anonymous to regular people. The TOR network power is to provide a network of many nodes and each nodes doesn't know anything about other nodes, so even people connected to the TOR network cannot know anything about you. I suggest you to read more about this if you're interested.
There are more complicated other solutions such as TCP session hijacking which is generally used to fake IP addresses and literally steal another computer's TCP connection, but this is out of the scope of this answer.
There are two (or more) computers on LAN with internet access.
They have the same:
operating system,
browser and browser version,
user name.
They are visiting my webpage which can use js and php to retrive informations.
Is there any way I can find differences between these clients with retrived information?
Which informations are different?
Set a (random valued) cookie or a session.
The two machines will have unique identities.
Their IP addresses would be different, unless they're using a proxy and/or NAT firewall. That information can be retrieved trivially via $_SERVER['REMOTE_ADDR']. There may an X-Forwarded-For header that some proxies might put in place, revealing the internal address, but it's not guaranteed to be there, and definitely not guaranteed to be reliable.
There's a few client-side tricks you can use to get machine's local address, but again, if they're behind a NAT firewall and/or proxy, there's no guaranteed that both machines aren't on two seperate networks and both coincidentally have the same private IP address.
I have a computer on a small network, so my ip is 192.168.2.100.
I am trying to get my real ip. I download the no-ip client but that just seems like a lot of trouble for such a simple thing.
I created this php script that got http://www.ip-adress.com/ page and retrieved the ip it gave me.
Is there a simpler way? Either using C, WSH or something. Or if there is an easier way in php please tell me.
When I get the ip I'll uploaded it to my ftp site so that I can see the ip from work.
No, there's not really an easier way. Your computer really doesn't know the public IP it's behind -- there could any number of layers of NAT between it and the public internet. All it knows is that it receives messages at 192.168.2.100, and sends outgoing messages through the gateway at 192.168.2.1. It has no idea what happens after the packet hits the gateway.
Do note reinvent the wheel, there is a standard protocol, STUN (with already existing implementations), just for that. See also Discovering public IP programatically.
Not quite what you asked for but still applies to what you want. I setup a GMail Notifier on my home computer and go to the account activity page to see which IP address is accessing my Google acount. Secure, simple and works.
If you want to get the eventual IP that the remote site seems when processing your traffic then the only way is to actually access a remote site. In many situations your computer may not be aware that the IP is getting changed by a proxy or a NAT server.
I always use curl http://whatismyip.org to get my public IP while behind NAT.
You can also access this page to get your IP
http://www.biranchi.com/ip.php
Some routers can tell you their external IP address via UPnP, or more specifically, the IGD protocol. If you happen to own an UPnP enabled router, you can try this. IStaticPortMapping::get_ExternalIPAddress sounds promising.
SNMP enabled devices can tell you their IP addresses, too. The OID to ask for is IP-MIB::ipAdEntAddr.
When I need to check my public ip address, I like this website:
http://www.whatismyip.global/
The website keeps a history of your IPs. For me is very usefull!
The way you're doing it is probably as good as any.
You say you have a public FTP site -- do you also have a web site there? Your other option is to have your local machine access a php page on that public facing site. That php page can verify it's you and then use the $_SERVER['REMOTE_ADDR'] to record your external IP.
Unfortunately, you're server will most likely be completely oblivious to what it's own External address appears to be (as it might be set further upstream via some router/gateway)
You could have a look at this link
http://ip-address.domaintools.com/myip.xml
It might be a little easier to parse than what you're currently doing.
I can't think of how you would resolve your IP address from the perspective of another machine. Here's a couple thoughts:
Automate the loading of the
ip-adress.com page and parse it
Look at DynDNS
Your computer has no information on any NAT or routing that takes place between it and the internet except which hop is the next one (usually your router's internal ip). It simply doesn't know at which hop the internal address gets translated into which public address.
Therefore there is no simple function or method you can call, in any language.
The only two ways are to ask someone else. How?:
Ask your NAT router (because it itself does the translation to a public ip) by fetching and parsing the right page on your router's admin site. Arguably most reliable, and fair.
Ask an external host how it sees you, by fetching and parsing a public service such as http://dynamic.zoneedit.com/checkip.html. An example in VB script is here.