I'm writing a simple tcp server application using sockets. As far as I know I can obtain the client's ip address and port after calling accept().
Now lets assume I have a banlist and I want to ban some ip addresses from my server. Is there a better way than accepting the connection and then dropping it?
Is there a way to get the client's ip and port before accepting the connection? If we have accept() why don't we have something like refuse()? Is there a way to refuse the connection or simply ignore connection attempt from a host?
A Connection Refused (Hostname) error occurs when: You use the wrong port in the connection string. You connect from a machine that is not in the database's list of trusted sources.
The two most common causes of this are: Misconfiguration, such as where a user has mistyped the port number, or is using stale information about what port the service they require is running on. A service error, such as where the service that should be listening on a port has crashed or is otherwise unavailable.
Scope: Applies to all Email Security Gateways. Answer: Connection Refused means that the Barracuda is unable to connect to the specified SMTP port on the configured destination server. In the event that the recipient server is down, the Barracuda will continue to spool the mail for 48 hours, retrying every 15 minutes.
The TCP implementation normally completes the TCP 3-way handshake before the user process even has access to the connection, and the accept()
function merely gets the next connection off the queue. So it is too late to pretend that the server is down. This works the same way for regular TCP data; the TCP implementation does not wait for the application to actually recv()
the data before a TCP ACK is sent. This keeps the other side from needlessly retransmitting packets that were received correctly, and allows the throughput to remain high, even when the application is bogged down with other things. In the case of new connections (SYN packets), this also allows the kernel to protect itself (and the application) from SYN flood attacks.
Although not portable, many platforms provide some sort of firewall capability that will allow filtering incoming connections based on IP address/port. However that is usually configured system-wide and not by an individual application.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With