Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Refusing connection from a host

Tags:

c++

sockets

cross-platform

network-programming

I'm writing a simple tcp server application using sockets. As far as I know I can obtain the client's ip address and port after calling accept().

Now lets assume I have a banlist and I want to ban some ip addresses from my server. Is there a better way than accepting the connection and then dropping it?

Is there a way to get the client's ip and port before accepting the connection? If we have accept() why don't we have something like refuse()? Is there a way to refuse the connection or simply ignore connection attempt from a host?

like image 596
Calmarius Avatar asked Jul 12 '09 15:07

Calmarius

People also ask

Why would a connection be refused?

A Connection Refused (Hostname) error occurs when: You use the wrong port in the connection string. You connect from a machine that is not in the database's list of trusted sources.

What reasons might cause a server to refuse a connection request from a client?

The two most common causes of this are: Misconfiguration, such as where a user has mistyped the port number, or is using stale information about what port the service they require is running on. A service error, such as where the service that should be listening on a port has crashed or is otherwise unavailable.

What does Connection refused mean in email?

Scope: Applies to all Email Security Gateways. Answer: Connection Refused means that the Barracuda is unable to connect to the specified SMTP port on the configured destination server. In the event that the recipient server is down, the Barracuda will continue to spool the mail for 48 hours, retrying every 15 minutes.

1 Answers

The TCP implementation normally completes the TCP 3-way handshake before the user process even has access to the connection, and the accept() function merely gets the next connection off the queue. So it is too late to pretend that the server is down. This works the same way for regular TCP data; the TCP implementation does not wait for the application to actually recv() the data before a TCP ACK is sent. This keeps the other side from needlessly retransmitting packets that were received correctly, and allows the throughput to remain high, even when the application is bogged down with other things. In the case of new connections (SYN packets), this also allows the kernel to protect itself (and the application) from SYN flood attacks.

Although not portable, many platforms provide some sort of firewall capability that will allow filtering incoming connections based on IP address/port. However that is usually configured system-wide and not by an individual application.

like image 67
mark4o Avatar answered Oct 27 '22 21:10

mark4o
Sign in to Comment

Related questions

Type punning with (float&)int works, (float const&)int converts like (float)int instead?
Check a concept against a type
Are .h files treated differently by the compiler or "just" a naming convention?
difference between i + 1 < vec.size() and i < vec.size() - 1
std::reduce seems to convert results to integers [duplicate]
Is pointer difference between two arrays defined on specific implementations?
How to simplify checking if a pair of numbers is (1,2) or (2,1)?
How to handle a ctrl-break signal in a command line interface
Where can I look up the definition of size_type for vectors in the C++ STL?
C++ Linking Errors: Undefined symbols using a templated class
Simple script to count NLOC?
In C++ is it possible to have a defined purely virtual function?
easy way to add 1 month to a time_t in C/C++
Sphere World Implementation C++
dynamic_cast fails
g++ not working on Windows command prompt. Cygwin installed
What is the best free portable 3d/2d engine? [closed]
Set app to require elevation?
C++ Intellectual Property Protection/Anti-Reversing
Cannot convert from 'const wchar_t *' to '_TCHAR *'

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!