Active connection with SOCKS

A private forum for us Super-Humans, I even trust you to be able to edit your own posts =)

Moderator: Moderators

Locked
mo
Forum Moderator
Posts: 81
Joined: 2003-02-06 11:20
Location: Ohio
Contact:

Active connection with SOCKS

Post by mo » 2003-03-30 21:40

What do you think about making a connection to a hub with socks, but uploads and downloads are direct?

Not sure if this would be useful to many people, but it might help some who have isp's with blocked ports.

What do you guys think?

GargoyleMT
DC++ Contributor
Posts: 3212
Joined: 2003-01-07 21:46
Location: .pa.us

Post by GargoyleMT » 2003-03-31 08:51

It relies, I think, on some behavior that's not documented on hub software - a user coming in from one IP, but issuing a ConnectToMe for another one. How many hub softwares (dch++? ptokax?) do some sanity checking on this?

If it works, it'd be a nice feature for those blocked.

mo
Forum Moderator
Posts: 81
Joined: 2003-02-06 11:20
Location: Ohio
Contact:

Post by mo » 2003-03-31 09:19

Since I have SOCKS support in MoS++ now, I'll do some checking, and see what kind of results I get. I'll only be able to check that search results are returned to me, but I have a good feeling that it will work.

I believe it's a common practice for people to use things like mycomputer.d2g.com in their address field. I think it would be hard for a hub to efficiently check, and I don't think hubs would want to waste time parsing through all the data going through it. (any more that neccisary)

It is something I should look into before it's given to the public, just to find out it doesn't work :)

I'll also try and hack up the client to add this, but I'm not real familiar with the code.

ivulfusbar
Posts: 506
Joined: 2003-01-03 07:33

Post by ivulfusbar » 2003-03-31 12:30

All hubs that i have helped in the devolpment have ip-checks on ConnectToMe and Search (ASH, and a new hub knoton is working on). I personly dislike the dynamic hostnames in the address field. This is due to the fact that tunneling happens more and more. I will check how often people use hostnames in their address fields with some simple stat and come back on the subject.


But then, hmmm... maybee one should allow hostnames... hmm.. well.. time to think about it (our ip's almost never change over here).

i-personly-thinks-its-better-to-have-hubs-who-listen-on-more-than-one-port-instead-of-hacking-this-into-the-client-ly'ers ;))
Everyone is supposed to download from the hubs, - I don´t know why, but I never do anymore.

mo
Forum Moderator
Posts: 81
Joined: 2003-02-06 11:20
Location: Ohio
Contact:

Post by mo » 2003-03-31 12:58

In looking at the DC++ code, it always sends the client's ip address, even if the user enters a hostname. (although I have run across clients that send me crap for an ip addresses i.e. localhost, 127.0.0.1, etc...)

I also have come up with the same conclusions as you.
It appears that the hubs are trying to prevent smurfing and other bad practices by verifying the information it's passing back and forth.

I'm not sure that it's a good idea to take this verification out.

ender
Posts: 224
Joined: 2003-01-03 17:47

Post by ender » 2003-03-31 13:15

The hub I'm working on (well, I was a bit lazy lately :mrgreen:) has IP checks, too, and drops the requests if IPs don't match. As for hostname in the IP field, the client I'm using (DCgui, I'm on linux) has a nice feature: it resolves the hostname first, and then sends the IP... Maybe DC++ should implement this, too...

mo
Forum Moderator
Posts: 81
Joined: 2003-02-06 11:20
Location: Ohio
Contact:

Post by mo » 2003-03-31 14:37

ender wrote:it resolves the hostname first, and then sends the IP
I believe dc++ does this also with gethostbyname(buf);

cologic
Programmer
Posts: 337
Joined: 2003-01-06 13:32
Contact:

Post by cologic » 2003-04-04 09:50

My client actually implements the first part of this; it changes SOCKS5 from something analogous to active/passive to a separate boolean setting. However, I haven't really tested it except as passive; the main problem I encountered was that hub connections are (mostly) indistinguishable from client-client connections. There are certainly ways around it, but it's not an entirely trivial change.

mo
Forum Moderator
Posts: 81
Joined: 2003-02-06 11:20
Location: Ohio
Contact:

Post by mo » 2003-04-04 10:06

Since hubs verify the information you pass, it looks like the only way you could have direct client to client connection with SOCKS is under the following circumstances.

Client A is using SOCKS.
Client B does an active search.
Client A sends it's real IP address via UDP to Client B.

Can anyone else think of a way that the hub can't verify?

Locked