home *** CD-ROM | disk | FTP | other *** search
- Internet EventServer
- Copyright 2002 (c) Ron Bessems
-
-
- Description:
-
- This is the replacement for the old TCPIP server.
-
- Features:
-
- * passwords are sent encrypted over the network
- * sniffing connection is useless as the encryption cookie changes every time
- * abuse protection
- * subnet matching
- * MAC address matching
- * hostname matching
- * all host allow
-
-
- Configuration of the server:
-
- - Open the settings dialog
- - Go to the hardware tab
- - Select the Internet Eventserver
- - If the Internet Evenserver isn't checked, check it now, and press apply.
- - If needed reselect the Internet Eventserver
- - Press settings
-
- Now the settings dialog of the eventserver is open.
-
- If this computer is connected to the internet we first want to deselect
- "Allow All" and only allow certain trusted hosts. See below the part
- about "Allowed Hosts"
-
- Now we want to set the Password and the port number, be sure to choose
- something different from the default :-)
-
- If you don't care about the abuse protection or are experimenting you
- can turn it off. What the abuse protection does is it prevent hosts that
- are guessing the password from doing this fast. If the hosts that just
- tried a incorrect password connects again within 5 seconds it will get
- no special error it will look as if the password it gave was incorrect.
- If it keeps trying the time before the next allowed login grows linear
- with the number of tries. This prevents people from brute force guessing
- the password that you use on your server.
-
-
- Configuration: Allowed Hosts
-
- In the hostname box you can type the name of the host that you want to
- allow. The program expects the following convention:
-
- * Match single IP address : #.#.#.#
-
- For example 131.155.1.1
-
- * Match range of IP addresses: #.#.#.#/#
-
- The first 4 number are as always the IP address number, the last
- is the subnet mask, this can be 0,8,16,24 or 32. It signifies
- what part of the hostname should be compared to the incoming
- connection for example:
-
- You want to allow you whole local network to access the server,
- you local network has ip address in the range 131.155.#.# so
- you'd type 131.155.0.0/16, now every ip that begins with 131.155
- will match.
-
- If you have a subnet that has 131.155.224.# as the range you'd
- type 131.155.224.0/24.
-
- Taking this all the way if you only want to allow 1 host you could
- type 131.155.224.29/32. This is the same as leaving the /32 out.
-
- Now if you want to allow the whole internet to share in the fun,
- you'd type 0.0.0.0/0 Needless to say this is not recomended.
-
- * Match Hostname
-
- To match a single hostname type /<hostname>, the slash in front
- is very important, the program detects this and applies the correct
- matching routines.
-
- For example you want to allow girder.nl access, now you would type
- /girder.nl
-
- * Match MAC address.
-
- The MAC address is the hardware address of the network card. Windows
- keeps a list of these in its cache, however it does not see them
- from all over the internet, so this will only work on your local
- network, before the router kicks in. You can check if the MAC address
- is in the hostcache by typing "arp -a". If the number isn't in there
- too bad the matching won't work.
-
- #:#:#:#:#:# where the # are hexadecimal numbers. You can find the
- MAC address of your network card through winipcfg (win9x) or
- ipconfig -all ( win2k).
-
-
- Configuration of the Girder Client
-
- First make sure that the Internet Event Server client is enabled in the
- settings dialog and that the Internet Server is configured properly
- and enabled.
-
- - Open the settings window
- - Go to the action plugin tab
- - Check the Internet Server Client
- - Press apply.
-
- Now add a command, select this and go to the plugin tab.
- Select the Internet Event client and press settings.
- A dialog will popup prompting you for the hostname, port,
- password and eventstring. Carefully fill these in. With this
- client you can connect to a Girder Internet Event server on
- a different computer, thus controlling Girder from a different
- computer.
-
- Configuration of the console client
-
- Well there isn't much to configure just open a dos box and
- type "ieventc <hostname> <port> <password> <eventstring>"
- of course replace the <x> stuff with the real values
-
- Configuration of the php client
-
- Just upload and use it, it is meant as an example, you can
- take the function "SendEventString" out of this php file
- and use it in your own projects.
-
-
- Description of the Protocol
-
- The protocol for the Internet Event server was designed with security
- in mind. As such I took a good look at the APOP protocol and based
- the protocol on this.
-
- This is how it works:
-
- * The client connects to the server
- * The client sends "quintessence\n" to wake the server up.
- the reason for this is to prevent portscanning from finding out
- that this is a Girder client easily.
- * The server will respond with a cookie, this is a 4 character
- hexadecimal number that you will use next
-
- * With the cookie we are now going to create the encrypted response
-
- - first make a string <cookie>:<password>
- for example the cookie was 6c2f and the password is NewDefPWD
- the string would be "6c2f:NewDefPWD" (don't use the quotes)
- - Pass this string to a MD5 digest calculator, this gives you
- a string like this
-
- b1aa58f5050feb6f3643cf737088dac6
-
- Send this to the server.
- * If the digest was correct the server will respond with a
- "accept\n"
- * Now you are allowed to send any string as long as it ends
- with a "\n".
- So sending "hello\n" will result in an eventstring of "hello"
- * To close the connection you can send "close\n" and close the
- connection. ( This also means that close cannot be used as an
- eventstring )
-
-
- Troubleshooting
-
- If the server doesn't want to load or behaves strangely and you
- are running Windows 95 please upgrade your winsock.
-
- http://www.microsoft.com/windows95/downloads/contents/wuadmintools/s_wunetworkingtools/w95sockets2/
-
- If none of the events are coming in also check your firewall.
-
- Warning / Disclaimer
-
- Internet servers are inherently dangerous, there is always the possibility
- of abuse. Although I have been very carefull to design the protocol as
- safe as possible I cannot garantuee anything, so please use with care.
- I'm not responsible for any damage that occured because you used this
- plugin.