I'm implementing CURVE authentication over TCP (server side).
Security requirement makes me to log every incoming ip address.
Next step I have to analyze network activity and to ban ip addresses
that connects too often.
Effectively this will decrease probability of DDOS attacks.
Also this information makes possible to black-list well-known
brute-force severs upfront.
ZAP protocol specification clearly states that authentication request
must contain ip address of the client.
RFC spec 27 ZAP
But in practice it actually contains ip address of the server.
Which is useless.
I see this is a bug.
libzmq version 4.3.5
OS Windows 10 64 bit
P.S. For example, my client is running on computer
with address 192.168.0.43 and it connects to
tcp://192.168.0.11:5555 (both are in the same LAN)
But ZAP message looks like:
`
Version : 1.0
Sequence : 1
Domain :
Address : 192.168.0.11
Identity :
Mechanism : CURVE
UserId :
Username :
Password :
Principal :
ClientTxt : ?*lY%Vk5G0rud8e]Oh>vfnPW*9OI#KN/e+]z{OOK
`
But Address must contain 192.168.0.43
P.P.S. When I log-in to the bank, it clearly shows ALL ip addresses in the chain
(my local ip, ip of my router, all intermediate ip addresses),
so I absolutely sure there is a way to get client's address.
Also many other web sites use public ip address to check
geo location and/or attempts to access the server "too often".
This task (to get client ip address) is so common now,
that such strong project with deep understanding of sockets
should implement this feature.
I'm implementing CURVE authentication over TCP (server side).
Security requirement makes me to log every incoming ip address.
Next step I have to analyze network activity and to ban ip addresses
that connects too often.
Effectively this will decrease probability of DDOS attacks.
Also this information makes possible to black-list well-known
brute-force severs upfront.
ZAP protocol specification clearly states that authentication request
must contain ip address of the client.
RFC spec 27 ZAP
But in practice it actually contains ip address of the server.
Which is useless.
I see this is a bug.
libzmq version 4.3.5
OS Windows 10 64 bit
P.S. For example, my client is running on computer
with address 192.168.0.43 and it connects to
tcp://192.168.0.11:5555 (both are in the same LAN)
But ZAP message looks like:
`
`
But Address must contain 192.168.0.43
P.P.S. When I log-in to the bank, it clearly shows ALL ip addresses in the chain
(my local ip, ip of my router, all intermediate ip addresses),
so I absolutely sure there is a way to get client's address.
Also many other web sites use public ip address to check
geo location and/or attempts to access the server "too often".
This task (to get client ip address) is so common now,
that such strong project with deep understanding of sockets
should implement this feature.