Reputation: 1
How to check if client is connected to another port in C#
I made a program in C# that a server is listening to port 9000 and 9001. The client must connect to 9000 port with a user name. If the username is correct then it must connect to 9001 to send messages but must be remain connected to 9000 port. I made this part but I don't know how to check if the client that is connected to 9001 port is the same client that is listening to 9000 port.
How do I check if the client that connected to 9001 is the client with the correct username in 9000 port?
Upvotes: 0
Views: 473
Answers (1)
Reputation: 70701
You cannot know from the connection itself for sure that the remote end point connected to port 9001 is the same one that connected to port 9000. You'll have to issue some kind of token via the connection on port 9000, for the client to present on port 9001 for authentication.
Note that if you are not using encryption on the connections, then this won't really offer much in the way of security per se. Assuming no hostile entity on the network, it would be a way of correlating connections on both ports. But someone monitoring the connection at any point could simply intercept the token and use it themselves connecting to the second port.
See the FTP specification and browse the web for security concerns related to FTP, in particular its PASV mode. In "active" mode, FTP connects to a port the client is listening on; but this conflicts with various firewalls, proxies, and NAT routers (all of which tend to interfere or block entirely the ability for a client to receive inbound connection requests).
The FTP specification "solves" this by introducing the "passive" (PASV) mode, but that creates the same basic issue you're going to run into here: the server simply tells the client which port to use for the data connection, and an attacker can either monitor this response or anticipate it (because of non-random behavior in FTP servers), and connect to the port themselves before the client can.
Here's an interesting article I found discussing the security issues related to FTP PASV mode, and which would be similar in your scenario: PASV security and PORT security
So, in dealing with this, you first need to decide what level of security you need. Frankly, if you need a truly secure connection, you should authenticate the user on every connection you use for that user.
Upvotes: 3
Related Questions
- How to check if a socket is connected/disconnected in C#?
- C#: Checking if a socket has a active connection to the server?
- Possibility to check if there's a valid connection available for a given IP and a Port in C#
- Checking if a client is trying to connect?
- Finding open TCP port in a network
- How to know if tcp server is in listening state or not
- Determine if a server is listening on a given port
- c# Checking whether a port is actively listening?
- Test if Socket is connected in C#
- Check if client port is open and forwarded [C#, ASP.NET]