 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / February 2006Java app spuriously opening ports
A Java app that uses only HTTPUrlConnections to access the net keeps generating prompts from my firewall app that it wants to act as a server -- apparently, a DNS server. This is rather strange. Why is it attempting to open ports, when it's supposed to only retrieve Web links now and again? > A Java app that uses only HTTPUrlConnections to access the net keeps > generating prompts from my firewall app that it wants to act as a > server -- apparently, a DNS server. This is rather strange. Indeed! Wanting to *act* *as* a DNS server would be strange for a Java app. But *contacting* *to* a DNS server would be very common for your app. This is the natural way to translate for example "www.google.com" to something like "11.22.33.44". > This is rather strange. Why is it > attempting to open ports, when it's supposed to only retrieve Web links > now and again?  Signature"Thomas:Fritsch$ops:de".replace(':','.').replace('$','@') > A Java app that uses only HTTPUrlConnections to access the net keeps > generating prompts from my firewall app that it wants to act as a > server -- apparently, a DNS server. This is rather strange. Why is it > attempting to open ports, when it's supposed to only retrieve Web links > now and again? DNS in normal usage runs over UDP. UDP is connectionless. In order to receive a response from the DNS server, the DNS client has to listen for UDP packets on the chosen port. Tom Hawtin SignatureUnemployed English Java programmer http://jroller.com/page/tackline/ Eh -- my browser doesn't try to open listen ports when it resolves hostnames. And denying server rights to the Java app didn't stop it resolving hostnames? > A Java app that uses only HTTPUrlConnections to access the net keeps > generating prompts from my firewall app that it wants to act as a > server -- apparently, a DNS server. This is rather strange. Why is it > attempting to open ports, when it's supposed to only retrieve Web links > now and again? Is it requesting that the firewall open up port 53? in that case it is implementing and using Universal PnP or something similar, hmm... Can you explain more about how it is generating the prompts at the firewall? Are you sure its not just trying to talk to someone else on port 53. You should use a net sniffer to have a look at the packets being transferred to decrypt the communication. It might not be DNS request, but it using port 53 for some reason. /tom > A Java app that uses only HTTPUrlConnections to access the net keeps > generating prompts from my firewall app that it wants to act as a > server -- apparently, a DNS server. This is rather strange. Why is it > attempting to open ports, when it's supposed to only retrieve Web links > now and again? Your firewall software is broken, has failed to grasp reality and is panicking. SignatureNigel Wade, System Administrator, Space Plasma Physics Group, University of Leicester, Leicester, LE1 7RH, UK E-mail : nmw@ion.le.ac.uk Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555 Doubtful -- it's ZoneAlarm, and it's fully up-to-date. > Doubtful -- it's ZoneAlarm, and it's fully up-to-date. If you cant gives us more information about whats happening its very difficult for us help you. Did you do a trace of the network communication? Could you give us more information about exactly what the message zonealarm prints is and a small copy of the code you are using. have you compared that to what the network trace shows /tom >> Doubtful -- it's ZoneAlarm, and it's fully up-to-dat I have heard that both Intel and AMD are about to release chips with features to make it easier than ever to virtualise them. Perhaps what you might do then in run your firewall in a different virtual machine, and perhaps other functions could be carved off into their own worlds to help cut down the rising complexity of interactions. At the very least there needs to be a way to put device drivers off into their own boxes so no matter how they fail they can't take the whole system down with it. Device drivers can never be as trusted as the core OS, yet they need very low level access. This hints some sort of radically different design is needed, perhaps using little CPUs on all I/O cards. I think back to the CDC 6600 with its array of I/O of ,was it a dozen?, I/O processors (faked by one big one). The main CPU did not get interrupted. Uplevelling the hardware interface would work by allowing communication only via shared ram with the i/o processor only able to see small windows of it that were its business. A hardware disk controller would interface at the level of the device driver does now, or perhaps a notch or two higher -- implementing a whole file system in its own clever way, e.g. with marthaing, lookup of files by a variety of keys, including content, key, marthaing, multiple heads, background defrag, raid, toggling, backup snapshots frozen in time without shutting down everything, checkpoints, procrastinated writes, pre-emptive reads, sequential lookahead... As it is now, even a keyboard utility or driver can snoop and report its findings out the i/o ports. There are three motives for going to much stronger hardware compartmentalisation: 1. greater stability through isolation in air-tight compartments. 2. greater security through isolation. 3. greater speed by allowing room for more evolution and competition within the bigger hardware responsibility box. The irony is infinitely malleable software, because it involves so many interaction, becomes harder and harder to change anything. To permit more evolution you must carve off pieces of the problem that don't have much outside interaction so they can evolve independently. I similarly want to build air tight boxes for applications so they can't snoop or modify files or RAM or system settings none of their business. It should be federal crime for a app to move all associations to itself without permission. It simply should not be possible no matter how malicious the app. SignatureCanadian Mind Products, Roedy Green. http://mindprod.com Java custom programming, consulting and coaching. You're talking about going from the prokaryotic computer to the eukaryotic one ... fascinating. >You're talking about going from the prokaryotic computer to the >eukaryotic one ... fascinating. in biology, which type evolved first? SignatureCanadian Mind Products, Roedy Green. http://mindprod.com Java custom programming, consulting and coaching. Remove the ZA and the problem will disappear. I use a hardware firewall instead and I don't experience those issues anymore. Just turning off ZA is not enough. ZA locks you down too hard if you're a developer. Good luck. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.