Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Dear monks,

I am searching for ideas, as I have really no experience with networks. I would like to let run a perl script (compiled in a exe) on any computer machine inside a given network, let's say it as Institution, a school etc. Outside of it, it should not work. How can I find if a script is run inside a given network? Thanks

Replies are listed 'Best First'.
Re: verify presence in a given network
by Preceptor (Deacon) on Apr 09, 2014 at 16:35 UTC

    To control something such that it only 'works' internally is difficult - if you distribute the code, someone can disassemble it, even if it's compiled.

    To make it _more difficult_ on the other hand: what you need is something you can check - from within your script - that verifies that it's 'ok'.

    There's nothing you can really do here that can't be spoofed but my thoughts would be (one or more of):

    • check local hosts fully qualified DNS name.
    • check the local host has the right network configuration.
    • fire up a website, or daemon on a server internally (and ensure it's firewalled/not resolvable externally) and have the script perform a basic web fetch.
    • Authenticate the user running your script, against an internal service. (E.g. LDAP/AD/nis etc.).

    The short answer is of course that if you've given away an executable, someone can _always_ retro engineer it. The only way to retain some degree of control is to turn your script into a server side application - keep control of the code, and let people access it with their web browser. At which point you can do a lot better in terms of access control/authentication.

[reply]
Re: verify presence in a given network
by roboticus (Chancellor) on Apr 09, 2014 at 16:58 UTC

    I'd suggest making some critical function for your program be a webservice on a server you control. Then you can prevent access to the service using a firewall. That way, if the exe escapes your network, it can't do anything useful because a critical bit of functionality is left out. Just make sure that the function isn't trivial to reimplement, or someone may do so.

    ...roboticus

    When your only tool is a hammer, all problems look like your thumb.

[reply]
Re: verify presence in a given network
by NetWallah (Canon) on Apr 09, 2014 at 15:09 UTC
    The internal IP address of the main router (Gateway to the Internet) is usually very stable, and always available.

    Inside a campus/building, the number of routing hops to that router is usually very small .. typically less than 3.

    You could send a "ping" to that address and check if it is found in 2 hops or less, to verify internal reachability.

    ? Of course, this can be spoofed, if the user knows what the code is looking for.

    A more secure way would be to establish a server on the network, and require login , or canned credentials to be retrieved from the server before processing.

            What is the sound of Perl? Is it not the sound of a wall that people have stopped banging their heads against?
                  -Larry Wall, 1992

[reply]

      The gateway IP address might be stable, but it's _nowhere_ near unique, just think about home routers -- all instances of any model default to the same IP address and are installed in thousands of locations.

      There's just no reliable way to do this at the network level, it wasn't designed to do that, you need some sort of licence server. (yuk!).

[reply]

Back to Seekers of Perl Wisdom