Forum Replies Created
-
Posts
-
Is this the only way to check the programm associated with a packet? I feel this is not a full proof way to do this. There may be 2 application which are accessing same IP/ port/ protocol like Netscape and Internet explorer accessing yahoo.com same time. Does all the firewall use this method only or there is any unique way to check this? Please advise..
Thanks a lot for your technical support till now. It is very usefull for me. 😀
Hello,
I was busy some other project that why I could not continue this. Now I’m back to this. About
If you want to develop a “Personal Firewall” you need two drivers:
1. NDIS filter doing the main tasks: Block/Allow ether-packets…Reading/modifying the packets by parsing the underlaying services (e.g. http, dns)
2. TDI filter for keeping track of local connections and processes.Can you please help me in understanding this. I have NDIS filter (winpkfilter SDK) and TDI filter ( Localhost Minitor API ). Now I need to know which packet is associated with which application. Based on application the firewall (Which I’m writting) will decide to drop or continue packet. Can you please provide me a sample for the same.
Thanks in advance..
Thanks a lot Smilish. I have bought the winpkfilter driver and downloaded the trial version of TDI filter for NT platform. I know I’m not so technicaly strong in this area 🙁 . Can you please tell me 2 things.
1. How to identify underlaying services (e.g. http, dns. as per your sugession I need to trap DNS request only) request and modify the DNS request.
2. How to compare data in INTERMEDIATE_BUFFER as the data is in other format. In example PassThru we can block the packet based on data contents. But contents are not in readable format. I want to search a specific word within packet data if word found then drop this packet.
Thanks in advance..
I have downloaded the Localhost Minitor API from this site. But I didnt see where to modify the dns request. I can see a structure _LOG_INFO but in this there is nowhere website address provided.
With MSTCP (another programme) I can read data but there also I could not see the domain name. Here I can block the packets based on IP but not based on domain name as there is no such information.
As I want to block all domain starting with y*.com like domain yahoo, ymg, yourdomain etc. Please help.
Thanks for your reply.
I need this solution for 98 as well. But Localhost Minitor API is for NT platform. Can you please sugesst a solution for all windows platform.
I know the DNS requests. But I dont know how to redirect any request to some other domain/IP. Can you please be more specific about this. This redirection has to be done on between MSTCP table and application or in between Network Adeptor and MSTCP? I can drop the connection while reading the MSTCP based on IP or other filter but dont know how to redirect this.
Thanks
@SerpentFly wrote:
Also in this firewall I want to block websites with specific names. Is it possible if yes how. Any example will be heighly appriciated.
You can track and modify DNS requests for these names an example…
example??
does windpkfilter provides TDI filtering or LSP? I have bought windpkfilter licence for individual. Before buying the source code I want to know is it possible to make such kind of firewall using the same. If no then do you have any other development SDKs or if yes can you please provide me a sample.
Yes you are right This is fantastic. I think you can do this even without the source code by modifying the ndisapi.dll code. I’m not sure so you can please confirm this with the administrator….. Realy this is fantastic driver… 😀
Thanks for your gr8 help. But sorry I’m still not able to modify the contents. As all the packet data is not in proper format. when I try to modify the word “SEX” it didnt generate any error but still I got the page with word SEX. Then I saved all the data in a log file. Then I found there is no word SEX. but in my page it was showing. I think problem is due to raw data. The packet data is not in string fromat. So its not replacing that. Also I dont want to modify other data. I just want to replace the data part of packet. By the above aproach it can modify the header part as well. Please help….
