 |
|
Is this project written by NDIS and would you like share your driver source code?
|
|
|
|
|
it clarify a lot of concepts
|
|
|
|
|
I want to know that if it is possible to block a certain ip packets and copying its packet and resending it on server after altering them so that its http request to server is altered.Is this possible with this.And if yes how to protect.
|
|
|
|
|
Hello Everyone!
I have installed wine into my ubuntu machine and followed all instructions as given but while typing in terminal;
$ wine application.exe is giving to errors
I am getting these two errors;
err:module:import_dll Library MFC42.DLL (which is needed by L"Z:\\home\\anuj\\fire.exe") not found
err:module:LdrInitializeThunk Main exe initialization for L"Z:\\home\\anuj\\fire.exe" failed, status c0000135
please suggest me what to do..reply please
Thanks.
|
|
|
|
|
hi,
I tried filter hook drivers for script filtering.I able to get raw packets for script filtering. ok Now problem is that i want to scan the script for malicious or harmful (virus related) contents. scripts may be contained in two or more packets, so how to scan? suppose i intigrate such packets and then scan then how shoud i drop or recreate packects and route then to browser or NIC.
Can you help to give details how packects are used by browser to create the dom and attach to browser.
Thanks in advance
|
|
|
|
|
It is simple to learn about firewall programming. But I have poor knowledge on C++. So, I want to learn this source code by using C#.Net 2005 (or) C#.Net 2003 programming language. Can I get it?
|
|
|
|
|
You can't access the OS with C#, hence you need to use C++ or C.
|
|
|
|
|
Dear Sudhir,
i am a 4th yr. student of iter,bbsr working on a project of Firewall getting some error as "error loading Driver" .When i am executing u r "firewall.exe" file in release folder there is no error but the same when i am trying by executing your source code the same error occurs .
i have even started the ipfilterdriver service in command prompt.
Please help me to avoid the error .
please check it & reply soon.
|
|
|
|
|
Hi
I am also facing same problem i.e its showing "Error loading this drive" while trying to run this application. But previously its running ,and its blocking and unblocking urls ,for now its not loading sys file .If u know can pls tell me so that i can fix for loading sys file .
Thanks,
Surendra Jain
|
|
|
|
|
http://www.codeplex.com/netdefender[^]
Don't know if it is still maintained. The last version is NetDefender 1.5 which was released in Sep 9 2007 and they say
This firewall (Netdefender) is made by Sudhir Mangla and Rajender Singh (from India, Faridabad ) as Final year project in our B.E. Course at Lingaya's Institute of Management & Technology.
|
|
|
|
|
is there a demo for this project?
|
|
|
|
|
Has anyone tried transfering or copying files/folder across firewalled server or machine?
Hope anyone knows how to?
Most Gracious..
janverge@hotmail.com
nice one..
|
|
|
|
|
Can anyone help me that by using this driver how i can see packet contents i.e the data field of the packet.
Please help me in this problem
|
|
|
|
|
I have made some changes in the code of the driver DrvFltip to make it a complete stateful firewall. I added my functions which are called from cbFilerFunction e.g a function add_entry with arguments ip and tcp header and return value int.
When I run the firewall and it receives any packet a blue screen appears and shows and asks to restart windows
DRIVER_IRQL_NOT_LESS_OR_EQUAL
Technical Information
STOP:0x0000000D1(0x00000002,0x00000001,0xF7A8B567)
DrvFltIp.sys- Address F7A8B567 base at F7A8B000 Date stamp 448a6009
I am unable to solve this problem
Please help
|
|
|
|
|
Hello guys
I detected the problem and came to the conclusion that because of saving the present session entries in firewall (as the requirement of statefulness) it is giving this error.
But could not find the solution
please help
Thanks
|
|
|
|
|
We have freely available tools and libraries that capture packets for us e.g WinPcap etc. What if we use these tools to capture packet for us and we use the packet fields in our firewall to filter?With this without going into complexity of driver programing we can filter data contents too.
-- modified at 11:32 Wednesday 7th June, 2006
|
|
|
|
|
just because capturing packets does only mean you make a "copy" of the packets, which still continue to go to its detination user application.
Intercepting the packet, and modify or decide to forward as is or even drop the packet is a completly different story.
|
|
|
|
|
im having the same problem as that other guy. only wut he has probably failed to realize is that the driver is not even loading. the weird thing is that it used to be working for me and it loaded with no problems. now it wont load. "System32\\Drivers\\IpFltDrv.sys" loads but "DrvFltIp" does not. and yes the file is in the directory that it runs from.
|
|
|
|
|
1. You must be admin of the Syatem
2. Windows XP deafult firewall should be off.
3. Your OS must be windows 2000 or above
Sudhir Mangla
http://Programmerworld.net
AND http://DevelopersVoice.com
(Free books , articles , Source Code and Programming Tools and Utilities)
|
|
|
|
|
how to retrieve the packet before sending it to the client. give some tips for implementing using VC++
kk
|
|
|
|
|
Can redirect packets via it.
for example:
Redirect all http packets to a cache server,
--------------------------
if (Dest. IP = 80)
Redirect 127.0.0.1:8081
--------------------------
--Thanks
|
|
|
|
|
I have written a visual basic programme which
1.sniffs out packets and looks up the country in which the packet is either being sent to or recieved from.
2.Now if the country is, to be blocked I want to filter and drop all packets from this IP.
Is there anyway I can send ip's to be blocked to and from this programme using only visual basic.
i.e when the programme is loaded upload my own rules defined by my own visual basic programme??
I know it is complicated but i have nowhere else to turn
|
|
|
|
|
Does anyone know how to retrieve the http content. I have a linux based content filter, and would like to port to Windows, and build an internet content filter.
Thanks
|
|
|
|
|
I'd be very interested in your Linux filter, and am working on such a Windows filter. Keep me posted... see me on eBay, user mjwiseman
|
|
|
|
|
Can somebody explain me, why i got about 50 errors like this
fire error LNK2001: unresolved external symbol @__security_check_cookie@4
when I want to debug this project?
i have already installed the windows xp sp1 dkk und I use visual studio .net.
|
|
|
|
|
With your project, I can create new rule and write into DrvFltIp.sys
So now I want to read information from DrvFltIp.sys. For example: I want to show all information (destination ip, source ip, destination port, source port,.......) of packet - which DrvFltIp.sys catch - to interface.
In class TDriver.h, I see the function:
DWORD TDriver::ReadIo(DWORD code, PVOID buffer, DWORD count)
I don't understand the meaning of value return in this function, and if it can help me show information of packet to interface??? If yes, can you show me detail the code???
Else, you can show me another solutiion??
I wait for your response with impatience. Please reply as soon as possible. Thanks in advance
LonelyStar
|
|
|
|
|
 ok guy ashishumredkar@yahoo.com is my e-mail address
if u get it answer please forward it to me.
thank u.
|
|
|
|
|
Hi,
I use your firewall code to explain a simple firewall for a school course. The only thing I want to know is :
where do you intercept the packets ?("part of code"files .cpp)
Sorry for my english , I'am french canadian.
Thank you and good day!
drbelan
|
|
|
|
|
well i want to create a DLL using VC++6 and call that dll through VB6 well same as socketblock.dll which is provided by Datawizard Tech. www.datawizard.net so if it could possible then it could be Gr8888 for VB developer so they can also enjoy the advantage of VC++ created firewall DLL
well i hope u will have look on this
thanx
-shekhar
|
|
|
|
|
Just a suggestion.
Why don’t you open or create this project in open source website like
SourceForge.net
It will attract lots of coders...
Praveen
|
|
|
|
|
take a look at wipfw on sourceforge.net it attempts to bring freebsd ipfw to windows and it is indeed a very powerful firewall.
Also it is source free sin the GPL on it
|
|
|
|
|
This is an open source project.
Help in developing this project.
Mail the updated code back to at sudhirmangla@hotmal.com
so that i can update the code at this site with the new one
Regards
Sudhir Mangla
|
|
|
|
|
i know that it's an open source project, but i don't believe that many people will take part, because it's a very very easy firewall.
it would be much better not to code a lame packet filter(almost everybody is able to), and of course not to use the ip filter api!
there are much better ways of doing that, i have some of them, but i can't tell u, because perhaps i wan't to do my own firewall (closed source).
don't misunderstand me, ur firewall is quite nice, but it's only a toy compared with other ones... keep going, maybe it gets better.
greez, alex
Don't try it, just do it! 
|
|
|
|
|
Alexander M. wrote:
i have some of them, but i can't tell u, because perhaps i wan't to do my own firewall (closed source).
lol
http://www.ntkernel.com/utilities/tdi_fw.shtml
$feED.YoUR.HeaD$
|
|
|
|
|
i know about that code, and this is not a good firewall!
Don't try it, just do it!
|
|
|
|
|
Hmmm... not to start a flame or anything. But if you intend to implement a "better" firewall and not disclosing information about it (your closed source).
By all means, don't in the first place give such a comment.
The two guys who did this Simple Packet - Filter Firewall is kind enough to share their knowledge unlike you bragging bout it.
And besides, this project is titled Simple Packet - Filter Firewall in the very first place!!.
Anyone that are interested surely would have to start with something simpler and work their way up. Perhaps improvements can be done with the project (implementing another driver). But the main idea i think is having an open source firewall that anyone interested could refer to and use as a stepping stone to developing better firewalls.
|
|
|
|
|
If i am not mistaken TDI only works on the application layer. Identifying access for application. It does not involve packet filtering at a lower level.
My research so far, i'm a very very newcomer to this kind of things. NDIS based driver hooking would be better. There are a lot of NDIS frameworks but at an expensive and costly licensing.
Most firewall vendors are implementing hybrid drivers as far as i know.
|
|
|
|
|
NDIS hooking and SPI hooking technology are used in EasySec Firewall SDK(http://www.effectmatrix.com/easysec).
|
|
|
|
|
This firewall is perfect for me, I do everything on top of TCP/IP with a static ip for each machine, I don't allow any other kind of protocall to run.
These two good souls that wrote this firewall are great and thinking clearly.
All I need to do is block tcp/ip.
I really resent any bragging about "Closed" source. Or calling this firewall a "Toy." That is just sophmoric crap.
I have been a coder for 20 years and have worked at all the "cool" places. Complexity is for people trying to prove how smart they are I submit.
I say simple is better.
This is a great small app, no comments, no bullsh*t.
( Other then MFC heh... )
The code is its own comment and this thing is written clearly.
Very Best Regards.
David L Washington
Exitus Acta Probat
|
|
|
|
|
I trust U. Please do not care that windy talkative ...
enjoy programming
|
|
|
|
|
... i think it's not a good thing to do. isn't a firewall's purpose to add some security to your pc? a rogue program could easily manipulate that file thus rendering the 'firewall' useless.
|
|
|
|
|
gaamoa wrote:
a rogue program could easily manipulate that file thus rendering the 'firewall' useless.
True, but highly unlikely. How would the rogue program get installed and run on your pc if it was blocked by the firewall? How would the rogue program know the firewall in use was this one?
I still do suggest to encrypt the file in a future version but that can be up to the reader to do.
John
|
|
|
|
|
i see your point, and in most cases this is true. actually i had something more like application-based rules in mind when i wrote this objection, not ip-based ones. but what i intended to point out is: a program can be 'installed' without the user knowing it, e.g. spyware bundled with stuff or email worms etc. i know it probably won't happen to you or me, but to average joe user probably would. now that program could easily render THIS firewall useless using the described attack and send what ever it wants to to whoever it wants to. and what good is a firewall if it doesn't let you prevent outgoing connections as well?
i do apreciate this article for showing the basic techniques of how to implement a firewall, just wanted to point out that this approach has to get FAR more sophisticated to be considered a protection (as far as a PF could be called protection).
|
|
|
|
|
In the same way the "rogue program" could delete all your files, kill the firewall, etc, etc. Your point is moot Even if you encrypt the file it could just be deleted.
But, it is a good idea to protect programs and their files.
If you want to protect a given folder you can. Provided you are using NTFS with Windows 2000 or above you can easily limit the users that can access that folder.
|
|
|
|
|
sure a rogue program could delete all your files, but you'd notice that. however, i'm more afraid of the subtle things you won't notice until it's much too late. like a keylogger, or spyware or a email worm or whatever.
and yes, an encrypted file can be deleted as well, so IMHO a firewall (which you use to protect yourself) has to make sure that its rules don't get tampered with, the process doesn't get killed etc.
|
|
|
|
|
gaamoa wrote:
i'm more afraid of the subtle things you won't notice until it's much too late
Yes, if a hacker attacks they are more likely to want to stay undetected.
I think to be fair to the article authour, topics such as protecting files and processes (the memory etc) are out of bounds.
A firewall article should be about firewalls only, otherwise it is too much to take in.
All of what you say is valid, it's just that you have to consider the scope of what the authour is writing. I think covering all bases would require a large series of articles.
|
|
|
|
|
This is just the starting of this project.
it is an open source project.
I welcome your comments.
You should try to improve this project. and make the necessary changes in code and mail it back to me at
sudhirmangla@hotmail.com
so that I could post the updated code to this site.
I invites all of you to contribute in development of this project
Sudhir Mangla
|
|
|
|
|
I am running win xp pro and I can not seem to get the demo working. I extracted all the files and ran the fire executable from the release directory. When I try to block ping or view the rules I get a dialog that states unable to add rule to driver.
John
|
|
|
|
|
You must has admin right to add rule to firewall.please check
|
|
|
|
|
I am the domain admin and I was logged into my desktop with full admin rights. I really do not have time to look at this right now but when I find something I will report back.
John
|
|
|
|
|
Submit an article or tip
Post your Blog
News 
Suggestion 
Bug 
Joke 
Rant 
Admin 
