[Winpcap-users] Building a firewall w/o WinPcap?
Guy Harris
guy at alum.mit.edu
Sun Nov 27 21:41:01 GMT 2005
Angel Tsankov wrote:
> I know that WinPcap cannot be used to drop incoming packets or to build
> a firewall, but I desperately need to write one. How is this to be done?
The WinPcap FAQ item 17:
http://www.winpcap.org/misc/faq.htm#Q-17
says
Q-17: Can I use WinPcap to drop the incoming packets? Is it possible to
use WinPcap to build a firewall?
A: No. WinPcap is implemented as a protocol, therefore it is able to
capture the packets, but it can't be used to drop them before they reach
the applications. The filtering capabilities of WinPcap work only on the
sniffed packets. In order to intercept the packets before the TCP/IP
stack, you must create an intermediate driver.
Googling for
firewall windows "intermediate driver"
found
http://www.sysinternals.com/Forum/forum_posts.asp?TID=2486&PN=1&get=last
which says:
I have recently started an Open Source Windows XP firewall project. The
project is coming along and I hope to have first release within the next
couple of months. One of the major difficulties in this project has been
the fact that it is an area which is so scarcely documented. In the
hopes of improving this situation I am preparing a step by step tutorial
on how to build a Windows XP Firewall which can be found at
http://penetration-testing.co.uk/tutorials/howToMakeAWindows XPFirewall.php
This tutorial already covers the basics in driver development and the
core concepts needed to start developing an NDIS Intermediate driver
which is the basis of a good Windows XP firewall.
I invite all those interested in the subject to follow along with my
tutorial as it grows day by day and to give any constructive criticism
that you feel my tutorial could benefit from.
The tutorial isn't complete, but it might help. The Google search above
might find you more information on this.
More information about the Winpcap-users
mailing list