How do personal firewalls work ?
Hello,
Sorry for being off-topic, but the most skilled coders I know visit this forum, so this might be a good place to ask.
I''m curious how all those ATGuard, ZoneAlarm and Northon Personal Firewal programs work. I''m really interested in how to watch/block ports and how to monitor TCP/IP streams. I have some experience in UNIX/WinSock coding and know lots of other networking stuff, but I never found any informations on writing such programs.
Has anyone experience with this ?
Tim
--------------------------
glvelocity.gamedev.net
www.gamedev.net/hosted/glvelocity
They scan the packets of information before letting them through the firewall if the packets have something that is against one of the rules set by the firewall it doesnt let the packet through. Thats pretty much it in a nutshell. Basiclly a packet sniffer
I think he wants to know how another program can hook into the
tcp/ip data stream when you are connected, like through a dialup
connection. I think there is some Microsoft SDK for this type
of thing. Try looking for words like RAS - remote access server
and SDKs at microsoft''s site.
tcp/ip data stream when you are connected, like through a dialup
connection. I think there is some Microsoft SDK for this type
of thing. Try looking for words like RAS - remote access server
and SDKs at microsoft''s site.
Yes, your explanation was about what a firewall is/does.
It''s not RAS. RAS is used to connect to other systems through a phone line.
I *think* it is done through WinSock layered service providers usinf the SPI API. You can register a provider that exports the WinSock functions like send/recv etc. The you can take a look at all data and only pass it to the next provider in the chain if the user wants it. So you can block connect calls to certain hosts or you can prevent programs from making outbound connections.
But I have big problems with this. A basic SPI that just passes all Winsock calls to the next SPI in the chain is countless pages long ! I have a sample implementation from Networtk programming for WIndows, but it doesn''t work ;-)
Any ideas ?
Tim
--------------------------
glvelocity.gamedev.net
www.gamedev.net/hosted/glvelocity
It''s not RAS. RAS is used to connect to other systems through a phone line.
I *think* it is done through WinSock layered service providers usinf the SPI API. You can register a provider that exports the WinSock functions like send/recv etc. The you can take a look at all data and only pass it to the next provider in the chain if the user wants it. So you can block connect calls to certain hosts or you can prevent programs from making outbound connections.
But I have big problems with this. A basic SPI that just passes all Winsock calls to the next SPI in the chain is countless pages long ! I have a sample implementation from Networtk programming for WIndows, but it doesn''t work ;-)
Any ideas ?
Tim
--------------------------
glvelocity.gamedev.net
www.gamedev.net/hosted/glvelocity
Ok, I was way off, but still, I think RAS needs to register the
same type of provider that you need too. Perhaps you can see
how they do it, if there is some RAS SDK available.
same type of provider that you need too. Perhaps you can see
how they do it, if there is some RAS SDK available.
Sorry, but RAS has abosulutely nothing to do with this. It is an dial up API, nothing else. It does nothing based on the socket layer and has nothing to do with TCP/IP.
I already know the SPI API that I need to hook me up into the SPI chain, but it is incredible difficult to write even a dummy layered service provide. Just writing something that just forwards all socket stuff trough the chain is soooo difficult. I already have a full-blown framework from Network Programming for Windows, but it doesn''t work ;-)
Tim
--------------------------
glvelocity.gamedev.net
www.gamedev.net/hosted/glvelocity
I already know the SPI API that I need to hook me up into the SPI chain, but it is incredible difficult to write even a dummy layered service provide. Just writing something that just forwards all socket stuff trough the chain is soooo difficult. I already have a full-blown framework from Network Programming for Windows, but it doesn''t work ;-)
Tim
--------------------------
glvelocity.gamedev.net
www.gamedev.net/hosted/glvelocity
Take a look at the source to a linux kernal that supports ip chaining should give you a hint to how they do it.
Some of the more heavyweight firewalls on NT either replace your TCP/IP stack completely or hook themselves in at the layer between ethernet / ppp & tcp/ip
Sorry, but this is 100% useless for me. I want to implement a Win32 personal firewall, not rewriting the W2K networking kernel.
I just need to figure out how to get this damn layered SPI working, then I can start writing the monitor functions...
Tim
--------------------------
glvelocity.gamedev.net
www.gamedev.net/hosted/glvelocity
I just need to figure out how to get this damn layered SPI working, then I can start writing the monitor functions...
Tim
--------------------------
glvelocity.gamedev.net
www.gamedev.net/hosted/glvelocity
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement