Presentation
Download
Report
Transcript Presentation
Simple Packet Filtering
Firewall
By
Deepthi Reddy
Ramya Balakumar
Vandana Bhardwaj
Introduction
Security:
Important issue in the field of Computer Networks.
It is the protection of computer networks and
information systems from any unauthorized
changes, loss, disclosure or damage.
Firewall
A firewall is a set of related programs, located at a
network gateway server that protects the resources
of a private network from users from other
networks.
Types of firewall techniques:
Packet filter
Application gateway
Circuit-level gateway
Proxy Server
Packet Filtering
Packet Filtering is the process of controlling the
flow of data from one network to another (usually a
LAN and the Internet) based on a set of rules
(security policy).
It is usually performed by a router as part of a
firewall.
Our Project
Developed a firewall for Windows2000
Features:
Start
Stop
Block All
Block Ping
Allow All
Add Rule
View Registered rules
Technology used: Packet Filtering
Implementation
Used Filter-hook driver to filter network packets.
Extension of system-supplied IP filter.
Implements a callback function called filter hook.
Registers it with IP filter.
IP filter then uses this filter hook to determine
whether to forward or drop the incoming or
outgoing packets.
Filter Hook function
This function is of the following form:
PF_FORWARD_ACTION FilterFunction(
unsigned char *PacketHeader,
unsigned char *Packet
unsigned int PacketLength)
Return Values
PF_FORWARD
PF_DROP
PF_PASS
Structure to define filter rules
typedef struct filter
{
USHORT protocol;
ULONG sourceIp;
ULONG destinationIp;
ULONG sourceMask;
ULONG destinationMask;
USHORT sourcePort;
USHORT destinationPort;
BOOLEAN drop;
}IPFilter;
//protocol used
//source ip address
//destination ip address
//source mask
//destination mask
//source port
//destination port
//if true, the packet will be drop, otherwise
the packet pass
IP Header Structure
typedef struct IPHeader
{
UCHAR
iphVerLen;
UCHAR
ipTOS;
USHORT ipLength;
USHORT ipID;
USHORT ipFlags;
UCHAR
ipTTL;
UCHAR
ipProtocol;
USHORT ipChecksum;
ULONG
ipSource;
ULONG
ipDestination;
} IPPacket;
// Version and length
// Type of service
// Total datagram length
// Identification
// Flags
// Time to live
// Protocol
// Header checksum
// Source address
// Destination address
Filter List
struct filterList
{ IPFilter ipf;
struct filterList *next;
};
Add a rule to this filter list.
Filterlist is initialized to first, its size increases as
more and more rules are added.
Working of the Filter
Extract the IP Header and assign to a variable of type
IPHeader.
Check the protocol.
Compare the packet against the rules from the list until there
is no member is in the list .
Check if the protocol is same, if it is then look for the source
and destination address.
Now if the protocol is TCP, check for the port.
Drop or pass the packet according to action specified in the
rule.
Block Ping And Block ALL
Uses Filter object.
For Block ping,
IPflt.protocol =1; // ICMP
IPflt.drop = TRUE
For Block all,
IPflt.drop = TRUE
Pass this modified IPFilter to the function that adds
rule to the driver.
Other Features
Allow All
Clears all the rules from the filter list.
View Register Rules
It reads the rules from the file.
Add Rule
Verifies the IP address for invalid characters.
Write rule to the file.
Add rule to the filter list.
Conclusion
Filter-Hook Driver isn't the unique method to
develop this type of firewall for Windows, there are
others as Firewall-Hook Driver, NDIS-Hooking
Filter Driver etc.
It is an easy method. Implementation of filter
function is an easy procedure with this method.