Modification of Pktfilter tool 10/9/2015Pktfilter modification - Brad Baker1 Brad Baker CS591 Spring 2007 Term project.

Slides:



Advertisements
Similar presentations
Module 4: Configuring a Client for Name Resolution
Advertisements

Enabling Secure Internet Access with ISA Server
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
AVG Internet Security 7.5 Product presentation.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 13: Troubleshoot TCP/IP.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.
14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
IIS Configuration © N. Ganesan, Ph.D.. Renaming the Default Web.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Lesson 19: Configuring Windows Firewall
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 8: Implementing and Managing Printers.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
1 Enabling Secure Internet Access with ISA Server.
Windows Server 2008 Chapter 8 Last Update
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Test Review. What is the main advantage to using shadow copies?
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.
Module 7: Configuring TCP/IP Addressing and Name Resolution.
Name Resolution Domain Name System.
Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Session 10 Windows Platform Eng. Dina Alkhoudari.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Implementing Network Access Protection
SNORT Tutorial Sreekanth Malladi (modifying original by N. Youngworth)
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
Access Control List ACL. Access Control List ACL.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Name Resolution.
The In’s and Out’s of the IIS 6.0 Migration Tool The In’s and Out’s of the IIS 6.0 Migration Tool Chris Adams Web Platform Supportability Lead Microsoft.
SUS Commander Sean Merritt. Background Department of Natural Resources uses a Software Update Server to update the user’s PCs. The log files are cryptic.
Secure Wireless Home Networks Area 2 SIR Presentation Nov. 18, 2004 Dean Steichen Br. 8.
Brad Baker CS591 Spring 2007 Term project 10/15/ Pktfilter modification - Brad Baker.
Day 14 Introduction to Networking. Unix Networking Unix is very frequently used as a server. –Server is a machine which “serves” some function Web Server.
1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.
How to configure DNS for a Windows 2000 domain? 1.Start the Install/Remove Programs Control Panel Applet (Start - Settings - Control Panel - Add/Remove.
PDA Program Install Manual IT Team. 1. Execute Internet Explorer 2. Connect Website 3. Download 4. Installation 5. Run 6. Setting 1. Execute.
XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏
Unit - III. Providing a Caching Proxy Server (1) A caching proxy server is software that stores (caches) frequently requested internet objects such as.
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
Module 10: Windows Firewall and Caching Fundamentals.
Configuring Network Connectivity Lesson 7. Skills Matrix Technology SkillObjective DomainObjective # Using the Network and Sharing Center Use the Network.
CTC228 Nov Today... Catching up with group projects URLs and DNS Nmap Review for Test.
ERICSON BRANDON M. BASCUG Alternate - REGIONAL NETWORK ADMINISTRATOR HOW TO TROUBLESHOOT TCP/IP CONNECTIVITY.
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Module 8 Implementing Security Using Group Policy.
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.
Chapter 4: server services. The Complete Guide to Linux System Administration2 Objectives Configure network interfaces using command- line and graphical.
Troubleshooting. Why Troubleshoot? What Can Go Wrong? –Misconfigured zone –Misconfigured server –Misconfigured host –Misconfigured network.
Monitoring Dynamic IOC Installations Using the alive Record Dohn Arms Beamline Controls & Data Acquisition Group Advanced Photon Source.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Click to edit Master subtitle style
Installing TMG & Choosing a Client Type
Module 3: Enabling Access to Internet Resources
Enabling Secure Internet Access with TMG
Network Commands 2 Linux Ubuntu A.S.
Implementing TMG Server Publishing
Modification of Pktfilter tool
CS580 Special Project: IOS Firewall Setup using CISCO 1600 router
Presentation transcript:

Modification of Pktfilter tool 10/9/2015Pktfilter modification - Brad Baker1 Brad Baker CS591 Spring 2007 Term project

The Pktfilter tool  Open source project listed on sourceforge (  Developed by Jean-Baptiste Marchand, project inactive since February 2003  Uses the Win32 filtering API (Windows 2000 packet filtering)  Runs as a service, configures filtering API on start  Provides command line utility 10/9/2015Pktfilter modification - Brad Baker2

Pktfilter basics  Filtering is controlled through a rules file  Rules define a default action, then exceptions – For example, block everything then pass each allowed connection – Rule mixing isn't allowed, you can't block a connection after you have created a pass exception  Example of rule setup: – block in on eth0 all – block out on eth0 all – pass out on eth0 proto tcp from any to port = 80 – pass in on eth0 proto tcp from port = 80 to  Rules require numeric IP addresses  Rules can specify ports and ranges, protocols, and use the “any” keyword. 10/9/2015Pktfilter modification - Brad Baker3

Pktfiler Usage Installation is a manual process Copy the Pktfilter folder to program files or the desired directory From command prompt, run “pktfltsrv.exe -i” followed by the path to three files – Rules file, log file, DNS log file – This command installs as service Configure service to run automatically Configure the rules file as desired – Restrict access to the rules file 10/9/2015Pktfilter modification - Brad Baker4

My project goals In order of priority: – Research why the tool doesn't work on Windows Vista and Windows XP x64 version – Research and include rule mixing For example, after creating an exception for HTTP we would like to block a specific website – Research and fix the logging problem – Research and implement performing DNS IP resolution from the rules file – Research and implement localhost IP resolution 10/9/2015Pktfilter modification - Brad Baker5

Goal #1 – Windows Vista & x64  Windows Vista doesn't include this API  The “Windows Filtering Platform” replaces the packet filtering API  WFP is a much more robust filtering solution  WFP allows application based filtering, boot time filtering, and packet inspection  Moving Pktfilter to x64 just requires building with the correct platform  Conclusion: Save WFP for future, x64 was success 10/9/2015Pktfilter modification - Brad Baker6

Goals #2/#3 – Mixing & Logging  Mixing is not possible based on the design of the underlying API  The filtering engine is specifically designed to provide only the default and exception actions  Logging works with a fresh Windows XP installation  Changes to iphlpapi.dll in Service Pack 1 broke the logging function  Conclusion: Mixing and logging aren't possible due to larger system issues 10/9/2015Pktfilter modification - Brad Baker7

Goals #4/#5 – IP resolution Modified program to use brackets for DNS lookup “ [ ” Modified program to use “me” keyword for localhost lookup Looked at several DNS query methods First used: DnsQuery_A() in Then used: gethostbyname() in Finally: getaddrinfo() in Tool Produces a log file to document translation 10/9/2015Pktfilter modification - Brad Baker8

Example of IP resolution Log file output: Begin rule file parsing, GMT: :43:25 > local 'me' symbol resolved : ( : artos ) > Remote DNS lookup resolved : ( : slashdot.org ) > Remote DNS lookup resolved : ( : ) > Remote DNS lookup FAILED : ( - : test.my.blah ) > Remote DNS lookup FAILED : ( - : > Remote DNS lookup resolved : ( : ) > Remote DNS lookup resolved : ( : ) END, GMT: :43:30 Corresponding input configuration: # input rules rule 1: pass in on eth0proto udp from any port = 53 to any rule 2: pass in on eth0proto tcp from port = 80 to rule 3: pass in on eth0proto tcp from port = 80 to rule 4: pass in on eth0proto tcp from port = 80 to rule 5: pass in on eth0proto tcp from port = 80 to rule 6: pass in on eth0proto tcp from port = 80 to rule 7: pass in on eth0proto tcp from port = 80 to rule 8: pass in on eth0proto udp from any port = 67 to any port = 68 10/9/2015Pktfilter modification - Brad Baker9

Summary  The tool will remain effective until Windows Vista is a common platform  Several goals were not met, however the IP resolution will provide a benefit  Protected the application from long URLs and blank URLs – The rules file won't compromise the filtering configuration  Future enhancements can involve port information, fixing DNS timeout, etc  Security concerns with relying on DNS query – For example, the current Windows DNS server bug 10/9/2015Pktfilter modification - Brad Baker10

References Original Pktfilter project source – Information about filtering API – – NWU /public/02Whole.pdf NWU /public/02Whole.pdf WFP summaries – – DNS lookup information – – PfCreateInterface, references other filtering API functions – /9/2015Pktfilter modification - Brad Baker11

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.