1. By Deepthi Reddy Ramya Balakumar Vandana Bhardwaj Simple Packet Filtering Firewall

2. Introduction  Security: Important issue in the field of Computer Networks. It is the protection of computer networks and information systems from any unauthorized changes, loss, disclosure or damage.

3.  A firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users from other networks. Types of firewall techniques:  Packet filter  Application gateway  Circuit-level gateway  Proxy Server Firewall

4.  Packet Filtering is the process of controlling the flow of data from one network to another (usually a LAN and the Internet) based on a set of rules (security policy).  It is usually performed by a router as part of a firewall. Packet Filtering

5. Our Project  Developed a firewall for Windows2000 Features:  Start  Stop  Block All  Block Ping  Allow All  Add Rule  View Registered rules  Technology used: Packet Filtering

6.  Used Filter-hook driver to filter network packets.  Extension of system-supplied IP filter.  Implements a callback function called filter hook.  Registers it with IP filter.  IP filter then uses this filter hook to determine whether to forward or drop the incoming or outgoing packets. Implementation

7. Filter Hook function  This function is of the following form: PF_FORWARD_ACTION FilterFunction( unsigned char *PacketHeader, unsigned char *Packet unsigned int PacketLength)  Return Values PF_FORWARD PF_DROP PF_PASS

8. Structure to define filter rules typedef struct filter { USHORT protocol;//protocol used ULONG sourceIp;//source ip address ULONG destinationIp;//destination ip address ULONG sourceMask;//source mask ULONG destinationMask; //destination mask USHORT sourcePort;//source port USHORT destinationPort; //destination port BOOLEAN drop;//if true, the packet will be drop, otherwise the packet pass }IPFilter;

9. IP Header Structure typedef struct IPHeader { UCHAR iphVerLen;// Version and length UCHAR ipTOS;// Type of service USHORT ipLength; // Total datagram length USHORT ipID; // Identification USHORT ipFlags; // Flags UCHAR ipTTL; // Time to live UCHAR ipProtocol; // Protocol USHORT ipChecksum; // Header checksum ULONG ipSource; // Source address ULONG ipDestination; // Destination address } IPPacket;

10. Filter List struct filterList { IPFilter ipf; struct filterList *next; };  Add a rule to this filter list.  Filterlist is initialized to first, its size increases as more and more rules are added.

11. Working of the Filter  Extract the IP Header and assign to a variable of type IPHeader.  Check the protocol.  Compare the packet against the rules from the list until there is no member is in the list.  Check if the protocol is same, if it is then look for the source and destination address.  Now if the protocol is TCP, check for the port.  Drop or pass the packet according to action specified in the rule.

12. Block Ping And Block ALL  Uses Filter object. For Block ping, IPflt.protocol =1;// ICMP IPflt.drop = TRUE For Block all, IPflt.drop = TRUE  Pass this modified IPFilter to the function that adds rule to the driver.

13. Other Features Allow All Clears all the rules from the filter list. View Register Rules It reads the rules from the file. Add Rule Verifies the IP address for invalid characters. Write rule to the file. Add rule to the filter list.

14. Conclusion  Filter-Hook Driver isn't the unique method to develop this type of firewall for Windows, there are others as Firewall-Hook Driver, NDIS-Hooking Filter Driver etc.  It is an easy method. Implementation of filter function is an easy procedure with this method.