Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modification of Pktfilter tool 10/9/2015Pktfilter modification - Brad Baker1 Brad Baker CS591 Spring 2007 Term project.

Published byAdele Chastity Phelps Modified over 9 years ago

Similar presentations

Presentation on theme: "Modification of Pktfilter tool 10/9/2015Pktfilter modification - Brad Baker1 Brad Baker CS591 Spring 2007 Term project."— Presentation transcript:

1 Modification of Pktfilter tool 10/9/2015Pktfilter modification - Brad Baker1 Brad Baker CS591 Spring 2007 Term project

2 The Pktfilter tool  Open source project listed on sourceforge ( http://sourceforge.net/projects/pktfilter/) http://sourceforge.net/projects/pktfilter/  Developed by Jean-Baptiste Marchand, project inactive since February 2003  Uses the Win32 filtering API (Windows 2000 packet filtering)  Runs as a service, configures filtering API on start  Provides command line utility 10/9/2015Pktfilter modification - Brad Baker2

3 Pktfilter basics  Filtering is controlled through a rules file  Rules define a default action, then exceptions – For example, block everything then pass each allowed connection – Rule mixing isn't allowed, you can't block a connection after you have created a pass exception  Example of rule setup: – block in on eth0 all – block out on eth0 all – pass out on eth0 proto tcp from any to 128.198.1.212 port = 80 – pass in on eth0 proto tcp from 128.198.1.212 port = 80 to 192.168.1.100  Rules require numeric IP addresses  Rules can specify ports and ranges, protocols, and use the “any” keyword. 10/9/2015Pktfilter modification - Brad Baker3

4 Pktfiler Usage Installation is a manual process Copy the Pktfilter folder to program files or the desired directory From command prompt, run “pktfltsrv.exe -i” followed by the path to three files – Rules file, log file, DNS log file – This command installs as service Configure service to run automatically Configure the rules file as desired – Restrict access to the rules file 10/9/2015Pktfilter modification - Brad Baker4

5 My project goals In order of priority: – Research why the tool doesn't work on Windows Vista and Windows XP x64 version – Research and include rule mixing For example, after creating an exception for HTTP we would like to block a specific website – Research and fix the logging problem – Research and implement performing DNS IP resolution from the rules file – Research and implement localhost IP resolution 10/9/2015Pktfilter modification - Brad Baker5

6 Goal #1 – Windows Vista & x64  Windows Vista doesn't include this API  The “Windows Filtering Platform” replaces the packet filtering API  WFP is a much more robust filtering solution  WFP allows application based filtering, boot time filtering, and packet inspection  Moving Pktfilter to x64 just requires building with the correct platform  Conclusion: Save WFP for future, x64 was success 10/9/2015Pktfilter modification - Brad Baker6

7 Goals #2/#3 – Mixing & Logging  Mixing is not possible based on the design of the underlying API  The filtering engine is specifically designed to provide only the default and exception actions  Logging works with a fresh Windows XP installation  Changes to iphlpapi.dll in Service Pack 1 broke the logging function  Conclusion: Mixing and logging aren't possible due to larger system issues 10/9/2015Pktfilter modification - Brad Baker7

8 Goals #4/#5 – IP resolution Modified program to use brackets for DNS lookup “ [www.uccs.edu] ” Modified program to use “me” keyword for localhost lookup Looked at several DNS query methods First used: DnsQuery_A() in Then used: gethostbyname() in Finally: getaddrinfo() in Tool Produces a log file to document translation 10/9/2015Pktfilter modification - Brad Baker8

9 Example of IP resolution Log file output: ----------------------------------------------------- Begin rule file parsing, GMT: 2007-05-06 04:43:25 > local 'me' symbol resolved : ( 192.168.1.100 : artos ) > Remote DNS lookup resolved : ( 66.35.250.150 : slashdot.org ) > Remote DNS lookup resolved : ( 209.131.36.158 : www.yahoo.com ) > Remote DNS lookup FAILED : ( - : test.my.blah ) > Remote DNS lookup FAILED : ( - : http://www.crh.noaa.gov/fo) > Remote DNS lookup resolved : ( 128.198.1.212 : www.uccs.edu ) > Remote DNS lookup resolved : ( 72.14.253.147 : www.google.com ) END, GMT: 2007-05-06 04:43:30 Corresponding input configuration: # input rules rule 1: pass in on eth0proto udp from any port = 53 to any rule 2: pass in on eth0proto tcp from 66.35.250.150 port = 80 to 192.168.1.100 rule 3: pass in on eth0proto tcp from 209.131.36.158 port = 80 to 192.168.1.100 rule 4: pass in on eth0proto tcp from 127.0.0.1 port = 80 to 192.168.1.100 rule 5: pass in on eth0proto tcp from 127.0.0.1 port = 80 to 192.168.1.100 rule 6: pass in on eth0proto tcp from 128.198.1.212 port = 80 to 192.168.1.100 rule 7: pass in on eth0proto tcp from 72.14.253.104 port = 80 to 192.168.1.100 rule 8: pass in on eth0proto udp from any port = 67 to any port = 68 10/9/2015Pktfilter modification - Brad Baker9

10 Summary  The tool will remain effective until Windows Vista is a common platform  Several goals were not met, however the IP resolution will provide a benefit  Protected the application from long URLs and blank URLs – The rules file won't compromise the filtering configuration  Future enhancements can involve port information, fixing DNS timeout, etc  Security concerns with relying on DNS query – For example, the current Windows DNS server bug 10/9/2015Pktfilter modification - Brad Baker10

11 References Original Pktfilter project source – http://sourceforge.net/projects/pktfilter/ http://sourceforge.net/projects/pktfilter/ Information about filtering API – http://www.ndis.com/papers/winpktfilter.htm http://www.ndis.com/papers/winpktfilter.htm – http://www.library.uow.edu.au/adt-NWU/uploads/approved/adt- NWU20041108.142435/public/02Whole.pdf http://www.library.uow.edu.au/adt-NWU/uploads/approved/adt- NWU20041108.142435/public/02Whole.pdf WFP summaries – http://www.microsoft.com/whdc/device/network/WFP.mspx http://www.microsoft.com/whdc/device/network/WFP.mspx – http://msdn2.microsoft.com/en-us/library/aa363967.aspx http://msdn2.microsoft.com/en-us/library/aa363967.aspx DNS lookup information – http://msdn2.microsoft.com/en-us/library/ms738524.aspx http://msdn2.microsoft.com/en-us/library/ms738524.aspx – http://msdn2.microsoft.com/en-us/library/ms738520.aspx http://msdn2.microsoft.com/en-us/library/ms738520.aspx PfCreateInterface, references other filtering API functions – http://msdn2.microsoft.com/en-gb/library/aa376646.aspx http://msdn2.microsoft.com/en-gb/library/aa376646.aspx 10/9/2015Pktfilter modification - Brad Baker11

Download ppt "Modification of Pktfilter tool 10/9/2015Pktfilter modification - Brad Baker1 Brad Baker CS591 Spring 2007 Term project."

Similar presentations

Module 4: Configuring a Client for Name Resolution

Module 4: Configuring a Client for Name Resolution
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
AVG Internet Security 7.5 Product presentation.

AVG Internet Security 7.5 Product presentation.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 13: Troubleshoot TCP/IP.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 13: Troubleshoot TCP/IP.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.

Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.

Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
IIS Configuration © N. Ganesan, Ph.D.. Renaming the Default Web.

IIS Configuration © N. Ganesan, Ph.D.. Renaming the Default Web.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 8: Implementing and Managing Printers.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 8 Introduction to Printers in a Windows Server 2008 Network.
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Similar presentations

Ads by Google