Solved

Windows firewall packet filtering

Posted on 2009-04-06
5
370 Views
Last Modified: 2013-12-04
I've been looking for ways to block a particular UDP packet on windows, but need to look into the payload. Something like if (udp[34]==0xaa and udp[45]==0xbb) then PF_DROP.

Are there firewalls/proxies that can do this? The ones I've come across only filter on IP/port. I can do this on linux with iptables but have yet to find a solution on Windows.

I'm open to writing my own app if someone can give me pointers to the windows kernel hooks for packet filtering. Thanks.
0
Comment
Question by:zyca
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 5

Accepted Solution

by:
theoaks earned 250 total points
ID: 24086894
yes... ms isa server can do packet level filtering, not just port based.


0
 
LVL 86

Assisted Solution

by:jkr
jkr earned 250 total points
ID: 24088757
I am not aware of an existig FW for that purpose, but you could adapt the one presented in http://www.codeproject.com/KB/IP/FwHookDrv.aspx ("An Adventure: How to implement a Firewall-Hook Driver?") to suit your needs. This article comes with full source code.
0
 
LVL 86

Expert Comment

by:jkr
ID: 24711235
I'd object against a split, since 'yes [...] a server can do that' is too vague.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question