Trouble programming network access filter gateway

Secure Home | Search | About

Lost Password?

General Computer Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject	Author	Date
Trouble programming network access filter gateway	Sachs	04-28-2004

Posted by Sachs on April 28, 2004, 2:58 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Hi,

I am programming a real-time network access filter gateway as a
requirement of my course. The main purpose of the gateway is to block
access to some black-listed websites (i.e. block some HTTP requests).

I am using WinPCap 3.0 library and using VC++ 6.0 for development.
WinPCap is good for developing network analysis tools, but there is
one feature of the library which allows one to send raw packets to the
network adapter (http://winpcap.polito.it/docs/man/html/group__wpcap__tut8.html).

Now my pseudo code for capturing request packets goes like this

request_capture_thread()
start
open network adapter connected to internal network (e.g. LAN);
capture all request packets;
if tcp request
if http request
parse http header and get domain name;
lookup the domain name in the blocked list;
if blocked
drop the request packet(s);
send customized response back;
else allow the request;
send captured request packets to the network adapter connected to
the external network (e.g. Internet);
end
=============
response_capture_thread()
start
open network adapter connected to external network;
capture all response packets;
send captured responses to the adapter connected to the internal
network;
end

Now I am trying to capture packets from the internal network adapter
using a filter expression
(http://winpcap.polito.it/docs/man/html/group__language.html) in a
promiscuous mode. The expression looks like "eth src xx:xx:xx:xx:xx:xx
and eth dst yy:yy:yy:yy:yy:yy", where "xx:xx:....:xx" is MAC address
of the adapter where the requests are coming from (e.g. router) and
"yy:yy:...:yy" is MAC address of the adapter on the gateway connected
to internal network. similarly I follow the similar filter expression
for the response packet capturing.

Now the main issue is I don't see any response coming from the
external network even if I transfer all the captured packets from
internal network adapter to the external network adapter. Do I have
to change the MAC layer addresses when I transfer all the packets from
internal network to the external network ?

I will appreciate any guidelines or references to the similar
implementation.

Thank you.

Wishes
Sachin Shah

Similar Threads	Posted
filter expressions for access control	June 21, 2005, 2:09 am
Sidewinder® Network Gateway - Superior Perimeter Security	February 28, 2007, 8:29 pm
AWLP turns your PC into web-managed wireless access gateway	January 4, 2005, 2:59 am
Deny network access if virus defs not up-to-date	April 20, 2005, 12:04 am
SSRT051023 rev.0 - HP Openview Network Node Manager (OV NNM) Remote Unauthorized Access	August 27, 2005, 1:44 pm
virus trouble... need assistance	May 15, 2005, 9:50 pm
virus trouble... need assistance	May 15, 2005, 9:50 pm
SSRT051023 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access	September 5, 2005, 5:36 pm
SSRT051023 rev.3 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access	September 13, 2005, 7:32 pm
SSRT051023 rev.4 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access	September 19, 2005, 6:44 pm

The site map in XML format XML site map