[smilish]

That worked, thank you very much.

Inf files are really a pain in the neck. I will never understand them.

😕

[smilish]

I do understand. But what about Vista?

Thanks
Frank

[smilish]

Readable content? What do you expect? Machines are communicating…not humans! But you may see some readable frazzles.

For DNS:

1. Intercept all incoming UDP packets from remote-port 53 (DNS)
2. Extract the DNS-information from the data-part of the packets (as described in RFC1034 and RFC1035)
3. Modify the DNS-info
4. Build new (faked) UDP packets
5. Send them to your local-port

That’s it!

[smilish]

You should read serpent’s suggestions more carefully:

To assign PIDs to IP-packets is one thing. Modifying DNS request is another.

To modify DNS requests you don’t need his TDI filter. This for keeping track of connections/PIDs only.

If you want to develop a “Personal Firewall” you need two drivers:

1. NDIS filter doing the main tasks: Block/Allow ether-packets…Reading/modifying the packets by parsing the underlaying services (e.g. http, dns)
2. TDI filter for keeping track of local connections and processes.

[smilish]

Well, you were absolutly right! Again another “Net to Host” failure. Here’s the corrected line of code:

pTcp->th_ack = htonl(ntohl(pTcp->th_seq)+1);

Thanks again!

[smilish]

I am not sure, if you got me right. I am *not* trying to reject a remote machine. I am trying to reject a connection initiated from my *local* machine (outgoing connection)

I’ve checked that out in more detail. The RST-packet I am generating is definetly ok. I’ve sent my packets to Ethereal, and it stated them as valid (checksums are ok etc.).

The local system sends 3 SYN packets. If they will be rejected (RST) by a remote machine, these 3 packets will be sent in a row very quickly. So the local TCP-Stack obviously recognizes these reject packets.

If *my* software do answer those SYN packets with a RST, further SYN packets come with a gap. Although SendPacketToMstcp returned with “TRUE”, the RST packet has *not* been recognized. The local TCP-Stack timedout, as if the SYN packet has been got lost.

[smilish]

Well, I have watched such a RST packet with Ethereal. And did set it up like thath. Thanks anyway.

Btw: Generally, I am rejecting connection request through a TDI filter, that schedules TCP-Connection-IRPs to ring3, but some IRPs can’t be scheduled to ring3 (those with RequestorMode == KernelMode). So I got to get this to work.

[smilish]

Yeah, good to hear that I’ve chosen the right way. But I will buy the source anyway, because I need a customized device-object-name.

By the way: ICMP is also diffcult to catch by a TDI-filter.

Thank you very much for answering.

[Author]

Posts