Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 901 through 915 (of 1,486 total)
  • Author
    Posts
  • in reply to: IP Header Compression #6675
    Vadim Smirnov
    Keymaster

      WinpkFilter hooking driver does not work with IPv6 and IPsec?

      WinpkFilter hooking driver intercepts only TCPIP.SYS (IPv4) and ignores other protocols (it can be changed if needed). As soon as IPv6 is available only since Wndows XP I don’t see a problem to use NDIS IM driver instead NDIS hooking one for Windows XP and higher.

      As for IPSec, as I have already told that depends from implementation, if WinpkFilter is above IPSec you will capture unencrypted packets and you will capture encrypted ones otherwise.

      in reply to: IP Header Compression #6673
      Vadim Smirnov
      Keymaster

        WinpkFilter NDIS IM driver is suitable for filtering IPv6. As for IPSec, it is actually depends from the particular implementation (WinpkFilter driver can be installed below or above IPsec driver).

        in reply to: IP Header Compression #6671
        Vadim Smirnov
        Keymaster

          i mean “IP header compression”–> RFC 2507(ftp://ftp.isi.edu/in-notes/rfc2507.txt)

          If here you mean to use Windows built-in IP header compression for dial-up links then I think it is implemented below the WinpkFilter (inside of NDISWAN.SYS), so it should not interfere with the changes you do to the packet and its IP header.

          in reply to: IP Header Compression #6669
          Vadim Smirnov
          Keymaster

            What do you actually mean under “IP header compression”? RFC 2507(ftp://ftp.isi.edu/in-notes/rfc2507.txt)? Or some sort of your custom protocol compression?

            in reply to: DNS vs. TCP inspection #6667
            Vadim Smirnov
            Keymaster

              For the majority of Internet users it is enough to use one the Stealth modes to be fully protected from external attacks. TCP stateful inspection is mostly important for server systems.

              in reply to: custom PKT&TCP RESET,Block page for Winpkfilter wwwcenso #6665
              Vadim Smirnov
              Keymaster

                It looks you know what you need to do. What help are you asking for?

                in reply to: custom PKT&TCP RESET,Block page for Winpkfilter wwwcenso #6663
                Vadim Smirnov
                Keymaster

                  You can modify the packet directly without making a copy. However, don’t forget to recalculate checksums before reinjecting the modified packet. Also, if you change TCP data length you have to change TCP header SEQ value.

                  in reply to: WinpkFilter 3.0: Wireless Access Failure #6660
                  Vadim Smirnov
                  Keymaster

                    NDIS_PACKET_TYPE_DIRECTED limits packets received to only packets having the destination MAC address equal to local system MAC address. You have also to allow broadcast packets to let the system function normally:

                    NDIS_PACKET_TYPE.NDIS_PACKET_TYPE_DIRECTED | NDIS_PACKET_TYPE.NDIS_PACKET_TYPE_BROADCAST

                    in reply to: WinpkFilter 3.0: Wireless Access Failure #6658
                    Vadim Smirnov
                    Keymaster

                      I have performed some experiments with wireless network adapter on Windows XP SP3 having Norton Internet Security installed. I can confirm that after installation of WinpkFilter NDIS IM driver wireless connectivity is lost. But it is restored after reboot. Sometimes network stack can’t be rebound dynamically and after installation of NDIS IM driver you may have to reboot. This probably the case your users have met with WinpkFilter (both reported cases had Symantec software installed).

                      in reply to: Winpkfilter Lock up with Kaspersky Internet Security #6650
                      Vadim Smirnov
                      Keymaster

                        We have received few complains on WinpkFilter conflict with KIS 2008/2009, however we were not able to reproduce (it looks it happens only on small amount of systems) and thus can’t understand and fix this problem so far.

                        It looks that the “lock up” you have expirienced depends from hardware configuration (installed hardware drivers) or some third software component in addition to KIS and WinpkFilter. Could you please post or e-mail to support(at)ntkernel.com the details of the software/hardware configuration?

                        in reply to: WinpkFilter Driver v3.0.4 Incompatability Issue On Vista #6662
                        Vadim Smirnov
                        Keymaster

                          NDIS IM driver is a standard Windows driver and by design it has a less chance of the software conflict with other third-party applications than NDIS hooking driver. Your case looks like a software conflict.

                          in reply to: Winpkfilter Lock up with Kaspersky Internet Security #6648
                          Vadim Smirnov
                          Keymaster

                            Install Kaspersky Internet Security 7.0.0.125 d.f

                            We have tested the suggested configuration with Kaspersky Internet Security 7.0.1.325 (the latest one available from the official web site) and have not figured out any problems. May be the problem was specific to 7.0.0.125 and fixed in the current version.

                            Could you try to reproduce it after updating KIS to 7.0.1.325?

                            in reply to: WinpkFilter 3.0: Wireless Access Failure #6657
                            Vadim Smirnov
                            Keymaster

                              Could you try to completely uninstall Symantec software and check if problem with WinpkFilter disappear? This would help to identify the problem.

                              in reply to: WinpkFilter 3.0: Wireless Access Failure #6655
                              Vadim Smirnov
                              Keymaster

                                You still have not replied if you are using the latest WinpkFilter or ealier builds.

                                Try to e-mail us the list of installed drivers/softwares, this may sched some light.

                                Vadim Smirnov
                                Keymaster

                                  How can I detect network interface’s status changes? And also enable/disable interface with winpk framework? Is there any details for delphi or c++?

                                  http://www.ntkernel.com/wpfk-help/setadapterlistchangeevent.htm

                                  As a second question, can I extract tcp packets from the SSL stream with winpk?

                                  If this is about HTTPS then by port number 443. If another port used you can try to identify the connection, an example, by SSL certificate sent by server.

                                Viewing 15 posts - 901 through 915 (of 1,486 total)