how to develop a firewall to monitor process and protocol Driver by Steve
Steve
Fri Jun 25 18:55:42 CDT 2004
Hi Horace,
I hope you don't consider this a spam kind of reponse,
but we provide a toolkit that lets you have IM
functionality without developing an IM and going through
the arduous WHQL driver signing process. It has a
consistent cross platform interface between the plugin
driver you develop and user/application space. Our DNE
product is a transparent NDIS framework with a consistent
API for the plugins. It facilitates capture,
modification, insertion, deletion, and redirection of
packets across all NDIS-supported LAN and WAN devices.
With literally millions of copies installed, it is the
most widely used NDIS 'shim.' Even Microsoft and Cisco
have licensed it from us for use in their networking
products. Aside from providing a great base to develop
sophisticated networking products (our customers have
developed firewalls, intrusion detection systems,
routers, switches, bridges, QoS schedulers, high speed
packet captures, multicast, IPSEC, TCP spoofing, PPPoE,
L2TP and much more), it is extremely fast, supports all
adapter types (WAN and LAN, WLAN, USB, etc), and enables
you to write one piece of code that will run on all
supported Operating Systems (Win95, 98, ME, NT, 2K, XP,
2003, Linux, Solaris, WindowsCE/PocketPC, etc). It even
provides a consistent cross-platform interface to user
space and the registry.
In the WinCE/PocketPC environment, it lets you develop
and debug on Windows, then just recompile to execute and
work on WinCE/PocketPC. This is a huge advantage over
trying to debug solely on the PocketPC.
Also, if you've ever tried to get through the WHQL
process with an intermediate driver, you know that it is
a long and costly process. Since DNE is already signed
by Microsoft, all plugins run under DNE's signature.
Thus, you can save thousands of dollars on driver signing
alone.
We also have a wide variety of plugins already available
which can be provided as a base for any products you're
thinking of, and if necessary, we can develop or port
your drivers for you. We also supply WAN and LAN virtual
adapters (DCHP spoofing on the LAN VA) with DNE.
Let me know if you have any interest. The product is
more fully described at
www.deterministicnetworks.com/Products/dne.asp.
Steve
>-----Original Message-----
>how to develop a firewall to monitor process and
protocol Driver and NDIS Intermediate Drivers???
>
>I mean this:
>
>1. protect process just need tdi filter ,
tcpip.sys ......
>
>2. how to monitor all protocol driver in the machine???
how sygate
>firewall to do it ??
>hook registerprotocol ??
>
>3 .if a trojan is a NDIS Intermediate Driver , how to
block it and
>monitor it ??
>
>
>ok .thanks a lot
>
>
>
horace
>.
>