Anyone Written A Firewall?

[cman]

Has anyone here written a firewall in asm? Just curious as I have had so many problems with anything I've used off the internet. I'm not certain whats involved in writing one or if this is a project that one could generate from scratch. Thanks for any information.

[Twister]

Well, You are going to need to hook a few of the network API functions (WSAConnect, connect, accept, . . .) using a driver, or you could use function detours.

If you are making a one-way firewall (monitoring incoming) then hook these functions:

• WSAConnect
• connect

If you are making a two-way firewall (monitoring both incoming and outgoing) then hook these functions:


Be very careful when creating a driver in assembly. Especially when assembler.

NOTE: That is just one way to do it, and that is the only thing I could think of that would be simple.

Here is the Windows Filtering Platform (WFP): http://msdn.microsoft.com/en-us/library/aa366510%28v=VS.85%29.aspx (I'm not real sure what is does, I'm just going by the name  :8))



What kind of a firewall will it be? AV scanner? website blacklister?




I am very sorry for my poorly written post. I am in a hurry. :P

[clive]

I built a couple of network bridging boxes once upon a time, using a couple of ethernet cards and modems, all in assembler. This did some simple packet analysis and forwarding based on MAC addresses identified on either end of the bridge. It would bridge IPX/SPX and UDP/TCP networks as it worked at the 802.3 level. I could see this being extended to analyze TCP packets and do stateful filtering, identify IP addresses, etc.

It depends on what type of firewall you are talking about, frankly if you are doing this on a windows box trying to filter incoming traffic at line speeds, I'll wish you luck. Personally I'd attack this with hardware designed to perform some of the donkey work, which almost certainly doesn't use x86 assembler.

[Twister]

It depends on what type of firewall you are talking about, frankly if you are doing this on a windows box trying to filter incoming traffic at line speeds, I'll wish you luck. Personally I'd attack this with hardware designed to perform some of the donkey work, which almost certainly doesn't use x86 assembler.

Oh yeah, I have heard of hardware specifically used as a firewall. I think huge corporations use them for protection against intruders and Denial of Service.

[clive]

Oh yeah, I have heard of hardware specifically used as a firewall. I think huge corporations use them for protection against intruders and Denial of Service.

Network processors exist in relatively cheap router boxes. Take the Linksys/Cisco RV042 and RV082, as some older examples. I wouldn't say they are limited to "huge" corporations, either, does anyone with any competence connect their PC directly to the internet/modem?

http://www.intel.com/design/network/products/npfamily/ixp425.htm

[ecube]

yeah your home router such as linksys etc act as a semi firewall. They contain their own operating system(almost always a custom version of linux) and they block access to all listening ports on your system by default. Most block ping requests by default aswell. As far as writing your own firewall the only reliable way is to hook functions in kernel mode, also note that on 64bit versions of windows drivers requires driving signing, which means you need to pay Microsoft a couple hundred to get your driver signed. x64 windows also has something called patchguard which makes hooking kernel apis a lot harder.

[Twister]

My linksys home router runs on embedded Linux. I would like to make some modifications to it. hehe :bdg

I have heard of people modifying their router to make use of a blacklist. This is much quicker than running a website blacklister as software on your computer.

[mineiro]

Found this Sr cman
http://nemesis.te-home.net/HeXHub/
regards

[cman]

Ok , thanks for all the information! I kind of guessed writing such a piece of software was a non-trivial task ( I'll probably stick with my commercial firewall due to the number of long term programming projects I already am working on! ). If anyone ever writes a small , light weight firewall in assembly , let me know! :bg

[Twister]

I just may do that since I have nothing other to work on. Thanks. :bg

[ecube]

peerblock (http://www.peerblock.com/) which is written in C I think is an awesome kernel mode IP blocker that works on x64 aswell. it's the continuation of peerguardian when they stopped developing, anyway its used to block hundred of millions of ips so is very fast, you should check the source.