PC Firewall Based On Stateful Inspection

With the development of Internet, information security problem is paid more and more attention,the firewall technology becomes the most popular network security technology at the present time. The traditional firewalls have to implement the rule inspection for every passing packet, which strongly influences their efficiency. While the Stateful Inspection Firewall enjoys high efficiency because the firewall based on the state inspection technology only implements the rule inspection at the beginning of the connection construction, and carries on the state inspection in the following connection.This thesis introduces the history and the present situation of the firewall technology, expounds three typical firewall technologies, discusses packet capture technology in the Windows environment, and finally designs and implements a PC firewall system based on the state inspection.This firewall system has the following characters:1.Process packets according to the dynamic connection of higher layer protocol(TCP,UDP,ICMP) and the viewpoints of the related IP data flow so that to improve the efficiency. If the IP packet belongs to the connection that has been set up, it can directly surmount the rule inspection in the protocol stack.2.Adopt the technology of NDIS intermediate driver to capture the packets going into and out from the host and the capturing result is so good that the host system is effectively protected.3.Realize a mechanism to defend the SYN attack. This mechanism can dynamically control the connecting time of TCP. When the items in the state table reach the maximum limit, half-connection items is deleted to avoid the SYN attack.4.Take source address, destination address, source port, and destination port as the state information of UDP packet so that to realize the state inspection toward the connectionless UDP packet.Finally, test this PC Stateful Inspection Firewall system,which includes protocol filter testing, port scan testing, function testing, and transmission rate testing, and the results show that this PC Stateful Inspection Firewall enjoys more distinct advantages than the traditional packet filter firewall in efficiency and security.