Research And Realization Of A Personal Firewall Based On Packet Capture Technique

On the market though most products' functions of firewall are quite strong at present, they are based on below hypotheses, which the inner network is safe and reliable, and all the threats are from the outer network. Then the firewall only needs to be cautious to the outer network, and not to the inner. Thus, it is difficult to realize the secure communication between the host computers in the LAN of enterprise, and also to settle host's security problem of every dialing Internet user. Most hosts have not placed themselves under the protection of inner security network during users are in network. The personal Internet user mostly uses windows OS, and the system security, especially Win9x, itself is not high. And various kinds of Windows loophole are being announced constantly, attack of the host computer is more and more, too. Then to protect the secure communication of the host computers, it is very necessary to develop effective personal firewall technology.This paper mainly discusses the design and the implementation of the personal firewall based on Windows 2000 Operation System, the programming language chosen as Visual C++ 6.0 integrated development environment and DDK for Windows 2000 Kits. According to my reference, there are many schemes for the personal firewall technology and each has its own advantages and disadvantages. A new double filtering packet based on kernel and user mode scheme is presented and accomplished in this paper with the development of the personal firewall technology. In the kernel mode, we develop the network driver program to implement the raw net packet capturing through the TDI virtual driver interface technology, and also we accomplish the net packet filtering according to the control canal rules, in the user mode, we develop the dll program to implement the services based on Socket capturing and filtering through the Winsock 2 SPI technology, thereby we overcome the shortcoming during capturing packet by kernel mode or user mode only, greatly improve the system security nature.During the development, we adopt the soft design idea of the structure and modularize, therefore improve the transplantation and agility of the system. As a whole the system may compart three modules: TDI drivers in the kernel mode, the dll program in the user mode and the user application program. Filter driver module adopts virtual driver and layered IRP; dll module refers to Winsock 2 SPI, Winsock 2 API technology, and registration table technology; user application module focuses on Visual C++ 6.0 MFC and Winsock API technology. Adopting the share memorytechnology three modules realize the data share of the control canal rule, the encapsulation data and the network neiborhood name and so on, so we can easily finish the packet authentication by the control canal rule, improve the filtering efficiency of the system.Having carried on the function and anti-attack test to this system finally, the test result indicates that the firewall have higher performance, and can protect the adaptable demand for the personal host. And compared with the current of firewall technology, the system has wide utily value and business value.