Windows Ce.net Platform Is Based On The Design And Realization Of The Ndis Intermediate Driver's Packet Filtering Program

Packet filtering is one of the earlist technologies which is widely used in the firewall field. Packet filtering has great advantages in deployment, transparence, efficiency to application, and reliable performance.By inspecting the source address, destination address, source port, destination port and the head information of a packet, traditional packet filtering technology decides which packet should pass the firewall. However, as far as the firewall is concerned, security is the most important consideration. Traditional packet filtering technology implements its network control function below the transport layer, because it acts by having access to the IP address and service port which is the information in the network layer. However, most of network attacks today employ the defects of the application layers. Therefore, because of its deficiency in providing effective protection for the application layers, traditional packet filtering is faced with a great challenge for its security.This paper solves the problem with two new technologies. Firstly, by using NDIS intermediate driver, which works in the kernal module , and particular strategy in packet and buffer management, the improved traditional packet filtering technology has gained much higher efficiency and reduced the occupancy of system memory. Secondly, the paper employs Stateful Filtering Mechanism(SFM). The technology aims at providing more reliable protection on the application layers. By monitoring the status of every network session, the connection-oriented SFM technology treats different packets with different filtering technologies according to their different characteristics. As a result, SFM enhances the control over the transport layer and realizes more efficient protection on the application layers.In a word, the paper designs and implements the packet filtering system using NDIS intermediate driver and the stateful packet filtering technology under Windows CE.NET architecture. As a result, the performance of system security and throughput is obviously better than the traditional packet filtering technology.