Need help with Network Packet filtering (IDS)
in [Device Drivers]
|
From: Thomas F. Divine on 6 Jan 2010 10:15 If you are pressed for time and want to develop a decent product, then on Windows Vista and higher you would be foolish not to use the free Microsoft-blessed Windows Filtering Platform (WFP). One would consider alternatives to WFP _only_ to deal with highly unusual specific threats. On XP it is a completely different situation. To be successful on XP you will need to have a NDIS IM driver (below TCP/IP) and a Transport Data Interface (TDI - above TCP/IP) to have complete visibility into network traffic. Developing this sort of driver suite is not for the faint of heart. In addition, once you have a product that works perfectly in your lab you must then consider how it interacts with other similar products (FW/AV) that might be installed on the same machine. This is a real nightmare. I strongly recommend that you drop the idea of supporting pre-Vista altogether and use WFP for Vista and later. Good luck, Thomas F. Divine http://www.rawether.net "Maverick" <koushal.forums(a)gmail.com> wrote in message news:4c11b736-1905-424a-b1b2-0d6dccf04946(a)21g2000yqj.googlegroups.com... > Hi, > > I need a network packet filtering SDK for Windows using which I'd be > able to sniff packets over the network and block them after > inspection. > I need this for an Intrusion Detection system I'm planning to develop. > The SDK should provide me with APIs (no matter user mode or kernel > mode) to read incoming packets, > I'll do a content search over the packet data and decide whether the > packet should be dropped or forwarded ahead. > Due to shortage of time, I cannot opt for writing an NDIS Intermediate > driver on my own. > > I've found the following 3 SDKs until now: > > 1. WinPkFilter > http://www.ntkernel.com/w&p.php?id=7 > > 2. MicroOLAP's PSSDK > http://www.microolap.com/products/network/pssdk/ > > 3. IP Packet Redirector > http://pcausa.com/filters/ipredir.htm > > I want to know if anyone can recommend me of an SDK better than the > above 3, or something which is more popular. > > Thanks
First
|
Prev
|
Pages: 1 2 Prev: Vhidmini Next: ndislwf monitoring filter preventing network connectivity |