Hello
im trying to get an idea of what kind of features i want to build into my project, so would like to ask what kind of features you expect from a firewall.
Any suggestions would much appreciated
Hello
im trying to get an idea of what kind of features i want to build into my project, so would like to ask what kind of features you expect from a firewall.
Any suggestions would much appreciated
Monday - what a way to spend a seventh of your life
the ability to force specific ports open or closed, regardless of danger to running processes...
as in, I want to hijack any port and shut it on whatever process is using it.
Join is in our Unofficial Cprog IRC channel
Server: irc.phoenixradio.org
Channel: #Tech
Team Cprog Folding@Home: Team #43476
Download it Here
Detailed Stats Here
More Detailed Stats
52 Members so far, are YOU a member?
Current team score: 1223226 (ranked 374 of 45152)
The CBoard team is doing better than 99.16% of the other teams
Top 5 Members: Xterria(518175), pianorain(118517), Bennet(64957), JaWiB(55610), alphaoide(44374)
Last Updated on: Wed, 30 Aug, 2006 @ 2:30 PM EDT
Read the feature lists of
http://www.smoothwall.org/
http://www.ipcop.org/
http://www.zonelabs.com/store/content/home.jsp
good and clear, but advanced interface: one tab with a list view of allowed incoming ports, and another tab with allowed programs for example. fast too, a firewall isn't something you see alot so it doesn't need to have skinning capabilities good luck
I loathe pointers
how about a feature where specific incomming traffic are redirected to the originating system.... ( The idea is if some one is trying to hack into your system.. they will actually be hacking their own system....) Linux offers this with some kind of SNAT feature using the iptables...
interesting idea, i might implement that as a sort of hacking final defence system. Thanks for the ideas and if anyone has anymore.
skinning capabilities - not sure i'd be able to do that for linux.
its going to start simple in a console, but im looking at writing a GUI in tcl
Monday - what a way to spend a seventh of your life
i dint know you were doing it in linux.... Looks like you just want to do this for the thrill as Linux already has excellent firewall features...Originally Posted by iain
You might want to look into divert sockets, netlink socket etc which give you full control of the data entering and leaving system...
>>Looks like you just want to do this for the thrill
kind of, yeah. Its my degree final year project.
My title "Development of an intelligent application level proxy"
intelligent proxy by definition is one that includes other facilities such as firewalling, cacheing, audit logs...
So i m writing a proxy, just a rewriting proxy (Using NAT) and a firewall. The firewall will be application level though so will 'understand' the protocol instead of just simple packet filtering.
I know its been done a hundred times but i wanted something in C and involving networking so i came up with this, any suggestions welcome. When im done if it works well enough i'd like to release it.
Monday - what a way to spend a seventh of your life
>>intelligent proxy
sounds to me like it should be some sort of adaptive system. Learn the behaviour of the specific system it is running on and flag oddities or substantial changes in behaviour as a security measure.
I agree the term intelligent proxy is somewhat misleading as it's not truly an intelligent system. An interesting point though Perspective - a firewall that could learn the behaviour would be interesting but i feel it would move the focus of the project toward an artificial learning/intelligence basis more than a networking basis.
i do like the idea of building in some IDS technology though, that an alert can be raised when the behaviour deviates from the baseline behaviour.
Monday - what a way to spend a seventh of your life
of feature or plugin architecture to spoof communications with hackers on differnt ports. what i mean is someone tries to hack your IIS for example, so any directory transversal attacks to get important files would give out a killer virus or something wouldn't be very ethical (if even legal) and would only screw some scripts kiddies over i suppose. oh well...
</ramble>
I loathe pointers