Thread: Application level firewall

  1. #1
    Registered User
    Join Date
    Jul 2012

    Application level firewall

    Hello all, I'm working on a OpenWRT project which is a router (WRT54G) and it should block all the exe files which are going through it. Any idea how can build such a functionality ? I have tried packet sniffing in c and got some difficulties with exe identification. please help

  2. #2
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    The edge of the known universe
    They have a forum.

    Have you asked there?
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  3. #3
    Registered User ledow's Avatar
    Join Date
    Dec 2011
    Don't quite see what this has to do with C but you probably want to look at transparent HTTP proxying, not packet sniffing. Packet sniffing is likely to lead to LOTS of false positives being blocked (e.g. if someone downloads from a URL generated by ".exe" on the remote end, which I've seen a lot of, if someone downloads - or even mentions - an EXE not using HTTP, etc.) and you won't be able to *nicely* block the connections, only terminate the connections - rewriting such packets on the fly is a bit insane.

    Squid has a transparent proxy mode, and will certainly already be available for OpenWRT. Then it's just a matter of an appropriate "redirector" being used to capture what URL's people are visiting and redirecting any ".exe" downloads to a page telling them why it was blocked - most redirectors are literally a handful of lines in Perl or Python or something similar because of their simplicity. In fact, if something like Squidguard or Dansguardian isn't already available on OpenWRT, with appropriate redirectors already set up and ready to use, I would have to go buy a hat just so I could eat it.

    And none of this will stop people downloading a ZIP which contains an EXE. Or MSI installers. Or a COM, BAT, PIF, or a million other files that are also directly executable. Or users just plain bypassing your measures by downloading through an SSL page (which you cannot sniff, nor proxy, without them knowing - putting up LOTS of SSL warnings whenever they try to do so - and having serious intervention into their computers) or even via VPN.

    I wouldn't waste time on this, if I were you. The problem is "solved" by existing software as much as possibly can be. Writing a program to replicate that functionality badly is probably only useful as education in how difficult it can be and what NOT to do. And if you wanted to do it properly, you'd set up a squid transparent proxy on the router and use a redirector written in the language of your choice (which would almost certainly be easier and safer in just about any language BUT C for such purposes).

    - Compiler warnings are like "Bridge Out Ahead" warnings. DON'T just ignore them.
    - A compiler error is something SO stupid that the compiler genuinely can't carry on with its job. A compiler warning is the compiler saying "Well, that's bloody stupid but if you WANT to ignore me..." and carrying on.
    - The best debugging tool in the world is a bunch of printf()'s for everything important around the bits you think might be wrong.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. test when my firewall blocks my application
    By Anddos in forum Networking/Device Communication
    Replies: 1
    Last Post: 09-04-2006, 11:46 PM
  2. firewall???
    By shawhiz in forum A Brief History of
    Replies: 4
    Last Post: 04-30-2002, 08:04 PM
  3. Firewall
    By Generator in forum A Brief History of
    Replies: 16
    Last Post: 09-22-2001, 12:28 AM
  4. why get a firewall
    By gato_estupido in forum A Brief History of
    Replies: 7
    Last Post: 09-12-2001, 06:20 PM