Is there any software firewall for windows that actually blocks packets based on content?
Windows firewall fails and can only block by destination/source, port or by protocol.
My server has been under an UDP quake 3 query attack recently and I need a way to filter packets based on content before they reach a source dedicated server instance.
As far as I've understood the attack works by sending packets with a spoofed source ips to tons of random quake 3 servers, which then in return send it back to the spoofed ip which is my server in this case.
If it involves any drivers it has to be 64 bit compatible and has to be verified by windows.
Right now a hardware firewall is not an option.
For anyone who wants to see what a packet looks like:
[code]
0000 b4 99 ba 5c 96 9a 00 d0 00 9e 18 00 08 00 45 00 ...\.... ......E.
0010 02 fc 00 00 40 00 36 11 82 5d d1 be 06 ba 55 11 ....@.6. .]....U.
0020 92 0a 6d 3a 76 ca 02 e8 10 bf ff ff ff ff 73 74 ..m:v... ......st
0030 61 74 75 73 52 65 73 70 6f 6e 73 65 0a 5c 76 6f atusResp onse.\vo
0040 74 65 46 6c 61 67 73 5c 35 30 37 39 30 33 5c 67 teFlags\ 507903\g
0050 5f 62 61 6c 61 6e 63 65 64 74 65 61 6d 73 5c 31 _balance dteams\1
0060 5c 67 5f 62 6c 75 65 6c 69 6d 62 6f 74 69 6d 65 \g_bluel imbotime
0070 5c 31 30 30 30 30 5c 67 5f 72 65 64 6c 69 6d 62 \10000\g _redlimb
0080 6f 74 69 6d 65 5c 31 30 30 30 30 5c 67 61 6d 65 otime\10 000\game
0090 6e 61 6d 65 5c 6a 61 79 6d 6f 64 5c 6d 6f 64 5f name\jay mod\mod_
00a0 76 65 72 73 69 6f 6e 5c 32 2e 30 2e 36 5c 6d 6f version\ 2.0.6\mo
00b0 64 5f 75 72 6c 5c 68 74 74 70 3a 2f 2f 6a 61 79 d_url\ht tp://jay
00c0 6d 6f 64 2e 63 6c 61 6e 66 75 2e 6f 72 67 5c 6d mod.clan fu.org\m
00d0 6f 64 5f 62 69 6e 61 72 79 5c 6c 69 6e 75 78 2d od_binar y\linux-
00e0 72 65 6c 65 61 73 65 5c 73 76 5f 75 70 74 69 6d release\ sv_uptim
00f0 65 5c 30 32 64 30 37 68 33 30 6d 5c 73 76 5f 63 e\02d07h 30m\sv_c
0100 70 75 5c 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 pu\Intel (R) Core
0110 28 54 4d 29 32 20 51 75 61 64 20 43 50 55 20 20 (TM)2 Qu ad CPU
0120 20 20 5c 67 5f 67 61 6d 65 74 79 70 65 5c 32 5c \g_gam etype\2\
0130 67 5f 76 6f 74 65 46 6c 61 67 73 5c 30 5c 67 5f g_voteFl ags\0\g_
0140 61 6c 6c 69 65 64 6d 61 78 6c 69 76 65 73 5c 30 alliedma xlives\0
0150 5c 67 5f 61 78 69 73 6d 61 78 6c 69 76 65 73 5c \g_axism axlives\
0160 30 5c 67 5f 6d 69 6e 47 61 6d 65 43 6c 69 65 6e 0\g_minG ameClien
0170 74 73 5c 38 5c 67 5f 6e 65 65 64 70 61 73 73 5c ts\8\g_n eedpass\
0180 30 5c 73 76 5f 61 6c 6c 6f 77 41 6e 6f 6e 79 6d 0\sv_all owAnonym
0190 6f 75 73 5c 30 5c 73 76 5f 70 72 69 76 61 74 65 ous\0\sv _private
01a0 43 6c 69 65 6e 74 73 5c 34 5c 6d 61 70 6e 61 6d Clients\ 4\mapnam
01b0 65 5c 73 6e 69 70 65 72 5f 6d 61 72 69 6e 61 5f e\sniper _marina_
01c0 62 32 5c 70 72 6f 74 6f 63 6f 6c 5c 38 32 5c 76 b2\proto col\82\v
01d0 65 72 73 69 6f 6e 5c 45 54 20 32 2e 35 35 2b 20 ersion\E T 2.55+
01e0 6c 69 6e 75 78 2d 69 33 38 36 20 53 65 70 20 31 linux-i3 86 Sep 1
01f0 32 20 32 30 30 39 5c 67 5f 68 65 61 76 79 57 65 2 2009\g _heavyWe
0200 61 70 6f 6e 52 65 73 74 72 69 63 74 69 6f 6e 5c aponRest riction\
0210 31 30 30 5c 67 5f 61 6e 74 69 6c 61 67 5c 31 5c 100\g_an tilag\1\
0220 67 5f 6d 61 78 6c 69 76 65 73 5c 30 5c 67 5f 66 g_maxliv es\0\g_f
0230 72 69 65 6e 64 6c 79 46 69 72 65 5c 32 5c 73 76 riendlyF ire\2\sv
0240 5f 66 6c 6f 6f 64 50 72 6f 74 65 63 74 5c 31 5c _floodPr otect\1\
0250 73 76 5f 6d 61 78 50 69 6e 67 5c 30 5c 73 76 5f sv_maxPi ng\0\sv_
0260 6d 69 6e 50 69 6e 67 5c 30 5c 73 76 5f 6d 61 78 minPing\ 0\sv_max
0270 52 61 74 65 5c 32 35 30 30 30 5c 73 76 5f 6d 69 Rate\250 00\sv_mi
0280 6e 67 75 69 64 61 67 65 5c 30 5c 73 76 5f 70 75 nguidage \0\sv_pu
0290 6e 6b 62 75 73 74 65 72 5c 30 5c 73 76 5f 68 6f nkbuster \0\sv_ho
02a0 73 74 6e 61 6d 65 5c 5e 31 5b 5e 37 6e 5e 31 57 stname\^ 1[^7n^1W
02b0 5e 37 6f 5e 31 5d 5e 31 53 5e 37 6e 69 70 65 72 ^7o^1]^1 S^7niper
02c0 20 5e 31 52 5e 37 65 63 72 75 74 69 6e 67 20 5e ^1R^7ec ruting ^
02d0 31 78 5e 37 70 20 5e 31 53 61 76 65 5c 74 69 6d 1x^7p ^1 Save\tim
02e0 65 6c 69 6d 69 74 5c 36 30 30 5c 6f 6d 6e 69 62 elimit\6 00\omnib
02f0 6f 74 5f 6e 61 76 5c 31 5c 73 76 5f 6d 61 78 63 ot_nav\1 \sv_maxc
0300 6c 69 65 6e 74 73 5c 33 30 0a lients\3 0.
[/code]
Thanks!
Outpost Firewall?
[QUOTE=Giraffen93;29794929]Outpost Firewall?[/QUOTE]
I don't think outpost has that function, but I'm looking at it.
EDIT: just looked at it, Outpost is pretty plain and there aren't any real advanced options. You can only make rules with ports and ip's.
I havn't heard of any firewalls with that kind of capability, though it would be interesting if there were one.
[QUOTE=darthkatzs;29797777]I don't think outpost has that function, but I'm looking at it.
EDIT: just looked at it, Outpost is pretty plain and there aren't any real advanced options. You can only make rules with ports and ip's.[/QUOTE]
hahaha not really, it can block whatever you want with alot of rules, stopped using it because it asked too much of me :v:
[url]http://www.snort.org/[/url]
[QUOTE=mmavipc;29828857][url]http://www.snort.org/[/url][/QUOTE]
Neat. Never heard of that.
Sorry, you need to Log In to post a reply to this thread.