Blocking packets of certain sizes

Discussion in 'other firewalls' started by lifehacker, Jul 1, 2008.

Thread Status:
Not open for further replies.
  1. lifehacker

    lifehacker Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    44
    Does anybody know of a firewall or method to block all packets of a certain file size?
     
  2. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello.

    You need to have the ability to filter payload of a packet. CHX-I for sure can do this. But I only had a look at the options in payload rules, never actually tried this in practice so I cannot tell if it works as it should. The software seems to be discontinued, so I can't provide a link. Hopefully some other member can.

    InJoy firewall can also create payload rules, you may want to have a look at it...

    I can't recall exactly, but there are other payload firewalls. Perhaps 8signs? Not sure...
     
  3. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    Im sure im missing something. what good would this d0 ?
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,785
  5. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    You may wish to block (an example) certain DNS requests from an IP (your ISP i.e.) while allowing others. There are cases when header information is simply not enough so payload rules expand the granularity of control you have over packets. Whether this will bring any good or not depends on your needs.

    Not the actual contents of a packet, that is a duty for DPI (or a proxy firewall), but InJoy will filter packets based on payload size and TTL.
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,785
    Sounds good, I do remember trying Injoy a few years back and liked it. If it does the job, then that might be the solution....
     
  7. lifehacker

    lifehacker Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    44
    Thank you very much for the input, Ill try your suggestions out.

    Fajo: the reason why I was interested in this is because Im running some game servers off of my computer which can be crashed by using a readily available tool that sends packets of always the same size, and causes the game servers to enter an endless loop. Since most of the people using it are script kiddies, the packets will almost always be of that size. If they can be blocked, my servers will be immune at least for the time being.
     
  8. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    Lol sounds like counter strike. or a HL Server to me :argh: anyways thanks for the info never thought of why you would want to do this.
     
  9. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    494
    Same problems trying to host SWAT 4 servers ,unfortunatelly i m still looking for a cure to this.Always a kid comes and does something that put the server down.Unfortunatelly i do not know the tool they use so i can counter it.
     
Loading...
Thread Status:
Not open for further replies.