Blocking packets of certain sizes

Does anybody know of a firewall or method to block all packets of a certain file size?

 

Hello.

You need to have the ability to filter payload of a packet. CHX-I for sure can do this. But I only had a look at the options in payload rules, never actually tried this in practice so I cannot tell if it works as it should. The software seems to be discontinued, so I can't provide a link. Hopefully some other member can.

InJoy firewall can also create payload rules, you may want to have a look at it...

I can't recall exactly, but there are other payload firewalls. Perhaps 8signs? Not sure...

 

Im sure im missing something. what good would this d0 ?

 

WSFuser uploaded CHX-I 3.0 as mentioned here:

https://www.wilderssecurity.com/showthread.php?p=1030144&highlight=CHX-I#post1030144

I don't know if filtering by payload will let you filter by packet size, or just contents, or what, but you can check it out and see... I think that's about as close as you'll get, I've never heard of any other home user firewall doing anything like that.

 

You may wish to block (an example) certain DNS requests from an IP (your ISP i.e.) while allowing others. There are cases when header information is simply not enough so payload rules expand the granularity of control you have over packets. Whether this will bring any good or not depends on your needs.

Not the actual contents of a packet, that is a duty for DPI (or a proxy firewall), but InJoy will filter packets based on payload size and TTL.

 

Sounds good, I do remember trying Injoy a few years back and liked it. If it does the job, then that might be the solution....

 

Thank you very much for the input, Ill try your suggestions out.

Fajo: the reason why I was interested in this is because Im running some game servers off of my computer which can be crashed by using a readily available tool that sends packets of always the same size, and causes the game servers to enter an endless loop. Since most of the people using it are script kiddies, the packets will almost always be of that size. If they can be blocked, my servers will be immune at least for the time being.

 

Lol sounds like counter strike. or a HL Server to me anyways thanks for the info never thought of why you would want to do this.

 

Same problems trying to host SWAT 4 servers ,unfortunatelly i m still looking for a cure to this.Always a kid comes and does something that put the server down.Unfortunatelly i do not know the tool they use so i can counter it.