1

Possible Duplicate:
Writing a Personal Firewall in Java that drop network packet

Hi friends I am new to this community. I am student of mtech. I am working on DOS attack detection and prevention technique as thesis. I am using jpcap library to capture the packet and I have an algorithm to find the spoofed packets. I want to drop spoofed packets to prevent the system from DoS attack. There is no class available in jpcap to drop the packets. Can anyone help me to find out a way to drop spoofed packets using JAVA program? Thanks in advance.

Community
  • 1
  • 1
Ashok
  • 9
  • 3

1 Answers1

0

I do not know of any java based API that will allow you to filter packets & as far as I am concerned there is no java API that supports this. none of the pcap libs : jnetpcap,jpcap, winpcap etc.

You would have to use OS dependent firewall API such as

microsoft's: Microsoft firewall API

Mukul Goel
  • 8,387
  • 6
  • 37
  • 77
  • That's right, WinPCAP can't drop packets. But [WinDivert](http://reqrypt.org/windivert.html) (my own project) can. It's written in C so OP would need to write a Java wrapper. – Basil Oct 31 '12 at 04:43
  • @basil wouldnt it be a better idea to use the `firewall api` than to wrap `windivert`? , not sure though. What do you say? – Mukul Goel Oct 31 '12 at 04:53
  • It depends. For simple things like blocking based on traffic type, then the Windows user-mode firewall API may be OK. For anything more complex things (e.g. that requires DPI) then you need to write kernel-mode software, or use a package like WinDivert. PS: your above link is broken. – Basil Oct 31 '12 at 05:15
  • @Basil Alright, Thanks for the info. quite new to using java in these ways. Thanks for reporting the broken Link , I have updated it to a new link. – Mukul Goel Oct 31 '12 at 06:47
  • thanks mukul and basil for your responses. mukul your link is broken. can you send me new link and some tutorial about firewall api. i want to use them and basil thanks for windivert. i am studying windivert and i will try to use it. i want to know that can windivert drop packets using information like ipaddress of source machine, ttl values(means sort of rule generation)? and if i want to use windivert then i think i have to use jni. – Ashok Oct 31 '12 at 14:13
  • @Ashok that URL has been fixed earlier today. open that first and then comment its working or not working – Mukul Goel Oct 31 '12 at 14:26
  • @Ashok Yes with WinDivert you can redirect packets to your application and "drop" them by simply not re-injecting them (for any reason you like). Alternatively you can drop packets directly using `DIVERT_FLAG_DROP` flag (see the documentation). This is useful for simple filters. – Basil Nov 02 '12 at 09:11