locked
Block incoming connection on ALE_AUTH_RECV_ACCEPT_Vx layers RRS feed

  • Question

  • Hello again

    If I want to block incoming TCP-connection for process-specific rules callout-driver should handle ALE_AUTH_RECV_ACCEPT_Vx layers. For example, I build driver "inspect " (DDK:~\src\network\trans\inspect) in which remove the filtering transport layers (only ALE_AUTH_CONNECT_Vx/ALE_AUTH_RECV_ACCEPT_Vx). But without filtering OUTBOUND_TRANSPORT_Vx and INBOUND_TRANSPORT_Vx connection is successfully established and traffic is transmitted from a remote machine.

    "inspect " driver should not block connections without filtering TRANSPORT-levels?

    P.S. OS: Win7 x32

    Tuesday, October 5, 2010 2:00 PM

All replies

  • What do your filters look like?  are you using the callout?  if so what is it doing?  you make reference to the inspect sample.  This sample will re-inject the packets.  Is there a reason you need the callout?  Simplest method would be to have a simple BLOCK filter for the tuple / app information you want blocked.

     

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------
    Thursday, October 7, 2010 5:28 PM
    Moderator