CALIFORNIA STATE UNIVERSITY CHANNEL ISLANDS
|
COURSE: COMP 524 - SECURITY - FALL 2007
|
STUDENT: JOSIF KURUNCZI |
E-MAIL ADDRESS : jkurunczi@yahoo.com |
ASSIGNMENT #6 |
DUE DATE : November 19, 2007 |
Write a packet-filtering program. One input should be a configuration file, which resembles the Table 1 below. Your program should read an input file containing packet headers and filter them. The name of the input file should be read from standard input. Writing to standard output only those packers allowed by the configuration file. The input file your program processes should contain a sequence of packets, each formatted as follows:
Direction: < Incoming | Outgoing >
Source IP: < * | xxx.xxx.xxx.xxx >
Source Port: < * | XXX >
Destination IP: <* | xxx.xxx.xxx.xxx >
Destination Port: < * | XXX >
Protocol: < * | TCP | UDP >
Table 1
Submission:
You are required to submit
- Program to implement this firewall. You could use either C/C++ or Java. Submit both code and binary and instruction to compile your code. Your code must contain detailed Javadoc (for Java) and Doxygen (for c++) style documentation and must be readable so that someone else other than you could EASILY understand it.
- A description that how to run/use your program.
Solution
I created two text files that should be placed in the root of your C: drive. The program will read these two files. These two text files (pr6confg.txt and pr6input.txt), the source code file (JosifKuruncziProj6.cpp) and the exacutable file (JosifKuruncziProj6.exe) can be downloaded from HERE.
The configuration file called pr6confg.txt which is the same as the above table looks like this:
incoming
*
*
*
79
TCP
incoming
*
*
*
69
UDP
outgoing
*
123.112.*.*
*
*
*
The captured data file I created for a test looks as follows. Notice that I kept the same formatting as the configuration file (above table).
outgoing
72.153.98.28
163.25.98.101
1036
53
DNS
incoming
163.25.98.101
72.153.98.28
53
1036
DNS
outgoing
72.153.98.28
209.131.36.158
1036
53
DNS
incoming
209.131.36.158
72.153.98.28
53
1036
DNS
outgoing
72.153.98.28
217.116.215.199
1050
21
FTP
incoming
217.116.215.199
72.153.98.28
21
1050
FTP
incoming
55.44.33.22
72.153.98.28
3988
79
TCP
incoming
198.168.121.7
72.153.98.28
4089
79
TCP
outgoing
72.153.98.28
217.116.215.199
1055
80
HTTP
incoming
217.116.215.199
72.153.98.28
80
1055
HTTP
outgoing
72.153.98.28
217.116.215.198
1136
110
POP3
incoming
217.116.215.198
72.153.98.28
110
1136
POP3
outgoing
72.153.98.28
217.116.215.198
1189
25
SMTP
incoming
217.116.215.198
72.153.98.28
25
1189
SMTP
incoming
210.67.89.168
72.153.98.28
6584
69
UDP
incoming
9.249.39.159
72.153.98.28
5149
69
UDP
incoming
72.153.98.28
193.162.13.250
68
67
DHCP
incoming
193.162.13.250
72.153.98.28
67
68
DHCP
outgoing
72.153.98.28
123.112.25.98
80
1056
HTTP
outgoing
72.153.98.28
123.112.25.98
21
1049
FTP
incoming
72.153.98.28
193.162.13.250
68
67
DHCP
incoming
193.162.13.250
72.153.98.28
67
68
DHCP
outgoing
72.153.98.28
123.112.152.198
80
1056
HTTP
outgoing
72.153.98.28
123.112.152.198
21
1049
FTP
The program reads both files from drive C: and then it runs through a function to search for a match.
For each filter, I have to see if the incoming packet is allowed through or not. As you will see, it only takes one filter to allow it.
There are six fields and for each field, I compare each filter field character against the input character. If I encounter a "*" in the filter, then it passed. If I encounter a different characters, then it failed. At the end that packets that are allowed (these are the packets that are actually blocked by the firewall) are displayed on the screen.
A sample output of the program looks as follows:
