|
阅读:1380回复:5
怎么没有人讨论pecausa?
rt
|
|
|
沙发#
发布于:2002-05-11 14:55
你来说两句吧。
|
|
|
|
板凳#
发布于:2002-05-12 23:07
是pcausa吧.
|
|
|
地板#
发布于:2002-05-13 17:32
我还算熟悉它的用法,不过源代码还没有来得及研究。大家讨论讨论。
|
|
|
地下室#
发布于:2002-05-14 20:18
其中有个98下的PIM,不知道可否改造成包过滤的防火墙?
|
|
|
5楼#
发布于:2002-05-15 14:14
好像是最新版本的。不知有没有人搞得到?
CryptoPing NDIS IM Driver CryptoPing takes the PassThru sample and extends it to illustrate a NDIS IM driver that performs modification to transmitted and received network packets. The sample performs simple in-place \"encryption\" of transmitted ICMP Echo Request (\"ping\" requests) packets and an inverse decryption of received ICMP Echo Reply packets. Without CryptoPing installed the ping packets observed on the network look similar to the following HEX dump representation: Packet No.: 0000000030 Time: 0252892873 msec Length: 74/74 Ethernet Dest: 00.40.95.49.03.5F Src: 00.50.DA.03.4D.DF Type: 0x0800 000000: 00 40 95 49 03 5F 00 50 : DA 03 4D DF 08 00 45 00 .@.I._.P..M...E. 000010: 00 3C 07 46 00 00 80 01 : AF 9C C0 A8 01 6E C0 A8 .<.F.........n.. 000020: 01 20 08 00 48 5C 03 00 : 02 00 61 62 63 64 65 66 . ..H\\....abcdef 000030: 67 68 69 6A 6B 6C 6D 6E : 6F 70 71 72 73 74 75 76 ghijklmnopqrstuv 000040: 77 61 62 63 64 65 66 67 : 68 69 wabcdefghi...... Packet No.: 0000000031 Time: 0252892873 msec Length: 74/74 Ethernet Dest: 00.50.DA.03.4D.DF Src: 00.40.95.49.03.5F Type: 0x0800 000000: 00 50 DA 03 4D DF 00 40 : 95 49 03 5F 08 00 45 00 .P..M..@.I._..E. 000010: 00 3C E5 15 00 00 80 01 : D1 CC C0 A8 01 20 C0 A8 .<........... .. 000020: 01 6E 00 00 50 5C 03 00 : 02 00 61 62 63 64 65 66 .n..P\\....abcdef 000030: 67 68 69 6A 6B 6C 6D 6E : 6F 70 71 72 73 74 75 76 ghijklmnopqrstuv 000040: 77 61 62 63 64 65 66 67 : 68 69 wabcdefghi...... The ICMP Option Data is shown in bold letters. CryptoPing encodes transmitted ICMP Echo Requests by simply changing the case of odd-numbered ICMP Option Data. Received ICMP Echo Reply packets are decrypted using the inverse operation. With CryptoPing installed the ping packets observed on the network look similar to the following HEX dump representation: Packet No.: 0000000005 Time: 0253034683 msec Length: 74/74 Ethernet Dest: 00.40.95.49.03.5F Src: 00.20.18.D6.41.E7 Type: 0x0800 000000: 00 40 95 49 03 5F 00 20 : 18 D6 41 E7 08 00 45 00 .@.I._. ..A...E. 000010: 00 3C 56 AD 00 00 80 01 : 60 3D C0 A8 01 66 C0 A8 .<V.....`=...f.. 000020: 01 20 08 00 A3 07 02 00 : AA 54 61 42 63 44 65 46 . .......TaBcDeF 000030: 67 48 69 4A 6B 4C 6D 4E : 6F 50 71 52 73 54 75 56 gHiJkLmNoPqRsTuV 000040: 77 41 62 43 64 45 66 47 : 68 49 wAbCdEfGhI...... Packet No.: 0000000006 Time: 0253034683 msec Length: 74/74 Ethernet Dest: 00.20.18.D6.41.E7 Src: 00.40.95.49.03.5F Type: 0x0800 000000: 00 20 18 D6 41 E7 00 40 : 95 49 03 5F 08 00 45 00 . ..A..@.I._..E. 000010: 00 3C F2 15 00 00 80 01 : C4 D4 C0 A8 01 20 C0 A8 .<........... .. 000020: 01 66 00 00 AB 07 02 00 : AA 54 61 42 63 44 65 46 .f.......TaBcDeF 000030: 67 48 69 4A 6B 4C 6D 4E : 6F 50 71 52 73 54 75 56 gHiJkLmNoPqRsTuV 000040: 77 41 62 43 64 45 66 47 : 68 49 wAbCdEfGhI...... Implementation of CryptoPing involved changes to only one module from the baseline PassThru sample. The changes involved primarily: Selection of the packets to modify. Modification of selected packets. The selection process made use of the Un*x-style IP-related header structures and definitions provided in the LBLInc directory. Use of these headers provides one systematic way to access information in IP packets. Modification of selected packets is fairly easy since the machinery provided in the active PassThru sample already builds \"clone\" NDIS packets that include a private \"flattened\" that contains a copy of the original packet data. This private flattened buffer can be modified using ordinary pointer arithmetic. After the modification the ICMP message checksum is recomputed. The sample has limitations. It does not perform re-assembly or fragmentation. It only operates on request and reply packets that are contained on one packet; if they are longer, then they are ignored. [编辑 - 5/17/02 by moqingsong] |
|
|