如何在FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4 / FWPM_LAYER_ALE_BIND_REDIRECT_V4区分UDP服务器和UDP客户端？ [英] How to distinguish UDP server from UDP client at FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4/FWPM_LAYER_ALE_BIND_REDIRECT_V4?

问题描述

我需要识别并阻止UDP服务器。与TCP不同（只有TCP服务器调用  listen：FWPM_LAYER_ALE_AUTH_LISTEN_V4），UDP
客户端和服务器从wfp角度遵循相同的工作流程。如何区分UDP客户端和UDP服务器？

I need to identify and block UDP servers. Unlike TCP (where only TCP server invokes listen: FWPM_LAYER_ALE_AUTH_LISTEN_V4), UDP client and server follow the same workflow from wfp perspective. How can I distinguish between UDP client and UDP server?

参考：

http://msdn.microsoft.com/en-us/library / windows / desktop / bb451831（v = vs.85）.aspx

http://msdn.microsoft.com/en-us/library/windows/desktop/bb451831(v=vs.85).aspx

http://msdn.microsoft.com/en-us/library/windows/desktop/bb451830(v = vs.85）.aspx

http://msdn.microsoft.com/en-us/library/windows/desktop/bb451830(v=vs.85).aspx

推荐答案

没有简单的方法可以区分这个。 您可以为端点创建状态映射，并位于ALE_AUTH_RECV_ACCEPT和ALE_AUTH_CONNECT。 对于每个分类，您将被指示端点。 如果首先针对入站
RECV_ACCEPT命中该端点，则端点可能是服务器端点。 如果它首先被命中为出站AUTH_CONNECT，那么很可能是客户端。

There is no easy way to distinguish this.  You could create a state mapping for endpoints and sit at ALE_AUTH_RECV_ACCEPT and ALE_AUTH_CONNECT.  for each classify, you will be indicated the endpoint.  If that endpoint is first hit for inbound RECV_ACCEPT, then the endpoint is likely the server endpoint.  If it is first hit for outbound AUTH_CONNECT, then it is likely the client.

希望这会有所帮助，

这篇关于如何在FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4 / FWPM_LAYER_ALE_BIND_REDIRECT_V4区分UDP服务器和UDP客户端？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！