如何在FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4 / FWPM_LAYER_ALE_BIND_REDIRECT_V4区分UDP服务器和UDP客户端? [英] How to distinguish UDP server from UDP client at FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4/FWPM_LAYER_ALE_BIND_REDIRECT_V4?
问题描述
我需要识别并阻止UDP服务器。与TCP不同(只有TCP服务器调用 listen:FWPM_LAYER_ALE_AUTH_LISTEN_V4),UDP
客户端和服务器从wfp角度遵循相同的工作流程。如何区分UDP客户端和UDP服务器?
I need to identify and block UDP servers. Unlike TCP (where only TCP server invokes listen: FWPM_LAYER_ALE_AUTH_LISTEN_V4), UDP client and server follow the same workflow from wfp perspective. How can I distinguish between UDP client and UDP server?
参考:
http://msdn.microsoft.com/en-us/library / windows / desktop / bb451831(v = vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/bb451831(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/bb451830(v = vs.85).aspx
http://msdn.microsoft.com/en-us/library/windows/desktop/bb451830(v=vs.85).aspx
推荐答案
没有简单的方法可以区分这个。 您可以为端点创建状态映射,并位于ALE_AUTH_RECV_ACCEPT和ALE_AUTH_CONNECT。 对于每个分类,您将被指示端点。 如果首先针对入站
RECV_ACCEPT命中该端点,则端点可能是服务器端点。 如果它首先被命中为出站AUTH_CONNECT,那么很可能是客户端。
There is no easy way to distinguish this. You could create a state mapping for endpoints and sit at ALE_AUTH_RECV_ACCEPT and ALE_AUTH_CONNECT. for each classify, you will be indicated the endpoint. If that endpoint is first hit for inbound RECV_ACCEPT, then the endpoint is likely the server endpoint. If it is first hit for outbound AUTH_CONNECT, then it is likely the client.
希望这会有所帮助,
这篇关于如何在FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4 / FWPM_LAYER_ALE_BIND_REDIRECT_V4区分UDP服务器和UDP客户端?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!