Archive for March, 2010

Intercepting network traffic

Tuesday, March 30th, 2010

Intercepting network traffic is a method which is used to transparently redirect the network traffic in order to accomplish various common tasks like:

  • Parental control.
  • Anonymizers.
  • Spam filtering.

There are number of ways and technology to achieve it, I think one of the easiest way which is the cheapest in the long run is to use our Network interception SDK.

Barak

Intercept DNS port

Tuesday, March 30th, 2010

Intercept DNS port can be done with number of ways:

  • NSP, which is very rare and very hard to implement.
  • Detours/hooking, you can hook the DNS functions using a commercial hooking library, just make sure that the library you purchase supports 64bit.
  • Use Komodia’s Redirector SDK to easily do it for you.

Barak

NDIS Miniport

Sunday, March 28th, 2010

NDIS Miniport is a synonym for NDIS IM which is used when you need to change packets at Kernel level, this includes modifying the header and body, dropping or adding packets.

At Komodia we use a NDIS IM driver for our new NAT server interception.

Barak

On fly modify HTTP traffic

Thursday, March 25th, 2010

On fly modify HTTP traffic can be easily be done with Komodia’s Network Redirection SDK which uses Winsock LSP as the base for its operations. It also has many optional modules, one of the most popular is the SSL Decryption module.

Barak

TDI Filter

Thursday, March 25th, 2010

TDI Filter is sometimes prefered because the thought that there’s no conflicts within this technology, but the opposite is true, it can conflict, the reason that you don’t see many conflicts is because you know in advance not to install two FW products on your machine, and why? because those two can conflict.

Barak

NDIS filter development

Thursday, March 25th, 2010

NDIS filter development is a tedious and hard process, there are packages on the Internet that offer an easier development, but the real question should be – DO YOU NEED NDIS FILTER? you see, some implementations can only be done with NDIS filter, BUT there are scenarios which can be solved with NDIS or other network interception technologies. If this is the case it’s imperative you know FOR SURE, that NDIS was indeed the correct technology for that solution.

Barak

How to debug memory heap corruptions

Tuesday, March 23rd, 2010

Debugging memory heap corruptions is quite tricky because the location of the crash gives us absolutly no clue on where the corrupting code is located.

We wrote an article about how to debug heap corruptions which covers a simple yet unknown and powerfull technique to debug and solve such corruptions.

Barak

Hooking Winsock

Monday, March 22nd, 2010

Hooking Winsock is one way to allow the programmer to intercept Winsock2 calls, this way has advantages and disadvantages. Advantages:

  • No need to install anything.
  • Easy to learn.

Disadvantages:

  • For commercial products requires a commercial hooking library.
  • For 64bit there’s only Microsoft Detours which costs a small fortune.
  • On Vista and above you have to deal with injection security enforcement.

Barak

What is LSP

Monday, March 22nd, 2010

What is LSP? LSP stand for Layered Service Provider and in a nutshell it’s a component that intercepts all Winsock API calls and allows the programmer to inspect the data and even modify it.

You can read about more LSP resources on Komodia’s web site.

Barak

LSP

Monday, March 22nd, 2010

I inquired about the price of lsp.com and I got a quote for 40k$, I would understand if the site was ranked 1st on Google search for LSP, but it isn’t even ranked. for 40k$ I can run so many SEO tactics to get to number one in many words and still have change.

Barak