We are two students of University of Milan and we study Science of
Information. We are sorry because we don’t speak english very well but we
hope that which we write you is understandable.
We have written a NDIS Intermediate Driver for Windows 2000
Professional, modifing Passthru sample found in DDK for Windows 2000.
Driver runs good, we hope, but we have some questions: we must have IP
addresses of our machine because we have to intercept Spoofing and without
IP addresses it’s impossible. If you know how to do, we wait for your
information.
We thank you in advance and we remain yours truly.
Cristiano Notargiacomo xxxxx@libero.it
Giuseppe Aurilia xxxxx@gsmbox.it
P.S.: if you speak italian, you can also answer us in this language.
One way is to simply examine packets as they are sent. In IP packets that
are sent the source IP address will be the IP address of the interface that
the packet is being sent on.
So, you learn your own IP address by gleaning the information that passes
through your driver.
“aurox” wrote in message news:xxxxx@ntdev… > > Dear professional, > > We are two students of University of Milan and we study Science of > Information. We are sorry because we don’t speak english very well but we > hope that which we write you is understandable. > > We have written a NDIS Intermediate Driver for Windows 2000 > Professional, modifing Passthru sample found in DDK for Windows 2000. > Driver runs good, we hope, but we have some questions: we must have IP > addresses of our machine because we have to intercept Spoofing and without > IP addresses it’s impossible. If you know how to do, we wait for your > information. > > We thank you in advance and we remain yours truly. > > > Cristiano Notargiacomo xxxxx@libero.it > Giuseppe Aurilia xxxxx@gsmbox.it > > > P.S.: if you speak italian, you can also answer us in this language. > ></http:></http:>
Your idea is interesting, but it’s not for us because we must have real IP
address of our machine and not IP address in outgoing packet, which could
be not correct. In fact, it could be changed writing a simple program
using Raw Socket. So, IP address in outgoing packet can be spoofed and,
without correct IP address of our computer, we cannot intercept it.
We hope we write simply and we wait for your other suggest.
You could use TdiRegisterAddressChangeHandler or TdiRegisterPnpHandlers.
Once you set the callbacks, you will be called for each adapter address on
the system including the loopback. I never used it from a ndis IM but I
don’t see any reasons you couldn’t.
-----Original Message-----
From: aurox [mailto:xxxxx@inwind.it]
Sent: Thursday, May 30, 2002 12:56 PM
To: NT Developers Interest List
Subject: [ntdev] Re: IP Addresses in ndis IM.
Your idea is interesting, but it’s not for us because we must have real IP
address of our machine and not IP address in outgoing packet, which could
be not correct. In fact, it could be changed writing a simple program
using Raw Socket. So, IP address in outgoing packet can be spoofed and,
without correct IP address of our computer, we cannot intercept it.
We hope we write simply and we wait for your other suggest.
Bye Bye
You are currently subscribed to ntdev as: xxxxx@xetron.com
To unsubscribe send a blank email to %%email.unsub%%
Do understand that there is no such thing as “the real IP address for our
machine”.
You may have multiple adapters installed on your machine. In addition, it is
possible to have multiple IP addresses on just one adapter.
One idea is to have a user mode components act as a helper for your driver.
You probably already have such a beast…
The user mode component could use the IP Helper API to fetch adapter
information. See the GetAdaptersInfo() function, for example. It fetches the
IP address list for the adapter and the MAC address. Then use
DeviceIoControl to pass this info to the driver. The driver can stash the
information and then match the MAC source address to the GetAdaptersInfo()
information to find the IP addresses (possibly multiple) for the MAC
address.
Charles Parton’s idea looks interesting also. I haven’t tried that.
“aurox” wrote in message news:xxxxx@ntdev… > > Your idea is interesting, but it’s not for us because we must have real IP > address of our machine and not IP address in outgoing packet, which could > be not correct. In fact, it could be changed writing a simple program > using Raw Socket. So, IP address in outgoing packet can be spoofed and, > without correct IP address of our computer, we cannot intercept it. > > We hope we write simply and we wait for your other suggest. > > Bye Bye > ></http:></http:>
I can confirm the first one works for NDIS IM drivers. I’ve successfully
used it for NT4 and w2k for very similar problem solution and never had a
problem with it. Haven’t tried it for XP, it is marked obsolete now and the
second one should be used instead.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
You could use TdiRegisterAddressChangeHandler or TdiRegisterPnpHandlers.
Once you set the callbacks, you will be called for each adapter address on
the system including the loopback. I never used it from a ndis IM but I
don’t see any reasons you couldn’t.
-----Original Message-----
From: aurox [mailto:xxxxx@inwind.it]
Sent: Thursday, May 30, 2002 12:56 PM
To: NT Developers Interest List
Subject: [ntdev] Re: IP Addresses in ndis IM.
Your idea is interesting, but it’s not for us because we must have real IP
address of our machine and not IP address in outgoing packet, which could
be not correct. In fact, it could be changed writing a simple program
using Raw Socket. So, IP address in outgoing packet can be spoofed and,
without correct IP address of our computer, we cannot intercept it.
We hope we write simply and we wait for your other suggest.
Bye Bye
You are currently subscribed to ntdev as: xxxxx@xetron.com
To unsubscribe send a blank email to %%email.unsub%%
You are currently subscribed to ntdev as: michal.vodicka@st.com
To unsubscribe send a blank email to %%email.unsub%%