Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

A perl personal firewall?

by johnnywang (Priest)
on Sep 06, 2004 at 02:35 UTC ( [id://388705]=perlquestion: print w/replies, xml ) Need Help??

johnnywang has asked for the wisdom of the Perl Monks concerning the following question:

Hi, kids are growing up, and spending too much time on the likes of AIM. I'm wondering whether it's easy to whip up a script to block some of these services. I can buy a real personal firewall which probably does more, but would be nice to do it myself. All I want is to be able to install on a desktop (win32), and probably do some deep-packet regex. How does one get on the packet path on windows, and be able to drop or re-write the TCP responses? Thanks.

Replies are listed 'Best First'.
Re: A perl personal firewall?
by tachyon (Chancellor) on Sep 06, 2004 at 03:29 UTC

    Firewalls are pretty low level (ie kernel) code so Perl is not the best language for it. Have a look at http://www.codeproject.com/internet/drvfltip.asp for one way to implement a firewall (there are several) with code and explanations.

    Now when it comes to AIM overuse you could consider yourself lucky. Back when I was a young one I seem to remember tying up the phone for hours at a time talking to friends.

    cheers

    tachyon

Re: A perl personal firewall?
by Rhys (Pilgrim) on Sep 06, 2004 at 04:05 UTC
    AIM uses port 5190 by default. Have a look at this to help you create filters on the fly (requires Win2K or better). Scheduled tasks may help you set time limits.

    On Linux, you want iptables and cron. And there is a GNU AIM client, so if they know anything about Macs/Linux/not-Windows, you'll have to cover all bases. This is why the router in my house is built from a Linux machine (as opposed to that 'DSL router' crap). I like being able to set up timed, specific filters. BSD can do it, too; I just have more XP with Linux.

    My Opinion: Let 'em use it after dark. Kick 'em out during daylight hours. That was (effectively) the rule my parents used, and I'm not sorry. :-)

    --J

Re: A perl personal firewall?
by davido (Cardinal) on Sep 06, 2004 at 05:17 UTC

    This is rapidly becoming off topic, but I wanted to mention that hardware firewalls often may be configured to block certain ports at particular times of day. For example, I have a Netgear WGR-614v4 -- It allows me to block access to the Internet entirely, based on time of day, or to just block certain ports (for example, AIM).

    A hardware firewall is often a simple, foolproof, and robust solution. My particular hardware router isn't unique in these capabilities; most consumer hardware routers have pretty good firewalls built in.

    As far as using Perl, the problem is that software firewalls are very low level. They must place themselves between the OS's networking layer and any (and all) software running on the computer. It's a tricky thing to do, and for the most part, better done in a systems language. ...at least when speaking of software firewalls on non-dedicated systems.


    Dave

Re: A perl personal firewall?
by jacques (Priest) on Sep 06, 2004 at 03:01 UTC
    Hi, kids are growing up and spending too much time on the likes of AIM.

    God, isn't this beautiful? As a geek, I would love to see my children take an interest in computers and software.

    When I was a child, I had an Atari 5200 (which I have always liked more than the 2600 model). I remember spending nights playing Pac-Man and Mountain King with my mother. Funny, she never thought of configuring the Atari to block it from working, but then she wouldn't have wanted to. Playing video games with her are some of the only good memories I have from my childhood.

      I would love to see my children take an interest in computers and software.

      Probably true for most of us but there is a difference between an interest in something cool and a growing human being spending 16 hours a day in a chair during the time when the bodies that we'll have to live in and deal with for 70+ years are being finished up by our genes/activity/diet. Best to let the parent decide what's right in what case. Plus IMs aren't all one-liners and work chat; plenty of (expletive deleted) from anonymous strangers who can hurt a kid more in a couple weeks than any "friend" a parent is aware of could manage in a year.

      On another related/unrelated note: I spent my first or second paycheck to buy a 5200 and my mom did play Joust a fair bit. :)

Re: A perl personal firewall?
by jbodoni (Monk) on Sep 06, 2004 at 04:39 UTC
    I wouldn't spend time trying to reinvent that wheel. Zone alarm (zonelabs.com) is free for personal use and does a great job at controlling application-by-application access to the 'net.

    John

      True, but I've had my share of problems with ZoneAlarm as well. It has proven to be marginally compatible with several software packages (such as Cisco's VPN client), plus it takes a while to configure properly and tends to pop up a lot of annoying messages.

      Not only that, but it's likely that the kids have admin rights on the machine. ZoneAlarm will make it obvious where the block is. IPSec rules are quite a bit harder to trace down, if you don't already know all about them. :-)

      Of course, they may very well just switch to a different IM client, then you block the port, back and forth. At some point, you just have to go and physically kick 'em out.

      --J

        It's been several years since I used it but Cisco's original VPN client was a stinker. It was marginally compatible with NT/Win2K the way I remember it.

        cheers

        tachyon

      Problem is, the user can trivially circumvent it. And you can bet that your kids will do that.

      Much better to force all their network traffic through a network node which *you* control, and install your filters on there.

Re: A perl personal firewall?
by johnnywang (Priest) on Sep 06, 2004 at 05:28 UTC
    Thanks, yes, let us stay on the technical side of this question since there is no correct answer for the social side.

    AIM actually can detect open port and switch to that port. Once I opened only outgoing port 80 and 53(DNS), and I found later AIM was using 53.

    I think the filtering needs to be on layer 7, maybe something like snort.

      Layer 7 is the application layer. Snort is an Intrusion Detection System that also does packet logging and digs at least down to layer 4 so I am having trouble following your logic.....

      If what you mean is that you want a daemon to kill off AIM if it starts then you could simply use Win32::Daemon from roth.net to run a search and destroy based on Win32::KillProcess or similar.

      cheers

      tachyon

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://388705]
Approved by Zaxo
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (5)
As of 2024-03-28 18:36 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found