来自:霏凡 id:baba_yu
介紹一個免費軟件 CHX™ Packet Filter 3.0 能抵擋 ARP 攻擊(v3.0有此功能 國外說比 LnS 還厲害很多) 期待高手
- prior to installing CHX 3.0 please un-install any previous versions of the packet filter.
- you can import 2.x filter sets (.sfd or .cff files)
- If Allow or Deny All was used in the previous version's policies then an additional packet filter rule MUST be added allowing ARP traffic.
- A Dial-up or VPN node was created with a public node for dial-up interfaces (e.g. modems) and a private node for VPN
- The CHX RMC is now part of the main management console
n its default configuration the packet/payload filter does not impose any security restrictions on any type of traffic.
The CHX suite of tools is not a personal firewall and should not be used by those expecting out-of-the box security configurations or unfamiliar with TCP/IP networking and IP security in general. Several configuration templates are provided to assist first time users in grasping CHX-I filtering concepts. These templates can be obtained in the idrci.net download area.
First time users are encouraged to make extensive use of the available logging features (and the GoTo Related Filter feature) when debugging their CHX IP security policies.
The packet filter cannot facilitate address/port translation in gateway environments. The CHX-I NAT module was designed to provide this functionality as either a stand alone or add-on to the packet filter management console.
The payload filter extends the functionality of the packet filter by inspecting and editing TCP/UDP/ICMP data. The payload filter can trigger permissive or prohibitive packet filter rules as well as other payload rules (chained payload rule sets).
The CHX suite of network and security tools can be deployed on gateways (e.g. bridge, router, NAT) or distributed on servers/workstations.
- Universally designed for w2k/win2003/XP servers, workstations and gateways.
- High IP filtering granularity.
- Global/Per Interface/Per IP filter policies.
- Per Interface stateful options.
- Complete control over state transition time-outs.
- Allows for permissive and prohibitive policies or a combination of both.
- Remotely/Centrally managed.
- File transfer and execution allows for remote system updates.
- Command line filter utility.
- Payload event triggers (requires CHX-I STK).
CHX-I; Stateful Packet Filter为Microsoft平台带来了空前的灵活性、稳定性和性能,它提供了一个有效的*nix-style的包过滤能力。主要特性:
* 支持Windows 2000/2003/XP服务器、工作站和网关;
* 支持高等级的IP过滤粒度;
* 支持全局/每个接口/每个IP的过滤策略;
* 针对每个接口的全状态选项;
* 能够完全控制状态转换超时;
* 允许许可策略和禁止策略,或两者的组合;
* 能够执行远程或集中化的管理;
* 文件传输和执行功能允许进行远程系统升级;
* 命令行过滤工具;
* 支持负载事件触发(要求CHX-I STK);
I've tried the ones you linked. I keep running into the same problem unless I specifically allow ARP traffic.
That samples already have the ARP rule...
Quote:
Originally Posted by VaMPiRiC_CRoW
That samples already have the ARP rule...
Hmm... the ARP rules I made have my specific MAC addresses. It's working fine so I don't see an urgent need to go back to recheck. This is one powerful program. I look forward to learning how to use it better.
http://www.idrci.net/fver/chx3.0.msi
