[wayitech]

Virmon firewall network monitor

2015-06 network communication monitor, TCP protocol prohibit process based .
Online TCP,UDP port etc.

32bit download address: http://www.virmon.cn/?download=virmonfw32
64bit download address: http://www.virmon.cn/?download=virmonfw64


WFP driver based firewall, any suggestions will be appreciated.
Anyway, I have a questiion.Is there other Vulnerability driver like vboxdrv.sys , can pass DSE.thanks.

[Vrtule]

Hello,

IIRC Windows 8 introduced an ability to monitor at link layer. Are you planning to add this feature? Of course, I may be wrong but they added several WFP layers that suggest this ability.

Do you need the DSE-bypass exploit in order to avoid purchasing of a Class 3 certificate for driver signing?

[wayitech]

I have not window8 system environment, Now I Used Windows7 home edition 64 bit.
I think there is no processid information in link layer.But I am not sure.If MS do some
work on WFP layer , that can be very useful.

I really want some DSE-bypass exploit ,I Know DSEFIX. But I wan to study Vulnerability knowage by myself.

[Vrtule]

think there is no processid information in link layer.

That's AFAIK true. My point was that prior Windows 8, it was not possible to monitor/modify at link layer, for WFP-based drivers. Which IIRC has changed in Windows 8.

[wayitech]

Virmon firewall address has Temporarily changed.

64bit:http://www.virmon.net/?download=virmonfw64
32bit:http://www.virmon.net/?download=virmonfw32

[wayitech]

virmon firewall updated version 2.0

update log: Process intelligent flow statistics.
Monitor packet length etc.

64bit:http://www.virmon.cn/?download=virmonfw64
32bit:http://www.virmon.cn/?download=virmonfw32