Need some help - Java Networking

[stealthghost]

---

Hi fellow Istoryans...!

I have a thesis going on in our school..

We proposed a software tool, Java programming language is used, where we can
capture Packets and able to block sites or IP addresses by the network admin..

we used the JPCAP API to be able to capture packet but its work is to just capture packet or packet sniffing..

now, we're confused on how to secure our network to be able to block unwanted traffic..

is there a way to block unwanted traffic passes through the network...?

our tool should do that, but the problem is, what method? we don't know how to tackle this problem yet..

anyways, I've researched about proxy servers.. but basin mo-layo akong matun.an and time will be wasted..

Other methods might help if you have one in mind... on how to block unwanted traffic..

thanks in advance..

btw, it's a stand-alone tool where it will only be installed in the server, no necessary installation for the client/workstations and the server is connected to the internet

[stealthghost]

to the mods, nag libug ko kung asa ni ibutang, partly Software and Networking... but my question is more on Networking, so diri nalang nako gibutang..

I do hope naa'y makatabang...

pangutana lang sa mga naglibog.. (^_^)

[r0mm3L]

ing.ani porma sa diagram sa proxy bai:



method 1:explicit forward mode

- block the HTTP/HTTPS service in the firewall from all computers except the proxy server (no computers can browse except the proxy server)

-workstations cannot do browsing because is being blocked by the router/firewall unless they set their http proxy settings sa ilang browser pointing to 10.48.66.216 port 8080. Internet explorer: tools > internet options > Lan Settings

-on the proxy himo ka policy para fine tuning, block nimo by category example; porn, violence, drugs, tobaco, etc.


method 2: transparent forward mode

-dili naka kinanglan ug settings sa browser pero kinanglan ka ug Cisco Router nga naay protocol nga WCCP (Web Cache Control Protocol).


mao mao lang ni sya ug concept sa anti virus, kaning proxy kinanglan ni ug update update. tongod anang mga evasions.

[stealthghost]

so, the best chance for us to succeed in our thesis is to create a HTTP Proxy Server?

we'll not use any Cisco Router.. (not included in our proposal and we need to make a software java-based proxy server if this is the case)

We'll use an ordinary hub, but later try to use switch, then router..

For now, HUB is the best coz broadcast ang data on all ports..
(we need to capture every traffic in the network)

our basic setup is

2Clients -> Hub -> Server with the Developed Software with Internet Connection

But since we'll be using a proxy server, would it change the setup?

2Clients -> Hub -> Proxy Server with Developed Software -> Server with Internet Connection

might change the hub, because the internet connection will pass through the Proxy Server

Sakto ni siya bro r0mm3L?

[stealthghost]

https://www.istorya.net/forums/networ...xy-server.html

I'm reading this thread as of the moment..

but ang kalisud lang sa amo thesis ron, is to create using java... hehehehe...

[r0mm3L]

yeap,

pero kanang pag capture sa packet lahi pod na siya hehe, example ana is kanang packet sniffer

[bodyfort]

i think it is best to layout your project than a short conversation or question. Maybe I could help but right now it is confusing on the role of Java.

[stealthghost]

@r0mm3L, ok na among packet sniffing tool... ang problem nalang is to control Network Traffic..
That's why I come here to Istorya.net to verify my research..
and ask for additional information and/or idea.

@bodyfort, We need to develop a Stand-Alone Common Application Layer Tool with Security against Brute Force Threats in a Star Topology Network. Our program would and should perform Packet Sniffing that has the ability to block network traffic due to Denial-of-Service attacks and Brute force attack on FTP. So, my basic problem is how to block the network traffic, like blocking an IP address or unwanted Website. Lastly, we have to develop all in Java programming language..

[bodyfort]

I think your better than I am and my advice will only give you confusion so Im just going to generalize.
So you mean by authentication must be done in Network Layer or MAC address before it reach to session Layer. On Java language, you just have to setup a database of IP address that subscribe to a server then you add a conditioning parameter such if IP address dont exist in Database, then access is denied and you can set the particular IP address to certain level of access. It seem your network is centralize with multiple clients than a standalone star network.

[stealthghost]

hmm.. I think @ Network layer... We do have the idea on how to block, I guess..

creating a list of sites to be blocked and deny their access with user-friendly add/remove functions to append or remove from the list.. I'm thinking more of automatic block also for Denial-of-Service attacks and Brute Force attacks.. but later na..

but our main problem for now, is what setup should we use to be able to block packet passing through the network.

we've achieved our goal to monitor the traffic passing through (Medyo samuk siya coz daghan au mo-gawas but we can log the traffic) but controlling is another problem..

as far as I've researched, Proxy Server is one way of getting control of the traffic..

but if you have other ideas on getting the traffic controlled, then it would be much of a help..

thanks in advance...

lastly, I've researched also about Firewall, but it is impossible with Java (daw, researched @ different java forums), and we're time constrained if we have to do the research wa pa labot pag create, we can't be able to deliver our project in time..