Hi Robert, I believe that personal firewalls such as Norton Internet Security (my favourite) work by setting a system wide hook to intercept all I/O related messages, and since Winsock implements read/wirtes to sockets as file read/writes, if I remember correctly, then reading and writing to a socket, at the lowest level, implies a file I/O operation which is done by a sending an appropiate message to the kernel, as most other things in Windows environment. The firewall app having a hook set up for this kind of messages intercepts these messages and if a reject condition is satisfied the message is deleted. At least this is MHO
Regards, Denis ----- Original Message ----- From: "Robert Buljevic" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 05, 2002 4:16 PM > > Greetings! > > I have a more general question. > I'm interested how personal firewall software works (solutions available > with many antivirus software). At what level level of the tcp/ip stack do > these programs act? Do they use the winpcap framework? > > Regards, > Robert Buljevic > > > ================================================================== > This is the WinPcap users list. It is archived at > http://www.mail-archive.com/winpcap-users@;winpcap.polito.it/ > > To unsubscribe use > mailto: [EMAIL PROTECTED]?body=unsubscribe > ================================================================== ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@;winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED]?body=unsubscribe ==================================================================
