Dynamic Packet Filtering

What is Dynamic Packet Filtering?

A feature of Microsoft Proxy Server version 2 that enables Proxy Server to do the following:

• Determine dynamically whether to accept a packet from the Internet while minimizing the number of exposed ports in both directions and the length of time the port is open to the Internet
• By default, drop all packets on an external interface

How It Works

Dynamic packet filtering involves two Proxy Server components:

• The Packet Filter Driver, which talks directly to the external network interface
• The Packet Filter Manager, which provides the high-level interface for interaction between Proxy Server services and the driver

In a typical scenario, a client with the Winsock Proxy client might attempt to connect to an Internet server using Telnet. The Winsock Proxy client intercepts the Telnet connection request and remotes the request to the Winsock Proxy server, which verifies that the client has proper Microsoft Windows NT permissions to use Telnet to access servers on the Internet and opens a local socket.

The Winsock Proxy server then informs the Packet Filter Manager that an outbound connection request from the socket to a remote Telnet service has been approved, and the Packet Filter Manager orders the Packet Filter Driver to open the socket and the Winsock Proxy server to start a Telnet session on behalf of the client.

When the Winsock Proxy determines that the client has closed the Telnet session, it tells the Packet Filter Manager to close the socket and thus blocks any further packets from the remote system.