In the past I have written C++ plugins that detoured the recvfrom() function in Winsock and dropped/manipulated incoming traffic from the primary application.
I now wish to write a stand-alone application that listens on all interfaces, reads incoming UDP packets, and drops them if the packet structure matches that of a known exploit being used to target us.
What would be the best way to do this? This will be used on Windows Server 2008 machines, which have large quantities of static IPv4 addresses assigned to the NIC. I was considering possibly detouring Winsock, but as this isn't a feature rich application, whatever is the easiest way to implement this would be great.
Note I started implementing this using Pcap.Net but realized I can't drop packets that way, so I am not really sure how to approach this.
It may not be an easiest task in C# as filtering network will probably bound you to low-level code operating withing OS kernel.
There are also some APIs in Windows Server 2008 for setting up your custom packet filters.
While probably wrappable in p/invoke, I suggest going for C++ and native code rather.
Additional reading which may be interesting to you is on here on codeproject.