Matt Marooney wrote:
I am trying to write a program to help people who are addicted to
internet pornography. This application would be tied into an online
(Ever heard of "ask-slashdot"? that would be very on-topic there ;-))
service where someone could sign up for monitoring, and download a thin
client app. The application would run in the background of the person's
computer, and upload the person's internet activity to the website. The
service would then email this activity report to designated recipients.
I have most of the knowledge to create this service, but I need to know
how to do a couple things:
1. I would like the program to be "un-installable". I've heard of a
couple of hardware security tracking services that can load a very small
setup package in the CMOS and if a computer is stolen, and the hard
drive is replaced, the app reloads itself and the next time the computer
is on the internet, it sends out a beacon. Does anyone have any insight
about how to do something like this? I want the CMOS program to run on
boot, and check to see if the monitoring software is still installed.
If it is not, the boot process reloads it.
Since this is going to be "secured" with security through obscurity,
you may want to explain us (super-geeks ;-)) what you are going to do
if I reset my CMOS? (I don't want to mention write-protection and
virus-scanners who will treat your app as a virus..)
Ok, you want a checking-app in your CMOS. This app needs to read the
harddisk - the filesystem. So you would need to implement a routine to
read NTFS and FAT32. Oh yes, you need to check all disks, so you will
need drivers for SATA/PATA/SCSI and RAID.
Now if you have implemented all that, you need to pack all that in about
256 bytes (512 bytes if you're lucky)..
2. obviously, the program does not need to be very large, so I want it
to run in the background and not be visible to the computer's user. This
is easy, I know, but I want the process to be completely invisible.
(even to super-geeks)
Well that could be possible somehow.. patch some files and you're
there.. I suggest you look for some kind of root-kit for win32.
3. I would like to figure out a way to monitor traffic for multiple
protocols (HTTP, FTP, File Sharing, Chat, etc.) . I'm wondering if
there is a way to figure out "bad" requests on a packet level.
You're lucky!
Yes, this can be done on TCP Level, I suggest to read RFC 3514.
Libpcap is your friend.
I really appreciate any help with these questions! Thank you all,
-- Matt
Happy coding!
-phil
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
