I have been a VB programmer for over 20 years now and will likely retire as one.
I have a spare PC and this is what I want to do with it. It might be a tall order, but I think I can do this without a 3rd party app which never has all the features I want.
I want all outgoing and incoming web traffic from my main PC to go through this spare PC and monitor the data.
I am going to decompile the data and examine it in as real-time as possible.
I wrote a decompiler back in the days of 8 bit so I get the general concept. I realize 32 and 64 bit are a bit different.
1). I want to write my own decompiler but 32 and 64 bit that will display details of all incoming and outgoing traffic.
I have been reading up how 32/64 bit decode to assembly and I think I can handle it.
2). I want to detect signs of encrypted traffic when I am not using the PC.
3). I want to detect executable code and tell me if it is Windows based or Linux Python, etc.
4). I want to detect unicode that translates to common Russian words.
I want to detect unicode that translates to other common words in languages such as Chinese.
I want to detect common English words.
5). I want to detect if files of any kind are sent or received.
6). I want to have it save logs of any of these events and alert me by email.
7). I want this PC to act as a firewall if I switch it on. I would like to do this from my phone. I would like to be able to block ports, specific IPs, IP ranges, etc...
I understand that doing this at run-time is way slower than the data passing through and I will only be alerted sometime AFTER the data has been sent or received. That is fine, but at least I'll know and can deal with the the intrusion after the fact.
I do not trust any of antivirus that claim to do real-time protection. I have gone to a malicious site before, Kaspersky claimed it took care of the virus but it didn't. My system was so infected after that point, that my computer became useless. I had to format the drive and start over. I now have a clean image of my main PC and if it ever gets infected again, I just re-image.
I just personally want to know if anyone is hacking me or if my PC is being used as a zombie. I went on vacation once and my old Dell Inspiron 1501 was left behind connect to the Internet. I ran HijackThis and found some strange things. But even stranger we file folders hidden deep on my drive that have files (executables) written in Cyrillic. This was my fault because I installed Plex without setting the advanced security and I downloaded a couple of apps that turns out, might have not been from a reputable site.
My questions are this:
Is any idea here impossible to do and if so, why?
Is there an app that already does all this?
Thank you,
Edited by zunebuggy, 25 January 2017 - 08:51 AM.