For background on this post, read posts {0316} and {0322} first.

Silent HunterA little while ago we launched a quick sting operation against users of the popular P2P application DC++ and its many derivatives in the labs. Obviously this was a very unpopular action and has resulted in much negative feedback. The fact that I don’t hide my identity at all means I also received direct comment on the matter – which isn’t a bad thing as far as I’m concerned as it means I get a feel for the vibe that is currently out there as well as the level of knowledge those in the wrong possess regarding our actions.

The latest direct post to this blog, requires that I at least make an effort to communicate with the said student as well as just make him/her aware of a few things.

Thursday, October 11, 2007, 04:52 PM (From: Another Student commented:
Dude…your brilliant solution is pretty weak – randomly renaming the process isnt exactly foolproof since its still pretty easy to identify which one is silent hunter. Maybe you arent as smart as you think you are? If this is the solution that is gonna be rolled out throughout campus then I suggest you spend more time working on it and less time writing random shit on your blog.

As I’ve stated before the first version of Silent Hunter was a rushed proof of concept based on the request from my senior on whether or not we could get some sort of statistic on the amount of users abusing the lab machines by use of DC++ (they had just got wind of this now, even though it has been running for quite some time now).

It was written in a couple of hours and rolled out to the labs via the login script. It worked well enough to give us the numbers we needed, as well as the bonus of being able to disable offender accounts as a warning to other students.

Obviously it was a pretty simple program thanks to the time constraint enforced upon me. The senior then requested more information to be captured by the application in the form of machine name, MAC address and IP number, so I quickly whipped up a patch to Silent Hunter and added the random renaming functionality as an afterthought again all within the space of an hour or two.

Again it worked well enough, specifically by the fact that its initial run didnt pick up the same number of users as the initial sting did. Because of the renaming executable, people would have been caught out the first time, validating this statement.

Unfortunately due to the rest of my workload I haven’t been able to give Silent Hunter a second thought since then, but rest assured, once the exam period kicks in and my work decreases, then I can set about improving the application for next year.

With regards to it being a brilliant solution, I’m sorry to inform you that I haven’t even warmed up yet. In order to be effective, Silent Hunter will need to be self-aware (particularly on application closing), run system file scans, etc. What I have envisioned for the application is fairly extensive and will work rather efficiently, mark my words :)

Oh with regards to campus-wide rollout, the initial run in the Comlabs has proven sufficient enough to send the data to ICTS who are now working on blocking the protocols employed by DC++ completely.

The end of Silent Hunter is in sight then? Well not exactly. It has been written in such a way that it can be used for other purposes as well. For example, Quake 3 and Counterstrike are both targeted by it as well.

So to sum it up, I never said I was clever, but given the time (I’m working while you are a student with oodles of time on your hands), I’m afraid that I will win this battle – Experience counts in matters like this young one :)