RE: Traces

["Shawn Jackson" <sjackson () horizonusa com>]

        I haven't kept up with that end of my profession. But in the
early/mid 90's I made a two small program that would run in the
background of Win95 boxes.

Ghost Program
        1.) Upon starting up it would constantly try and ping a remote
host to detect if it was connected to the Internet.
        2.) Upon connecting to the Internet it would FTP into a server
(I think I used a free host of some kind, Xoom or Geocities) with its
node name and IP address.
        3.) It would open up a TCP socket and sit in a wait cycle for
traffic.
        4.) Upon receiving traffic it would look for a control package.
A control package contained a password, mother and sister information. A
mother is the control system and a sister is another ghost program. 
        5.) Upon receiving this information it would create a table with
the sister order information (which is next in line for transmit, etc).
        6.) If a data package was received from the mother node it would
transfer it to the next sister node. If a data package was received from
a Sister node it was passed to the next sister node down, or the mother
node if it was the last one.


Mother Program
        1.) Upon starting up it would download all the files in a FTP
directory and read the IP addresses in them into memory.
        2.) It would then sort the nodes randomly.
        3.) When you gave it a password it would send out a control
package to all daughter nodes.
        4.) When activated it would hook to the load system and transfer
ALL outbound traffic through the lowest daughter node. It would keep a
table of traffic it sent out, where it originated from protocol and
port, think of a proxy. The packet would be packaged and sent to the
daughter node as the payload for the packet (i.e. like a VPN just not
encrypted).
        5.) When the last (highest) daughter node received the packet it
would send it out on the Internet by its connection. When it received a
response it would package it up and send it back down the line.

I did a lot of work on peoples PC's in those days and had physical
access to the system to load the program, so I didn't develop a
deployment scheme. But in those days it could be delivered like a virus,
seaming most people were not even remotely computer-savvy.

Transit times (latency) was horrible and sometimes the traffic would die
in transit. Also some people would logoff and you would have to
re-organize your daughter node information. There was a little more to
the programs but that was their basic functional operations. They were
written in C++ with some help, well a lot, from a friend of mine. I've
long since lost the code, design papers and theory of operation. There
is not much too it, but it is a fair amount of work.

        As far as I know these types of programs are a closely guarded
secret and operate just like what the spammers are using now a days to
send spam and hide their website. You could look in the newgroups and
usenet maybe some website might have some 'older' information.

Note: I CC'ed this to the list due to relevancy. 
        
Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
 
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

-----Original Message-----
From: Devilscrow Sr [mailto:devilscrow () gawab com] 
Sent: Wednesday, December 17, 2003 2:13 PM
To: Shawn Jackson
Subject: Re: Traces

Hi Shawn,

Can you send me some good pointers on setting up ghost-notes or 
non-me-speak slave systems.... how to set them up, how to use them. are 
there any tools that can automate this etc. ??

thanks in advance.

-dev
Shawn Jackson wrote:

> tunneling their traffic through ghost-nodes, or in non-me-speak slave
>
>  



---------------------------------------------------------------------------
----------------------------------------------------------------------------