I'm developing a parental monitoring/tracking application that has a feature to lock down all internet activity. While disabling the network adapter would seem like a simple solution, the application must have the ability to turn the internet back on remotely -- so the network needs to remain enabled, to a certain limit.
Unfortunately, I haven't found a suitable way to achieve this in practice. Without this feature, the application is pretty much dead in the water. So I've hit a huge road block, and I'm open to any suggestions.
With my application, I need to achieve two requirements:
- Drop all internet activity. and then
- Turn on only internet activity to a specified port and IP address. (my service, which will be polled)
Simple goal, right? Not so much lately.
While I am looking to achieve this in C#, I understand that may be a long-shot and I am open to C++ solutions that could be called as a resource through my application.
Also note, I cannot install any third-party software on the user's system, as this solution needs to be all-encompassing.
Thanks in advance!
Not a direct answer, but this sort of things is usually done out-of-band with serial connection or with a second NIC connected to a "trusted" LAN.
You may be able to utilize the WinINET API to achieve this; WinINET defines the basic internet settings for most/many Windows applications and can be used to define proxy information. With this in mind you might be able to create a proxy which rejects all requests except for you messages.
You need to inject a custom layer into the IP stack, using Windows Filtering Platform. This SDK targets specifically parental control programs and such. Needless to say, as any kernel module, it has to be developed in C and you must have expert knowledge of Windows internals: