A Digital Age Deserves A Digital Leader

firewall and virus software

firewall and virus software

Postby nightfire » Wed Apr 19, 2006 4:14 am

so, i have an unfortunate tale to tell. I have a great, working, clean computer. and i keep everything up to date, full virus, spyware, firewall etc...
anyway, there has been the addition of a new computer to the network. this other computer is connected via a motorola router. Well, here is were the terror begins... This new computer is infested with a whole ton of everything! spyware, about 25 viruses, and possibly hackers. so, nothing is going to be changed on this "evil" computer, due to owner's neglegence. I was wondering if anyone had any suggestions on how i could completely block out the other computer and somehow "quarantine" it.

this is a big problem, and any help would be great!

thanks
(Gigabyte GA-M57SLI-S4 Mobo)(AMD Athlon 64 X2 5600+)(3.5 GB high speed ram?)(EVGA Geforce 8800GTS)(500 GB and 1 TB Sata Drives)super high speed, 3COM 56k Modem!!
PRO Level 7
User avatar
Posts: 294
Joined: Fri May 27, 2005 6:39 am
Location: Humboldt

Postby ar1stotle » Wed Apr 19, 2006 11:13 am

Do you mean just not let it access the internet? You can usually do that through the router. Is it something you could control by putting locks on the computer? Limiting his user abilities?
Image
Image
PRO BRONZE
User avatar
Posts: 3841
Joined: Sun May 16, 2004 1:59 am
Location: New Orleans, Louisiana

Postby imnuts » Thu Apr 20, 2006 3:46 am

change the DNS address for all of it's network connections to 127.0.0.1 or 169.256.0.1 or some other private IP address that doesn't exist on the network. 127.0.0.1 would be best though as it would only look for IPs that the computer itself can offer, so unless they have a very large hosts file, they're stuck going no where on the network.
Image
PRO SUPREME
User avatar
Posts: 7457
Joined: Wed Mar 24, 2004 5:19 am
Location: Boothwyn, Pennsylvania
Real Name: Mark

Postby SHK » Thu Apr 20, 2006 3:48 am

y even put it on the network? If you want it to have net, but no net access, cant u put it in the DMZ zone in your router?
Hello. My name is Brock!

Image
PRO Level 14
User avatar
Posts: 896
Joined: Sat Sep 18, 2004 3:07 pm
Location: C:\Windows\System32\

Postby imnuts » Thu Apr 20, 2006 3:54 am

DMZ would give it full in/out access to the network as that opens up all incoming ports that aren't specifically set to be forwarded, and tells all of them to go to the DMZ computer. If you give someone a network connection, they can think that they are on the network, but not get to anywhere. There are possibly other ways that this could be done as well, but it would require editing how your router handles stuff coming in and going out, and I don't really understand how it works, so I can't really offer more than an explaination of it's going to be difficult to do that way.
Image
PRO SUPREME
User avatar
Posts: 7457
Joined: Wed Mar 24, 2004 5:19 am
Location: Boothwyn, Pennsylvania
Real Name: Mark

Postby Neuromancer » Thu Apr 20, 2006 4:36 am

DMZ is like port forwarding everything to that computer... is basically like putting hte PC in front of the router

If you change DNS to the ISPs DNS adress instead of the routers... thats fine... but thats only for internet.


Best bet... I would guess NOT completley sure.. is to install a firewall on infected computer and lock it down.

Sygate was a great one and was/is free. Its old but by default it does NOT allow intranet traffic anything else it will ask

You can then configure it to make sure that netbios and such are blocked so it cant even know what other computers are on the network
Statically assign IPand prevent all access with computers from your intrants IP range except for the router :)
Image

"The spirit of resistance to government is so valuable on certain occasions, that I wish it to be always kept alive. It will often be exercised when wrong, but better so than not to be exercised at all. I like a little rebellion now and then. It is like a storm in the atmosphere."--Thomas Jefferson
PRO GOLD
User avatar
Posts: 5756
Joined: Sun Mar 28, 2004 5:19 am
Location: West Virginia

Postby NT50 » Thu Apr 20, 2006 2:31 pm

Why not just go into the router and block access to the computer via the mac address?????

I have done this a lot in my Linksys router.......................I have kids..................
Dogs Have Owners; Cats Have Staff
PROfessional Member
User avatar
Posts: 8220
Joined: Sat Jun 19, 2004 4:46 pm
Location: Jackson, TN USA
Real Name: Jeff Replogle

Re: firewall and virus software

Postby l33t » Fri Apr 21, 2006 12:19 am

nightfire wrote:so, i have an unfortunate tale to tell. I have a great, working, clean computer. and i keep everything up to date, full virus, spyware, firewall etc...
anyway, there has been the addition of a new computer to the network. this other computer is connected via a motorola router. Well, here is were the terror begins... This new computer is infested with a whole ton of everything! spyware, about 25 viruses, and possibly hackers. so, nothing is going to be changed on this "evil" computer, due to owner's neglegence. I was wondering if anyone had any suggestions on how i could completely block out the other computer and somehow "quarantine" it.

this is a big problem, and any help would be great!

thanks


well, you could try to remove the ofending software
thats going ot be hard.
you could reformat reinstall winbloze
or
better yet, try out vista/linux


if thats not going to work for you then there are two ways to do this..
block all access form it completly (ie unplug the eithernet cabel)
or keep it conencted to the network with a firewall (both on computer and router... plus all you computers should have a firewall)

then, in router you should be able to limit Enet connectivity by MAC address, that way it can still be networked but not Enet.

good luck...

if it has to connect to the internet but be seprate from you other computers that a second router will be nessary (or any device that does teh function of a NAT)
PRO Level 14
User avatar
Posts: 882
Joined: Mon May 02, 2005 2:06 am

Postby SHK » Fri Apr 21, 2006 12:54 am

opps my bad.. How did I get that confused???
Hello. My name is Brock!

Image
PRO Level 14
User avatar
Posts: 896
Joined: Sat Sep 18, 2004 3:07 pm
Location: C:\Windows\System32\

Postby l33t » Fri Apr 21, 2006 4:40 am

SHK wrote:opps my bad.. How did I get that confused???


no idea, but its importatant to know the difference.
you can get a windows box screwed up pretty quickly ( less than 1 min) if you leave a computer in the DMZ... that shouldnt even be on routers, without being burried deep in the configuration, imho.
PRO Level 14
User avatar
Posts: 882
Joined: Mon May 02, 2005 2:06 am

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 2 guests

cron
cron