How to stop malware from spreading in network?

Sorry man, I was being a little sarcastic to hopefully get more detailed infos to come out in this thread. Not trying to rock the boat. I know all of what you speak, but you did write up a pretty easily understood bit there. Nice job.

Are you sure about this piece though?

Have you ever messed with customizing ICMP along with ports 135-139? XP firewall made it easy to see the results. I don't remember now just what the different combos did in XP, but I did a bunch of testing to see how connectivity was affected and what ports were held open. If you know the IP of the local machines, you can do some cool stuff.

As well, you can utilize the hosts file and (trying to remember, think its right) the lmhosts file to further your internal LAN features. I can't recall now, but I remember messing with those as well and could segregate my network into different subnets using lmhosts I think.

Lots of neat tricks if you really want to get into it. Personally I make sure only one computer in the network has the Browser service running. I have seen instances of Browse Master conflicts. You don't really need it anyway in a LAN environment. I also keep my Server service on manual all the time. I have shares made, but unless I need to share I don't start that service. The quickest way to start it if you need to share files is (from run box or cmd.exe) sc start lanmanserver and stop it by sc stop lanmanserver. Sc.exe (service control) is nearly instant. Many use net start server and net stop server. It works, but is much slower. One must note though that if you use net you can reference the common name, but if you use sc, you must reference the technical name, which is visible using services manager snap-in (might be visible in task manager in vista/7, haven't looked).

Thanks for participating, I know the kind of time it takes to write stuff like that and make it easy to comprehend.

Sul.

 

I'm not sure where DNS and NetBIOS relate to one another. I've always thought of them as serving two different purposes. The DNS service built into so many routers is DNS Relay. It relays the DNS ip addresses (commonly from the ISP or another DNS service) from the WAN side through the LAN side, using the LAN side ip address (commonly 192.168.x.x or whatever) as the DNS server address that the pc(s) NIC see.

 

Some tips n tricks you might like to look at in here - https://www.wilderssecurity.com/showthread.php?p=1777553#post1777553

 

That's right. DNS might be confused with NetBIOS because the latter basically does the same thing within the LAN: translating host names names into local IPs.
Though that's pretty simplified, for a more accurate summary see
http://en.wikipedia.org/wiki/NetBIOS

PS
Thanks Sul for your #25

 

I am surprised nobody yet mentioned the ubiquitous vector... http://www.slate.com/id/2270003/pagenum/all/#p2

Not even putting an air gap between networks will stand in the way as exemplified by the most sophisticated malware known as Stuxnet which exploited 4 zero day backdoors or security holes to spread on networks.

 

Because USB != network
It's like saying: "Why has no one mentioned drive-bys, email attachments, keyloggers or what ever?". Completely different vectors and mitigation.

 

Thanks, I didn't know that. I learn something new everyday here from all you good folks.

 

Nah, somebody mentioned firewalling those above internet-based vectors. Anyways, it is implied in one of the posts of heavy1metal but solutions suggested is to make use of s/w firewalls.

As I have said it is the most ubiquitous vector to spread on networks. A case in point in securing a network.

 

Normally yes the routers will also include a DNS relay service because it cannot resolve external names, but go to Start > run > CMD, and type in nslookup, it will default to your router/gateway. Now ping or lookup the computer name of a local machine. I've done this before even after doing a ipconfig /flushdns (to insure it's not using a local cache), and it still resolves the name. (With netbios disabled on the machines on my network) Most do not have a toggle button for DNS because you'd only use it if the router's DHCP service is being used.

Otherwise, the router would just assign your ISP's DNS servers directly to each PC?

NetBIOS will not cache the full domain name like DNS will, but it is microsoft specific, and can be used to turn names into IP addresses. I did not know that it had two other purposes such as a session service and datagram distribution service. I believe I was thinking of an article I read about WINS, which was microsoft's attempt at a DNS. Though I can't remember who came first.

I do remember however some old school exploits where you could open/close the CD-Rom using netbios and other various little things

Just to go back on track instead of looking like I've hijacked the thread, I was wondering what the exact scenario or environment the OP is in? Is this @ home / work, is it something you're trying to do for a guest wifi, or do you have a child / sibling who you want to isolate?

 

Please see https://www.wilderssecurity.com/showpost.php?p=1777436&postcount=23 and https://www.wilderssecurity.com/showpost.php?p=1777465&postcount=24

What you just quoted was in response to https://www.wilderssecurity.com/showpost.php?p=1777050&postcount=17 and it is false or at least half-truth

 

/nod
Flash drives can be very dirty :-( We've disabled thumbnails and autorun.ini for that very reason. (Thumbnails are disabled, folders with Autorun.ini are blocked, they get "access denied". Including CDs, any software installs are to be done by IT anyway)

If you strip away "thumb drive" and think of "network share" then you're right where you began. (Just saying a thumb drive is a fair equivalent of a mapped drive) Lots of companies / people map drives, while not listed as "removable media" it's still plenty vulnerable in the same way.