Is it safe to do this ?

Hi

This is a bit of a newb question but I'll ask anyway. The second part really crosses over into Software and Services but if I don't like the answer to the first part then the second is somewhat redundant.

Okay - scenario.

Computer A- sits on a Broadband connection behind a Netgear router with a free AV and no other resident protection. No real reason to think it is infected at present but Spybot did detect a keylogger and fixed that problem. However, no guarantee that it is clean.

Computer B- Laptop on a dial-up connection. Resident NOD 32, LooknStop,Counterspy, SSM full, PG full, ShadowSurfer and Spyware Guard. Various other on-demand scanners. Never any sign of infection and as reasonably sure as one can be that it is 100% clean.

Question is, if I connect the laptop to the broadband connection therefore I guess, effectively networking the 2 machines, if Computer A is compromised in any way does that mean the laptop is vulnerable to cross infection, and if so how ?

Secondly then.

If I can be sure that the laptop has no chance of being compromised, what do I need to do to physically to hook the laptop to the broadband connection (cabling etc) and how do I configure the laptop to accept the connection. Sounds like LnS is a bit tricky to configure behind a router but I'm a big fan so would be reluctant to let it go.

Thanks for reading and hope someone can give some guidance.

 

Hello,
The machine should not get infected - out of the blue.
There must be an active attempt for something like that to happen.
Meaning, specifically malware - if any - on the infected computer trying actively to copy and execute itself on other LAN machines.
In practice, it is never good to have an enemy behind your lines. You should make sure to apply rule 1 - where there's any doubt there's no doubt.
As to how to configure LnS - no experience with it at all.
Mrk

 

Hi Mrkvonic

Thank you very much for your response. I always read your posts with interest

Would an infected machine automatically recognise a new machine on the LAN and automatically try and do that ? So a compromised LAN doesnt necessarily mean each machine on the LAN is vulnerable if they're adequately protected ?

Indeed !

Bit cryptic for me at this time of night - but I guess you're saying it ain't worth the risk.

 

Hello,
An infected machine will do only what its malware tells it.
If this malware is coded to try to infected new shares / volumes / files, then yes, otherwise, it will have no effect.
The problem is that on LAN - you treat your machines as TRUSTED and configure your firewall to allow internal communication - and this is where trouble can start.
The rule 1 is from the movie Ronin - an excellent one with De Niro. Here, the rule applies like this: if you think the machine is / was infected - in your place, I would reformat and reinstall.
Mrk

 

Hi Mrkvonic

I guess my poor laptop stays on dial-up then Never mind I'd rather be slow and safe than fast and loose

Thanks for the film tip, I'll look out for it.

 

you could post a hijack this log @ gladiator anti-virus forums or w.e ( i forgot the link sorry) and see if the laptop is clean then hook it up..., dial up must suck lol. I myself never had it .... but my friend did...

 

Wether the laptop is wireless or not set it up with an ethernet cable(computer cable) at first is recommended. The laptop can go online then with not much or no configuring, just plug in the cable from laptop to router, not sure about your firewall, but should be quite simple. If wireless you'll have to run the disk to set that up on the laptop, depends. After you could also run the 'mshome' network wizard to share files and hardware like a printer.

 

Thanks btman

The laptop is fine as far I'm concerned - it's keeping it that way that I'm worried about. Unless I'm way off beam here, surely it's the suspect machine (Computer A)that I should post the HJT log for ?

And yes, dial up does suck especially when Computer A is on 2 Meg connection

Thanks Meriadoc - once Comp A is clean, I may well give it a go.

From the forum, LooknStop does look a bit messy with rules etc, so as I'm getting stealth reports from Comp A behind the router, I may just disable the internet filtering in LnS and just use it to monitor outgoing requests which shoud be ok I guess.

 

you can go to shields up - https://www.grc.com/x/ne.dll?bh0bkyd2 with your laptop while it's still on dial-up and scan All Service Ports

if it comes back as Stealthed then it's safe to use on the braodband connection, as long as you don't connect the two computers together (just plugging the laptop into the router wont do that)

you need to get one of these cables
cat 5 cable
or a cat 6 cable
or an ethernet cable to plug the laptop into the router.

 

Thanks iceni60

Laptops been stealthed for a good while

Didn't realise that and thanks for the physical connection advise.

 

sorry, i was thinking more of a virtual connection. like being able to do things on one computer from the other - sharing files etc. if you don't go out your way to do that then i think you'll be OK.

you can have your own network where there's less security behind a router (in your case it would be a network of two computers) because the router will block things from the internet, unless something from within has asked for a connection to be made - like browsing the internet.

 

Hi, I'm not quite following you there Iceni60

In essence, and let's assume for arguments sake that Comp A is clean, all I want to do is enable the laptop to use the broadband connection of Comp A.

Nothing else, no file sharing etc. Effectively, treat them both as far as possible as stand alone computers but sharing the same internet connection.

 

i'm not very good at explaining stuff lol, but there should be no probelms if you just plug the laptop into the router and start using broardband

 

Me neither LOL

Sounds good enough to me

I'll give it a whirl.

 

If it would make you feel better - obtain a firewall and install it on A and set it to block all traffic from the IP's of any other computers on your network. That way A cannot receive any communication from B. Although it is not necessary you can implement this if you wish to leave less to chance.

 

Thanks for that Q Section

I can't afford to screw connectivity up on Comp A by fiddling around with making a software firewall work with the router. I'm not knowledgable enough for that.

Alternatively therefore, I assume I can set LooknStop on Comp B to block communication from Comp A ?

That would be ideal as it's Comp B that needs the best protection.

But again, I guess that means enabling the internet filtering and messing with rules to make it work with the router. Ho hum - bit of a conundrum.

Think I must really make the effort to understand making rules in LooknStop. Enhanced Ruleset has always sufficed in the past

If I go this route, I'll take advice from the LnS forums.

Thanks again for the suggestion.

 

You are welcome.

 

I've never had to specifically alter Look'n'Stop to accomodate any router, on any of the dozen or so systems I've installed it on.

Your original question, however, is one of the scenarios in which you really should have a software firewall when you also have a router. Just remember that a router does not filter traffic, it's a router and not a firewall (although it may have *some* firewalling capability added separately), it just drops incomming connections because it doesn't know what else to do with them. A router will happily allow *any* outgoing network traffic, regardless of what kind it is, unless the manufacturer specifically put in some safeguards.

 

Hi Notok

Thanks for your input.

Since the last post here I've gone ahead and connected the laptop without a hitch Just connected an ethernet cable to the router and that was that.

As regards LnS, that also just seemed to work. I'd been put off a bit by the sticky and other related threads in the forum concerning routers, but as I say, no problem.

I do get traffic blocked that is the same IP address as the one that shows in LnS connected field, except the last digit is different. I guess that's something to do with the router. Anyway, anything that LnS rules does block doesn't seem to have any affect on either machines connectivity so that's fine by me

By the way, the router has NAT firewall and SPI firewall built in which I guess is good.

I'm happy now with this especially with LnS working so smoothly that I can have it enabled for outbound application filtering.

Incidentally, what a joy having broadband on a machine with apps that need updates. Bit Defender took about 30 mins to update - now it's more like 30 seconds !

Just imagine how many security apps I can download and play with now

 

Hehe, pretty soon you'll wonder how you ever went without broadband

The SPI is good for sure, the NAT (Network Address Translation) is the part that ignores incomming connections simply because it wouldn't know what else to do with them. Sorry to keep pressing the point, I just think it's important to understand that NAT routing isn't the same as a firewall, although it is still a very good thing to have for security if nothing else. Hardware appliances are great, especially if they do any degree of actual firewalling, but software firewalls will let you fine tune and further restrict things a lot more, as well as keep LAN traffic in check.

As far as the connections you're seeing blocked, if it's from 192.168.[x].1, then that would indeed be your router. If you don't want your logs to fill up with those, you can either allow the traffic (usually safe, although not always recommended... you can always ask for advice) or create a rule to specifically block it and turn off logging for that rule (only danger there is that if it does block something needed, say a ping reply, then it makes it harder to identify). Either way, the nice thing about LnS is that you can just right-click on the log entry and "Create Rule", then change the properties if needed. I love LnS for it's ability to easily create rules like that.

Anyway, enjoy

 

It is not "must".
I know someone call it technical attack. This refers to an attack which requires zero user interaction to launch this attack to compromise the computer. The only requirement is a connection to the Internet (or the infected machine in this case), nothing more nothing less. It is especially easy to see in older versions like Windows 95 & 98.

Although your security suite might be able to stop it, the potentiality is there. Software is something which has many bugs and exploits. There are always methods to bypass the protection. I have heard many news and cases about it. Sometimes people just don't know how a malware can bypass their solid secuirty suite (yes, because malware are intended to infect you witohut your knowledge). They have common sense on security. Still their computers are infected. If they are something like trojans or keyloggers or rootkits, you may very well never notice the malware if you don't try hard to spot it out.

 

Hello,
Computers are not black magic. Things don't just happen.
Rootkits don't pounce your computer like a horde of Huns. You invite them.
Mrk

 

Please kindly read the following.

Extracted from spywareinfo
(this article warns any antivirus or antispyware etc. maker that your program will become pretty pointless in the future if you don't offer your user to run your program outside the operating system because the OS is NOT going to be trustworthy)

Also it appears you think that your mouse-click or key pressed is nothing but unbreakable, aren't you? If not, that's fine.

Otherwise you should rethink. You may imagine the prompt has some magics that it makes the malware impossible but have to always popup the dialog and ask you to click on it to let it run on your system.

There is no magic about your mouse-click or key pressed. A computer can't distinguish who gets on it. Your mouse-click or key pressed is just a command/message after all. A malware can imitate your actions and the computer will act upon. Read this:

(From ProcessGuard):

 

Hey there Monk.... don't worry so much, your set up is fine. Your laptop shares a connection and nothing else. So unless you make an effort to access an infected machine either in your home or via the internet your screens should suffice. No guarantees of course.

I put a H/W firewall after the cable and before the router, that protects both my computers from bad packets and intrusions since it stealths both PC's.
You could do that as well.

As far as the super parasite undetectable and coming soon to a computer near you, forget it. I waited 25 years for a nuclear war and it never came.

Prevent via screens and scan for evil and that is all you can do!

Enjoy you new toy and faster surfing....

 

Wai_Wai, that is all fine and dandy, except that there is one huge problem in your no user malware attacks. How the .... did the malware get on the pc in the first place. The user. End of discussion

That great website exploit, oh a user has to go to the website in order to be affected. Nothing new

Malware imitating users, again nothing new. Scripts do it all the time. But how did the malware get on the pc, the user had to get it some way shape or form

By the way, I don't think there are many if any remote attacks on older DOS based windows systems because there are not really any services running, which means no open ports, which means nothing to be exploited, but correct me if I am wrong since I only used Windows 95 briefly.

Cheers,

Alphalutra1