Is it safe to do this ?

Discussion in 'privacy general' started by Old Monk, Nov 2, 2006.

Thread Status:
Not open for further replies.
  1. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi

    This is a bit of a newb question but I'll ask anyway. The second part really crosses over into Software and Services but if I don't like the answer to the first part then the second is somewhat redundant.

    Okay - scenario.

    Computer A- sits on a Broadband connection behind a Netgear router with a free AV and no other resident protection. No real reason to think it is infected at present but Spybot did detect a keylogger and fixed that problem. However, no guarantee that it is clean.

    Computer B- Laptop on a dial-up connection. Resident NOD 32, LooknStop,Counterspy, SSM full, PG full, ShadowSurfer and Spyware Guard. Various other on-demand scanners. Never any sign of infection and as reasonably sure as one can be that it is 100% clean.

    Question is, if I connect the laptop to the broadband connection therefore I guess, effectively networking the 2 machines, if Computer A is compromised in any way does that mean the laptop is vulnerable to cross infection, and if so how ?

    Secondly then.

    If I can be sure that the laptop has no chance of being compromised, what do I need to do to physically to hook the laptop to the broadband connection (cabling etc) and how do I configure the laptop to accept the connection. Sounds like LnS is a bit tricky to configure behind a router but I'm a big fan so would be reluctant to let it go.

    Thanks for reading and hope someone can give some guidance.
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,
    The machine should not get infected - out of the blue.
    There must be an active attempt for something like that to happen.
    Meaning, specifically malware - if any - on the infected computer trying actively to copy and execute itself on other LAN machines.
    In practice, it is never good to have an enemy behind your lines. You should make sure to apply rule 1 - where there's any doubt there's no doubt.
    As to how to configure LnS - no experience with it at all.
    Mrk
     
  3. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi Mrkvonic

    Thank you very much for your response. I always read your posts with interest

    Would an infected machine automatically recognise a new machine on the LAN and automatically try and do that ? So a compromised LAN doesnt necessarily mean each machine on the LAN is vulnerable if they're adequately protected ?

    Indeed !

    Bit cryptic for me at this time of night - but I guess you're saying it ain't worth the risk.
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,
    An infected machine will do only what its malware tells it.
    If this malware is coded to try to infected new shares / volumes / files, then yes, otherwise, it will have no effect.
    The problem is that on LAN - you treat your machines as TRUSTED and configure your firewall to allow internal communication - and this is where trouble can start.
    The rule 1 is from the movie Ronin - an excellent one with De Niro. Here, the rule applies like this: if you think the machine is / was infected - in your place, I would reformat and reinstall.
    Mrk
     
  5. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi Mrkvonic

    I guess my poor laptop stays on dial-up then :'( Never mind I'd rather be slow and safe than fast and loose :cool:

    Thanks for the film tip, I'll look out for it.
     
  6. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    you could post a hijack this log @ gladiator anti-virus forums or w.e ( i forgot the link sorry) and see if the laptop is clean then hook it up..., dial up must suck lol. I myself never had it .... but my friend did...
     
  7. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Wether the laptop is wireless or not set it up with an ethernet cable(computer cable) at first is recommended. The laptop can go online then with not much or no configuring, just plug in the cable from laptop to router, not sure about your firewall, but should be quite simple. If wireless you'll have to run the disk to set that up on the laptop, depends. After you could also run the 'mshome' network wizard to share files and hardware like a printer.
     
  8. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Thanks btman

    The laptop is fine as far I'm concerned - it's keeping it that way that I'm worried about. Unless I'm way off beam here, surely it's the suspect machine (Computer A)that I should post the HJT log for ?

    And yes, dial up does suck especially when Computer A is on 2 Meg connection :blink:

    Thanks Meriadoc - once Comp A is clean, I may well give it a go.

    From the forum, LooknStop does look a bit messy with rules etc, so as I'm getting stealth reports from Comp A behind the router, I may just disable the internet filtering in LnS and just use it to monitor outgoing requests which shoud be ok I guess.
     
  9. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    you can go to shields up - https://www.grc.com/x/ne.dll?bh0bkyd2 with your laptop while it's still on dial-up and scan All Service Ports

    if it comes back as Stealthed then it's safe to use on the braodband connection, as long as you don't connect the two computers together (just plugging the laptop into the router wont do that)

    you need to get one of these cables
    cat 5 cable
    or a cat 6 cable
    or an ethernet cable to plug the laptop into the router.
     
  10. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Thanks iceni60

    Laptops been stealthed for a good while ;)

    Didn't realise that and thanks for the physical connection advise.
     
  11. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    sorry, i was thinking more of a virtual connection. like being able to do things on one computer from the other - sharing files etc. if you don't go out your way to do that then i think you'll be OK.

    you can have your own network where there's less security behind a router (in your case it would be a network of two computers) because the router will block things from the internet, unless something from within has asked for a connection to be made - like browsing the internet.
     
  12. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi, I'm not quite following you there Iceni60

    In essence, and let's assume for arguments sake that Comp A is clean, all I want to do is enable the laptop to use the broadband connection of Comp A.

    Nothing else, no file sharing etc. Effectively, treat them both as far as possible as stand alone computers but sharing the same internet connection.
     
  13. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i'm not very good at explaining stuff lol, but there should be no probelms if you just plug the laptop into the router and start using broardband :D
     
  14. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Me neither LOL

    Sounds good enough to me :D

    I'll give it a whirl.
     
  15. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    If it would make you feel better - obtain a firewall and install it on A and set it to block all traffic from the IP's of any other computers on your network. That way A cannot receive any communication from B. Although it is not necessary you can implement this if you wish to leave less to chance.
     
  16. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Thanks for that Q Section

    I can't afford to screw connectivity up on Comp A by fiddling around with making a software firewall work with the router. I'm not knowledgable enough for that.

    Alternatively therefore, I assume I can set LooknStop on Comp B to block communication from Comp A ?

    That would be ideal as it's Comp B that needs the best protection.

    But again, I guess that means enabling the internet filtering and messing with rules to make it work with the router. Ho hum - bit of a conundrum.

    Think I must really make the effort to understand making rules in LooknStop. Enhanced Ruleset has always sufficed in the past

    If I go this route, I'll take advice from the LnS forums.

    Thanks again for the suggestion.
     
  17. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    You are welcome.
     
  18. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I've never had to specifically alter Look'n'Stop to accomodate any router, on any of the dozen or so systems I've installed it on.

    Your original question, however, is one of the scenarios in which you really should have a software firewall when you also have a router. Just remember that a router does not filter traffic, it's a router and not a firewall (although it may have *some* firewalling capability added separately), it just drops incomming connections because it doesn't know what else to do with them. A router will happily allow *any* outgoing network traffic, regardless of what kind it is, unless the manufacturer specifically put in some safeguards.
     
  19. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi Notok

    Thanks for your input.

    Since the last post here I've gone ahead and connected the laptop without a hitch :) Just connected an ethernet cable to the router and that was that.

    As regards LnS, that also just seemed to work. I'd been put off a bit by the sticky and other related threads in the forum concerning routers, but as I say, no problem.

    I do get traffic blocked that is the same IP address as the one that shows in LnS connected field, except the last digit is different. I guess that's something to do with the router. Anyway, anything that LnS rules does block doesn't seem to have any affect on either machines connectivity so that's fine by me :)

    By the way, the router has NAT firewall and SPI firewall built in which I guess is good. :thumb:

    I'm happy now with this especially with LnS working so smoothly that I can have it enabled for outbound application filtering.

    Incidentally, what a joy having broadband on a machine with apps that need updates. Bit Defender took about 30 mins to update - now it's more like 30 seconds !

    Just imagine how many security apps I can download and play with now :D
     
  20. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Hehe, pretty soon you'll wonder how you ever went without broadband :D

    The SPI is good for sure, the NAT (Network Address Translation) is the part that ignores incomming connections simply because it wouldn't know what else to do with them. Sorry to keep pressing the point, I just think it's important to understand that NAT routing isn't the same as a firewall, although it is still a very good thing to have for security if nothing else. :) Hardware appliances are great, especially if they do any degree of actual firewalling, but software firewalls will let you fine tune and further restrict things a lot more, as well as keep LAN traffic in check.

    As far as the connections you're seeing blocked, if it's from 192.168.[x].1, then that would indeed be your router. If you don't want your logs to fill up with those, you can either allow the traffic (usually safe, although not always recommended... you can always ask for advice) or create a rule to specifically block it and turn off logging for that rule (only danger there is that if it does block something needed, say a ping reply, then it makes it harder to identify). Either way, the nice thing about LnS is that you can just right-click on the log entry and "Create Rule", then change the properties if needed. I love LnS for it's ability to easily create rules like that.

    Anyway, enjoy :)
     
    Last edited: Nov 23, 2006
  21. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    It is not "must".
    I know someone call it technical attack. This refers to an attack which requires zero user interaction to launch this attack to compromise the computer. The only requirement is a connection to the Internet (or the infected machine in this case), nothing more nothing less. It is especially easy to see in older versions like Windows 95 & 98.

    Although your security suite might be able to stop it, the potentiality is there. Software is something which has many bugs and exploits. There are always methods to bypass the protection. I have heard many news and cases about it. Sometimes people just don't know how a malware can bypass their solid secuirty suite (yes, because malware are intended to infect you witohut your knowledge). They have common sense on security. Still their computers are infected. If they are something like trojans or keyloggers or rootkits, you may very well never notice the malware if you don't try hard to spot it out.
     
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,
    Computers are not black magic. Things don't just happen.
    Rootkits don't pounce your computer like a horde of Huns. You invite them.
    Mrk
     
  23. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Please kindly read the following.

    Extracted from spywareinfo
    (this article warns any antivirus or antispyware etc. maker that your program will become pretty pointless in the future if you don't offer your user to run your program outside the operating system because the OS is NOT going to be trustworthy)
    Also it appears you think that your mouse-click or key pressed is nothing but unbreakable, aren't you? If not, that's fine.

    Otherwise you should rethink. You may imagine the prompt has some magics that it makes the malware impossible but have to always popup the dialog and ask you to click on it to let it run on your system.

    There is no magic about your mouse-click or key pressed. A computer can't distinguish who gets on it. Your mouse-click or key pressed is just a command/message after all. A malware can imitate your actions and the computer will act upon. Read this:

    (From ProcessGuard):
     
    Last edited: Nov 30, 2006
  24. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hey there Monk.... don't worry so much, your set up is fine. Your laptop shares a connection and nothing else. So unless you make an effort to access an infected machine either in your home or via the internet your screens should suffice. No guarantees of course.

    I put a H/W firewall after the cable and before the router, that protects both my computers from bad packets and intrusions since it stealths both PC's.
    You could do that as well.

    As far as the super parasite undetectable and coming soon to a computer near you, forget it. I waited 25 years for a nuclear war and it never came.

    Prevent via screens and scan for evil and that is all you can do!

    Enjoy you new toy and faster surfing....:D
     
  25. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Wai_Wai, that is all fine and dandy, except that there is one huge problem in your no user malware attacks. How the .... did the malware get on the pc in the first place. The user. End of discussion

    That great website exploit, oh a user has to go to the website in order to be affected. Nothing new

    Malware imitating users, again nothing new. Scripts do it all the time. But how did the malware get on the pc, the user had to get it some way shape or form

    By the way, I don't think there are many if any remote attacks on older DOS based windows systems because there are not really any services running, which means no open ports, which means nothing to be exploited, but correct me if I am wrong since I only used Windows 95 briefly.

    Cheers,

    Alphalutra1
     
Loading...
Thread Status:
Not open for further replies.