Quick Question: Virus Jumping / Spreading

Discussion in 'other software & services' started by screamer, Oct 20, 2007.

Thread Status:
Not open for further replies.
  1. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    I have a home network consisting of 5 boxes: 3 hardwired & 2 wireless. There is another box wired / connected to the router for internet, not accessing the network.

    Here's the question: If the box connected to the router (not connected to the network) gets infected, how likely / possible is it that the virus can spread to the networked boxes. All the machines are fully protected: FW, AV, HIPS, so the question is not "will they get infected" but rather how likely is it that the virus can jump through the router?

    ...screamer

    Edit: Virus = Malware
     
    Last edited: Oct 20, 2007
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Well, I'm not sure about your network setup, but if that machine is in the DMZ, it should be completely separated from your LAN.
     
  3. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    It's not in the DMZ, it's on the LAN side of the router. I've never been able to see this box in Networked Computers.

    If you've got any suggestions how to isolate it, I'd like to hear them

    ...screamer
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    The best way to block unsolicited connections from this PC to your LAN hosts would be putting its IP in the blocked addresses of the hosts' firewalls. This way, the hosts' firewalls should drop all the packets from that PC.
    Perhaps some network expert may give you a better advice :)
     
  5. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    It's been a coupla years since I did this, and to the best of my recollection, this is what I did. It's outside on the porch, waiting for the trash to be picked up so I can't check the settings I applied.

    I set up this PCs FW to Block TCP / UDP, inbound/outbound to everything but 192.168.0.1 (router)

    The reason for this question is that I'm going to be replacing the "lone computer" and want to be sure it's isolated. Dual routers was suggested, but I'm afraid that that solution would slow down my Internet / wireless speeds.

    ...screamer

    edit: At first I had your solution, but since the IPs are Dynamically assigned it was a no win situation. I guess I could assign this PC a Static IP and then implement your solution.
     
Loading...
Thread Status:
Not open for further replies.