XP Firewall vs. infected computers inside LAN?

Discussion in 'other firewalls' started by Devinco, Mar 18, 2006.

Thread Status:
Not open for further replies.
  1. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    I have not seen this discussed before, so I thought I'd ask.

    If one or more computers within your LAN are infected with the latest and greatest malware, how well does the Win XP Pro SP2(unpatched) firewall protect another uninfected computer within the LAN?

    I am concerned about the time during reinstalling windows before one gets to update to the latest patches. The uninfected computer would have SP2, ICF on, File and Printer Sharing off, and remote assistance and desktop off.
    The LAN cable would be disconnected until the point when I am ready to connect to Microsoft Update. There would be no AV/AT or anything else at this point.
    From what little I've read about this, the infected computer(s) will try to spread via the LAN directly with various exploits and open ports.
    Besides open ports (which ICF should stealth), what are some of the attacks that need to be protected against to prevent infection?
    Would ICF be sufficient in this regard?
    If not, one solution would be to shut down all other computers on the LAN until the uninfected computer is fully patched and has a better firewall like Outpost Pro (or others) that may offer some protection from LAN based attacks. And that is not a very practical solution.

    The infected computer could also send emails and IMs to others on the LAN, but that is less of a concern than the direct LAN based attacks because by the time one can read emails and receive IMs, other security would be in place.

    What do you think?
     
    Last edited: Mar 18, 2006
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,
    You can download the patches manually and install them before you connect to the network.
    Mrk
     
  3. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    The XP firewall should prevent any worm infections from traveling to the unpatched computer from the infected ones. If you don't try and access the other computers files, you should be safe. Outpost won't offer any extra protection since your only concern right now is inbound attacks. Or, why don't you just fix the other computers? Sorry if that sounds too common sense :D

    Alphalutra1
     
  4. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Mrk,

    Thanks for the reply. The problem with downloading and manually installing updates is that it makes the assumption that there is another clean uninfected machine within the LAN that can download the manual updates. What if all the other machines on the LAN are infected? One should be able to create a clean computer without having to rely on other "clean" local computers.
     
  5. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Alphalutra1,

    What about virus infections?
    What if the other computer(s) have a Trojan controlled by a someone remotely and use the infected computers to attack the clean computer from within the LAN?

    I recall there was a Super Stealth plugin that would prevent ARP discovery. Wouldn't that provide additional cover from internal attacks?

    That makes good sense if you know the other computers are infected. But if the malware is active but hidden, one can end up spreading the infection by carelessness. To the best of my knowledge, the other machines are clean. But I don't have control of over the other users actions and all it takes sometimes is a few careless clicks to get infected.
     
Loading...
Thread Status:
Not open for further replies.