LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-05-2008, 12:01 PM   #1
sgb77
LQ Newbie
 
Registered: Aug 2008
Posts: 5

Rep: Reputation: 0
Question Setting up a separate network for infected computer.


Hello all,
I would like to set up a separate network to connect infected computers. I usually get infected computers from family members friends and I fix them for them. Anyway, I usually run antivirus/antispyware in their winblows computers
But eventually I will need to connect them to the internet so I can get the latest updates for some of the software I use to clean up the computer.
So, I have a home server 192.168.1.3 and my firewall/gateway is 192.168.1.1
what I was thinking is to set up an extra network card in the server and give it another domain address like 192.168.0.5 and a switch so I can connect the infected computer. In the server computer I think I would need to add a route to have all traffic coming from the 192.168.0 network go to 192.168.1.3(my server) and out to the internet through 192.168.1.1.

Is this a correct approach to this problem?
I need some suggestions to do this as securely as possible, so my computers won't get infected if I plug an infected computer.

Last edited by sgb77; 08-05-2008 at 12:14 PM.
 
Old 08-05-2008, 01:18 PM   #2
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,064

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
This seems almost exactly the DMZ problem; its not the usual use (a DMZ is normally used with computers that you think might be compromised, rather than ones that you know are). I'm sure that you can search here, with google for 'dmz' and 'tutorial' or 'how-to' or look at wikipedia.
 
Old 08-05-2008, 03:20 PM   #3
grejon04
Member
 
Registered: Jun 2008
Posts: 43

Rep: Reputation: 15
Right, with the DMZ you can kind of back the firewall rules that pertain to your important stuff back far enough to allow questionable machines network access, albeit quarantined, so to speak.

Personally, when I get guilt-tripped into fixing friends' computers (and I know it happens) I tell them that I have to wipe their computer - and then I have an XP disc with SP2 (or 3) on hand, so the most important update is already done.

Fixing friends' spyware'd/virus'd/too much shit on 'em computers stems from what I call the guy-with-the-truck effect - if you have a truck, all your friends will always ask you to help them move. If you're a computer guy, even if you do something like hardware design or dev-testing, you will always be the "computer guy" to your uninitiated friends, meaning to them that your job is going into an office and cleaning up spyware/viruses/bloatware on people's crappy computers all day.

 
Old 08-05-2008, 04:14 PM   #4
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,087

Rep: Reputation: 407Reputation: 407Reputation: 407Reputation: 407Reputation: 407
I'd be happy to connect one windows-infected PC to my network, as my LAN is all linux, and will not notice or care.

Your simplest solution might be to unplug any windows computers from your network, then plug in the infected / cleaned computer, fix it up, unplug it, then restore your linux network.

Warning, the following may be off-topic:

Your friends are running windows?

I just say "You support it, ask Microsoft to fix it, pay for support, or stop using the interweb and clicking on all those dubious things. But if you are running linux, I am happy to try and help you".

Interestingly, I have almost no "support" calls from my friends and family who are running linux and they never have to bring me broken computers.

The last support call was "I have bought an Apple iTouch. It doesn't seem to work with linux. So I have bought you one too, so you can play with it and perhaps make it work, and then tell me what to do."

I played. They worked. We are both happy.
 
Old 08-07-2008, 10:37 AM   #5
sgb77
LQ Newbie
 
Registered: Aug 2008
Posts: 5

Original Poster
Rep: Reputation: 0
Thanks all, for your reply,

I know what you mean about the friend with the truck guy, I've been there done that. But I do charge people for this kind of work, usually I run a set of tools to clean up these computers and they are fine, once in a while however I do have to reinstall everything from scratch.
I don't really mind windows as long as it keeps making me money
I always suggest my customers/friends to use linux, but you know how that goes, too hard, or my games won't work complaints.. so I've decide it to let them use what they are happy with.
Frankly sometimes I have to use windows because applications I need to use do not run in linux.

Keep the suggestions coming, I have started to read about DMZ.

Thanks all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
trouble setting up separate desktops with xorg.conf and ATI X1300 Video Card robthom Linux - Hardware 2 05-24-2008 04:09 PM
Setting up VNC to access home computer from work through corporate network gopi.d Linux - Networking 2 12-19-2007 04:55 PM
chkrootkit suckit initng infected network 8% mimithebrain Linux - Security 4 03-29-2006 09:39 AM
Transfering hard drive w/ linux from separate computer to dual boot with Windows comp SonicGT Linux - Newbie 1 03-18-2006 02:56 PM
Quarantine infected machines on network! mikedeatworld Linux - Networking 9 02-18-2005 07:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration