[PLUG-TALK] Re: [PLUG] Selectively sealing workstations inside your own network...
Michael C. Robinson
michael at goose.robinson-west.com
Fri Sep 12 06:20:23 UTC 2003
Formerly on plug at lists.pdxlinux.org
> As this is a Linux user group, I'm not sure how much response you'll get
> asking about Windows products. However, I will say this:
The masquerading server is Linux based.
I wonder how to create a log for the user who turns off
Internet access of what their machine is trying to access
out on the web or what out on the web is trying to get to
their closed off machine. I figure on sending that log to
the user for examination when the info is requested. The
question of how do you detect if a computer on your network
is engaged in worm or other virus activity through a Linux
router has come up.
One thought I have with my outside firewall is to log any
Internet bound connection to a port that is unexpected, a
port other than smtp, www, ftp... Right now, I think all
outbound requests are just masqueraded equally.
More on the worm thread and my thoughts on sealing...
Right now I allow workstations to imap connect to the ISP. One
though is that I have a Linux mailhub and I'd like everyone to go
through it whether or not they are ready to use a
robinson-west.com email address. If I close off imap to the
ISP and set up fetchmail, can I filter out Windows viruses/worms
coming in on email from ISP accounts? I'm thinking I can
require users to access their remote mail off of the local Linux
server instead of from the ISP's servers after those messages
have been filtered. I'd like it to go in a second mail box
aside from the local boxes where I don't want to give everyone
two Linux accounts.
What can I catch that will infect the Linux box? The disadvantage
of this is that the remote email won't be available outside the
local network after it is fetched, but nobody accesses ISP email
outside the lan anyways. I doubt that the ISP will filter for
worms/virii gratis even if being infected nails other customers.
The hoax worm I talked about in another post has come through
their system multiple times. One advantage with fetchmail approach
is that it shouldn't be necessary for people who use an opus email
address to contact one of my users to change right away.
-- Michael C. Robinosn
More information about the PLUG-talk
mailing list