[PLUG-TALK] Re: [PLUG] Selectively sealing workstations inside your own network...

Michael C. Robinson michael at goose.robinson-west.com
Thu Sep 11 23:20:23 PDT 2003


Formerly on plug at lists.pdxlinux.org

> As this is a Linux user group, I'm not sure how much response you'll get
> asking about Windows products. However, I will say this:

The masquerading server is Linux based.  

I wonder how to create a log for the user who turns off  
Internet access of what their machine is trying to access 
out on the web or what out on the web is trying to get to 
their closed off machine.  I figure on sending that log to 
the user for examination when the info is requested.  The 
question of how do you detect if a computer on your network 
is engaged in worm or other virus activity through a Linux 
router has come up.

One thought I have with my outside firewall is to log any 
Internet bound connection to a port that is unexpected, a 
port other than smtp, www, ftp...  Right now, I think all 
outbound requests are just masqueraded equally.


More on the worm thread and my thoughts on sealing...
Right now I allow workstations to imap connect to the ISP.  One
though is that I have a Linux mailhub and I'd like everyone to go
through it whether or not they are ready to use a 
robinson-west.com email address.  If I close off imap to the 
ISP and set up fetchmail, can I filter out Windows viruses/worms
coming in on email from ISP accounts?  I'm thinking I can 
require users to access their remote mail off of the local Linux 
server instead of from the ISP's servers after those messages 
have been filtered.  I'd like it to go in a second mail box
aside from the local boxes where I don't want to give everyone
two Linux accounts.

What can I catch that will infect the Linux box?  The disadvantage 
of this is that the remote email won't be available outside the 
local network after it is fetched, but nobody accesses ISP email 
outside the lan anyways.  I doubt that the ISP will filter for
worms/virii gratis even if being infected  nails other customers.
The hoax worm I talked about in another post has come through 
their system multiple times.  One advantage with fetchmail approach
is that it shouldn't be necessary for people who use an opus email
address to contact one of my users to change right away.

     --  Michael C. Robinosn




More information about the PLUG-talk mailing list