From owner-freebsd-net@FreeBSD.ORG Wed Sep 15 12:58:45 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 99A0316A4CE for ; Wed, 15 Sep 2004 12:58:45 +0000 (GMT) Received: from vineyard.net (k1.vineyard.net [204.17.195.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EDEA43D31 for ; Wed, 15 Sep 2004 12:58:45 +0000 (GMT) (envelope-from ericx@vineyard.net) Received: from localhost (loopback [127.0.0.1]) by vineyard.net (Postfix) with ESMTP id E7EAD91626; Wed, 15 Sep 2004 08:58:43 -0400 (EDT) Received: from vineyard.net ([127.0.0.1]) by localhost (king1.vineyard.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 62727-01-98; Wed, 15 Sep 2004 08:58:43 -0400 (EDT) Received: from vineyard.net (cheesenip.vineyard.net [204.17.195.113]) by vineyard.net (Postfix) with ESMTP id 7B64891554; Wed, 15 Sep 2004 08:58:43 -0400 (EDT) Message-ID: <41483C82.8070108@vineyard.net> Date: Wed, 15 Sep 2004 08:58:42 -0400 From: "Eric W. Bates" User-Agent: Mozilla Thunderbird 0.5 (X11/20040208) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Pat Lashley References: <41473DD3.7030007@vineyard.net> <41473EF6.8030201@elischer.org> <414793FF.3000008@vineyard.net> In-Reply-To: X-Enigmail-Version: 0.83.4.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS-king1 at Vineyard.NET cc: freebsd-net@freebsd.org Subject: Re: To many dynamic rules created by infected machine X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Sep 2004 12:58:45 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pat Lashley wrote: | --On Tuesday, September 14, 2004 20:59:43 -0400 "Eric W. Bates" | wrote: | |> It's a small store. Folks with broken computers bring the |> machines in because "It doesn't work". They usually don't |> know what is wrong with any given machine; and they try to |> be careful (remove the hard drive and attempt to clean it |> first); but eventually there is a need to put the machine |> on line and try to update Norton's virus list. | | | Befoe bringing it on-line, why not mount the disk on a FreeBSD | machine and run ClamAV over all the files? It's not guaranteed | to catch everything; but it should at least reduce the window. They do something similar. They mount it on a windows machine and run Norton. The reality I'm trying to accommodate is that the staff will not always be knowledgeable, and even if they follow procedure there will always be a virus or spyware that gets thru. Clearly this problem could have easily been solved by simply unplugging the damaged machine from the wire. | You could also consider setting it up so that the initial | reconnection is on a separate cable going through a firewall | that -only- allows the connections necessary to update the | Norton virus list. Once it is updated, unplug it from the | network, run the virus check, and only then plug it into | your main LAN. That's a good idea. | | -Pat - -- Eric W. Bates ericx@vineyard.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFBSDyCD1roJTQ4LlERAjXKAKDIbeevdb3YlMs+b4lvJhan0NpwpQCeJ7ti gxVqzQQ5L5g61y1DSmMK4UM= =88RM -----END PGP SIGNATURE-----