G
Guest
Hello all
I know that it's hard to get a "tutorial" on a newsgroup but here goes....
Background: I want to construct some kind of "virus cleaning lab". I was thinking of setting up a multihomed Windows XP machine with ICS and port filtering through IpSec. My idea is that if I have to clean out a virus infected machine (and have to quite often now) then I could plug it in as a ICS-client of the winXP machine and the port-filtering would prevent any virus to spread. At the same time I want be able to connect the infected computer to Windows update in order to patch it and run an kind of online virus cleaning (for example "Housecall" to Trend Micro)
First question: Is this a good way to do it?? If anyone has a better suggestion on how to do this then I'd love to hear about it
Second question: The embarasing part is that I can't configure ipsec filtering correctly. I'm using local policy and have set up filtering to block all IP-traffic except TCP port 53 and 80. The result is that I can't connect to Windows Update. "Page cannot be displayed". I then allowed ports 1063-65535 (kinda ruins my idea of containing the virus but I had to try) and ICMP. Still no dice. What am I doing wrong??? I thought that opening 53 (DNS) and 80 (HTTP) and closing the rest ought to do the trick...
I know that it's hard to get a "tutorial" on a newsgroup but here goes....
Background: I want to construct some kind of "virus cleaning lab". I was thinking of setting up a multihomed Windows XP machine with ICS and port filtering through IpSec. My idea is that if I have to clean out a virus infected machine (and have to quite often now) then I could plug it in as a ICS-client of the winXP machine and the port-filtering would prevent any virus to spread. At the same time I want be able to connect the infected computer to Windows update in order to patch it and run an kind of online virus cleaning (for example "Housecall" to Trend Micro)
First question: Is this a good way to do it?? If anyone has a better suggestion on how to do this then I'd love to hear about it
Second question: The embarasing part is that I can't configure ipsec filtering correctly. I'm using local policy and have set up filtering to block all IP-traffic except TCP port 53 and 80. The result is that I can't connect to Windows Update. "Page cannot be displayed". I then allowed ports 1063-65535 (kinda ruins my idea of containing the virus but I had to try) and ICMP. Still no dice. What am I doing wrong??? I thought that opening 53 (DNS) and 80 (HTTP) and closing the rest ought to do the trick...