[ previous ] [ next ] [ threads ]
 From:  Michael Brown <knightmb at knightmb dot dyndns dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: FW: [m0n0wall] malware HackTool.win32.ArpAttacker.3020
 Date:  Tue, 06 May 2008 22:23:33 -0500
Yeah, this will be a tough one. If everyone is on a switch (along with 
m0n0wall), you can't really cut them off because even if m0n0wall is 
ignoring them, everyone else is still listening to their computer while 
it spews garbage. Short of unplugging their Ethernet connection, if an 
infected machine causing network havoc; it is harder to isolate.

What kind of scope are we talking about here? A private network? A 
business? A large network setup (like 100+ clients?)


Mohammed Ismail wrote:
> all connections are wired Ethernet connections 
> ADSL modem <<==>> wan int. m0n0wall LAN int. <<==>> Ethernet wired clients.
> all clients OS will be winxp
> and I cannot garantee good antivirus or firewalls on those PCs 
> so I want m0n0 to keep sending his MAC address to all Clients to maintain connectivity between
clients and m0n0.
> the Trojan name was HackTool.win32.ArpAttacker.3020
> thanks allot