- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- How to isolate a machine from the network?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2022 08:18 AM - last edited on 11-18-2022 04:46 AM by support_s
11-16-2022 08:18 AM - last edited on 11-18-2022 04:46 AM by support_s
How to isolate a machine from the network?
Having a linux OS installed straight onto a HPE DL580 Gen10 or similar machine so no virtualisation involved here. Let's assume the OS is compromised by a virus or whatever. How can I make sure I completely isolate that system from the network remotely.
So the logic says that I should unplug teh network cable but cannot do that remotely.
The other thing is to disable the physical network card but can't really do that through the iLO either
So what other options do I have besides powering off the machinee?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-17-2022 10:12 PM - edited 11-17-2022 10:13 PM
11-17-2022 10:12 PM - edited 11-17-2022 10:13 PM
Re: How to isolate a machine from the network?
> How to isolate a machine from the network?
Define "the network". Do you mean the Internet, or the system's LAN,
or what, exactly?
> [...] completely isolate that system from the network [...]
Define "completely isolate". (And "the network".)
> [...] the logic says that I should unplug teh network cable but cannot
> do that remotely.
Do you ever want to talk to the system remotely again? If you
disable the system's link to the outside world, and you're _in_ the
outside world, then that would seem to be a one-way path.
Disclaimer: "a linux OS" is not a very detailed description of your
particular GNU/Linux distribution/version, and I don't use GNU/Linux
very much, so my GNU/Linux admin knowledge could be very stale. But,
generally, ...
If I wanted to disable some network interface with a command, then
I'd look into "ifconfig".
man ifconfig
ifconfig -a # Identify the interface of interest. "eth0"?
ifconfig eth0 down # For example.
If I wanted to leave the LAN connection as-is, but disable
communication beyond the LAN, then I might fiddle with the routing.
netstat -rn
For example, if the only interesting routes are the (implicit) route
to the LAN and the default route ("default" or "0.0.0.0" to your
router?), then I might change the default gateway from the actual router
to some address which no one is using.
route change default 127.0.0.123 # Some bogus address.
I'd expect commands like these (untested ones) to cripple some or all
of the system's network communication.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2022 02:04 AM
11-20-2022 02:04 AM
Re: How to isolate a machine from the network?
> Define "the network". Do you mean the Internet, or the system's LAN,
or what, exactly?
The system's LAN, any outside network connection from the OS
> Define "completely isolate". (And "the network".)
I mean no network packets can be sent out from that OS
> Do you ever want to talk to the system remotely again? If you
disable the system's link to the outside world, and you're _in_ the
outside world, then that would seem to be a one-way path.
Yes, access to that system could be done later by physically reaching the hardware, after the system have been contained and a restore plan has been setup depending on the threat.
> Disclaimer: "a linux OS" is not a very detailed description of your
particular GNU/Linux distribution/version, and I don't use GNU/Linux
very much, so my GNU/Linux admin knowledge could be very stale. But,
generally, ...
The linux distro is Fedora but your solution could not be valid as if that system is compormised, every network change configuration from withing the could be reverted. This is why I need a different solution/approach.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2022 06:32 AM
11-20-2022 06:32 AM
Re: How to isolate a machine from the network?
> [...] your solution could not be valid as if that system is
> compormised, every network change configuration from withing the could
> be reverted. This is why I need a different solution/approach.
If I couldn't trust any software on the system, and I couldn't
disable its network connection externally, then I'd shut it down and/or
power it off.
To what is its network interface connected? If it's connected to a
network switch or router with some management capability, then I'd work
with that. But, if you can't trust anything it does, then why leave it
running?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2022 05:47 AM
11-23-2022 05:47 AM
Re: How to isolate a machine from the network?
Because if, for example, of a ransomeware attack powering off the machine while the data is being encrypted could end in data corruption so it;s better to let it finish and isolate the machine.
Powering off the machine was my first though also but I was thinking about an alternate solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2022 10:33 AM
11-23-2022 10:33 AM
Re: How to isolate a machine from the network?
> Because if, for example, of a ransomeware attack powering off the
> machine while the data is being encrypted could end in data corruption
> [...]
Unless I were planning to pay the ransom, I'd expect to need to
restore the system from a backup, so I wouldn't care about corrupting
data which I'd overwrite in any case.
> Powering off the machine was my first though also but I was thinking
> about an alternate solution
See "To what is its network interface connected? [...]", above.