SPAM/Firewall "learning"...??

[John Prophet]

Ok, I have been lucky myself with using juno for email....I just dont get much spam at all....and I used to be on dialup and now that I am on broadband I am behind a router...which blocks a large percentage of threats etc.

But.....I need to learn/experiment with spam blocking and firewall setup etc.


So here is what I want/need to do.

I want to have a "scratch" machine(s) that is "open" to the internet to experiment with....to learn about spam blocking/popup blocking and software firewall configuring etc.

I have the Linksys befsr41 router. I also have a some simple switches and hubs at my disposal.

My main concern is...how can I "play around" with my scratch machine without endangering the rest of my machines/network.

I usually have some new machines that are for sale hooked up online and also this machine which I mainly use.

How can I best isolate the scratch machine so it wont be an open door to the other machines?? Are there any functions in the router that allow the one machine to be seperate....I know that DMZ opens up machines to the internet...but would that then make my whole network vulnerable to a hack or trojan if the scratch machine got hacked or trojaned?

I wanted to make a "junk" email account on my broadband isp, using outlook express...and then use that account to try out spam filtering procedures. How can I keep the rest of the network safe if I accidentally get a trojan in email? lol.

What if I bought a switch that did vlans?....I suppose that would work.....other than that, is there any way to seperate one port of the router from the others???


Ive never used linux so things like smoothwall would be a steep learning curve, although I eventually wanna play with that also.


Any ideas?? Thanks, JP

Put the SPAM machine before your router. You'll have to have two NIC's in it.

[John Prophet]

Then just give the second nic a static IP for the router?

I plan to try to simulate what newby users do..click on everything, lol.....the fact that I will be "inviting" junk spam etc....what happens if I get a trojan on the spam machine...will it be passed on thru or will the router block it?


Maybe I should just disconnect (swap out) the router altogether while I "play" lol.

Your current security should handle anything the SPAM machine gets.

You could set it up as a DMZ host I think also. I believe that let's anything through to that one IP address. Look under your 'Advanced' tab. I forgot about 'til just now.

Although, I don't like that idea of letting that junk through the router. That's why I suggested the machine in front of the router first.

[John Prophet]

hehe, I just took the router out of the circuit by coming from the cable modem straight to a non firewalled, non AV dell optiplex w98se machine.

It does have most of the latest windows updates..maybe not the one from around oct 3.

Anyway, I go to www.grc.com..run "shields up" ..scanned all the ports hoping to see lots of "open" ports......lol....none of them were "open"...although of course only a few were "stealthed" including 80......I guess the isp has some stuff in place also.

Why werent any of the ports "open"?

This isnt fair, I want to get a trojan! lol.
Seriously though....how do you have a clue how well your firewall is setup?? Especially if a dead stock machine has everything "closed"....I guess with a firewall I should have it all stealthed?

How would I really know if I had a customers firewall setup nice and tight?? Are there some good sites besides grc that test for exploits etc?

JP

to be honest i really dont like GRC "shield test"

i suggest you go to http://www.gfi.com/languard/

download the free evaluation and scan your own ip. you be surprised on whats open

screw the sign up on the site

get it here

GRC says firewall penetrated but really does not offer any real help IMHO.

Languard will tell you what you have open

[John Prophet]

hmm, only for w2k or xp.

I dont have either of those built to play with at the moment. But I suppose I will before the 60day eval runs out.

JP

[Eraserhead]

How about setting it up as a web server. Port 80 will be wide open :0

[implexant]

GRC = crap

First of all, get a linux machine and turn it into a router/firewall/IDS. Then setup an internal mail server such as ArGoSoft or some linux variant. Get a spam filter for it. Then publish the server's email addy everywhere. Believe me, then you'll have plenty of pratice with spam

Setting up a web server and practicing security would be kinda fun.

I filter about 70 messages a day of spam through my little server.

Anyway, good luck on everything!

-Chris

hey john if you would like ill scan your ip address and tell you whats open


just kidding!