Simple anti intrusion script

[spaceman927]

I'm writing a simple anti intrusion script with a few different elements, currently my only problem is how to kill the network connections. There are so many ways to do it and I don't know the best option from a security perspective. I assume a simple ifconfig wlan0 and eth0 down will be too weak, so my other options are umount the pci ethernet card and wifi adapter or blacklist the drivers.

What I'm designing is a very temporary system locker so any individual who gained access or any worm (very unlikely?) will be cut off from the local network and my router connection. I only have a personal machine and a home network, no servers or anything crazy. I know how to code it i just would like to know the best method to use for severing the connections.

Thanks, guys.

[b4d_bl0ck]

Hey spaceman927,
I can't get the point of what you want to do...
If you are talking about software-locking a running system ok, but talking about physical locking... Do you think an intruder would be scared, even if you detach your interfaces cables? I can't understand your goal...
Also what do you want to protect? Your PC or your network? or both?
Probably the best thing would be encrypted disk, BIOS passwd, and mac-filtering on your router with new random mac address for your pc ethernet interface. As such you make your PC and your network just bruteforceable (you can make it quite unusable detachin all those stuffs and enclosing them into a safe lol!! But maybe then you might want to protect the safe looool)
But in the end: what the hell does this have to do with a script???  ;D with no details i can't tell anymore.

Bye.

[spaceman927]

There is no real point. I already have a bios power on and setup password, and i see where you're coming from. What I'm doing is more of an exercise in learning intermediate scripting, familiarizing myself with certain parameters,  and playing with things that i shouldn't be on  the system. I learn by doing.

[b4d_bl0ck]

Np, that's ok  ;)
It's always fine practicing... I was just trying to understand how can help.

So... have fun!

[weVeg]

Hi spaceman927,
may be playing with iptables you should obtain some result, you can block all out/ingoing connections and isolating your host, you can also allow only ssh for a troubleshooting matter (or block even that) ...
Quoting b4d_bl0ck "Do you think an intruder would be scared, even if you detach your interfaces cables?" , if you are under attack, I mean specific and focused attack, only a strong hd encryption and turned off machine could help you!
m2c

[spaceman927]

well if i have a live attack other than a simulation with someone that i know IRL, its over, I'll just unplug and then wipe my HD for safety, i've got everything important backed up. Mostly I'd like to capture and disable any linux worms/trojans <sarcasm>in the wild</sarcasm>, to reverse engineer them. I think an encrypted disk partition quarantine will do just fine. I like the iptables idea and i'll look into it more.

just to have a functioning command for my alpha testing i'm using echo -e "mypassword\n" | sudo -S ifconfig wlan0 down with a chmod 4775 and +x to the script. My intuition tells me there is an exploit to reverse that easily but as it seems, once executed i cannot do anything (that i memorized so far) to bring back access without reboot, except for another script with the same permissions runing ifconfig wlan0 up. I also put the same line for eth0, however i typically only use a wifi connection.

[weVeg]

Sorry but if your goal is "Mostly I'd like to capture and disable any linux worms/trojans <sarcasm>in the wild</sarcasm>, to reverse engineer them." there are honeypots that do that...

[spaceman927]

<<<<<<<<

[weVeg]

What that means?
Be smart man........

[spaceman927]

it was an arrow to my quote in the side bar. "because easy is too hard..."

[weVeg]

facepalm