[OPLINLIST] One way to check on a suspicious email

[Chad Neeper]

Just to expound on part of Bob's message a bit:

If you ever decide to ignore his warning and try something like this, be
aware that even though you may be playing with a "frozen" computer, you're
still not playing in a true sandbox if your test computer is attached to
your production (patron/staff/otherwise) network. As soon as you infect
your test computer, you potentially expose ALL of the other devices
(computers/printers/portable/etc) attached to that local network. If the
malware that gets installed decides to scan the local network for other
devices to infect, it will no longer matter that the test computer is
protected by Deep Freeze because the malware will begin to try to infect
all of the other devices on the network, frozen or not.

In Bob's case, the particular network segment he used as his sandbox, while
not a perfect sandbox, mitigates his exposure risk, even in a network
scanning scenario. He still took some risk, but it was a known and
calculated risk.

So, if you DO ever decide to play, please play with extreme caution.



Actually, on second thought, never mind. My phone number is in my sig. Go
ahead and play carelessly!  ;-)


Chad

______________________________
*Chad Neeper*
Senior Systems Engineer

*Level 9 Networks*
740-548-8070 (voice)
866-214-6607 (fax)

*Full LAN/WAN consulting services -- Specialized in libraries and schools*


On Wed, Jan 23, 2013 at 1:54 PM, Bob Neeper <neeperro at oplin.org> wrote:

> You generally should stop here and delete the message, but I went a bit
> farther.
>        (Don't do this on a PC you really care about, or is connected to
> the staff network. Better yet, just don't do it.)
> Using a Deepfreezed PC, I entered just the link *{link removed}* This is
> a valid Korean company.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplinlist/attachments/20130123/eb01d21e/attachment.html>