I have a computer that I'd like to be able to remote onto. This computer cannot be connected to the internet however.
The exact reason why the computer can't connect to the network is that hackers managed to get root access on it and it was sending out spam (poor password lead to an easy hack). Because I'm at a university IT services disconnected this computer from the network.
It's not possible to reinstall the OS from scratch because it's part of a piece of scientific equipment and we'd need technicians to come out to do that (which we'd have to pay for).
What I'd love is a solution using a raspberry pi/laptop or something of that nature which could connect to the computer that's not allowed to be connected to the network directly. I'd use that computer to control the mouse, keyboard, and view the screen. This connecting computer would also be as locked down as I could make it.
I know this is likely to lead to a janky solution, if anything, but I'd love to hear any ideas you have. J
Could you not just boot the computer ( without networking ) and delete whatever that is on there causing spam to be sent?
I guess what i said would be considered easier said then done.
Thanks, my worry with that solution is that I just can't verify that I've removed everything, like you say.
I'm 100% sure the IT at the University would not allow it back on the network. Ever.
Only thing I'm thinking of is putting the OS into a virtual machine, but if it's for a specific piece of scientific equipment, the equipment would need to be able to be passed through to the VM.
Then you could remote into the host and then control the guest, but the guest wouldn't have network access.
The IT at the university would have to understand what was going on and why that would work though.
You might be able to connect to the computer by just hooking up an ethernet cable between it and another computer that you can control.
I mean, you should be able to tell the IT at the University to blacklist it's IP address or MAC address on their Gateway (to the Internet). Whatever their firewall is should be able to do it.
Then it has local "in the university only" access, but not internet access. So you should be able to remote to it from anywhere on campus (presumably).
I really like this idea but unfortunately I don't think that I'd be able to do it as the equipment is so complex that I wouldn't want to mess with it in this way and I think passing through would be too difficult
Good thought, I will ask IT services. I'd imagine that they'd worry it'd infect other computers on the network or something though.
Or you could ask them to borrow a router so that you can put it on your own isolated network.
That's a great idea actually. So I'd connect the router to the computer that can't connect to the internet and then connect to that router? I wouldn't then be able to use TeamViewer I think, would you suggest anything to use instead of it?
I'm guessing you can't use anything that isn't already installed on the blocked computer? What OS is it running?
What Operating System is it running?
I mean, there are ways to make other computers invisible to it.
Just put it on an entirely different subnet. So imagine all the devices at your university are on 10.X.X.X IP range, you would put yours on the 172.16.0.0 – 172.31.255.255 range.
If Windows, Remote Desktop is built-in. If Linux, VNC.
Windows 7. I really like that. I guess I'll have to ask IT services what's possible. Even if I need to install new software on it I can do so from a USB.
What are the requirements for being able to remote to it?
Do you just mean connecting to the machine with another machine, or do you mean "I need to be able to access this machine when I'm not physically around it."?
I presume the 2nd thing.
And you want to connect it back to the network?
Just no. If it was my network and you tried to reconnect it in any way id cut you and all your computers off the network, but that's just me.
It doesnt sound like you've had any investigation into what they did to that computer? If not you can only assume its completely compromised.
What suggests to you that they don't have a remote access trojan on there designed to phone home as soon as it connects to anything? Direct internet access isn't necessarily required.
What suggests to you that it doesnt have malware that might infect the rest of the network?
Even considering trying to reconnect this to any network is just a dumb mistake at least and deliberately negligent at most.
Keep it offline forever. Or get someone who knows what they're doing to look at it and ensure its clean, or reset the system.
At the very least you need to ask IT whats required to allow it on the network again. They might not care and just need it cleaned by someone or they may want it completely wiped. Standard operating procedures are to wipe compromised machines at least, and destroy them at most.
Thanks for the reply. Even connecting the compromised computer to it's own network with no internet access and accessing it using a special computer that can only connect to the compromised computer would be helpful, but I definitely see your point. I asked this question partly so that I could get responses like this.
What then happens to the second compute when its not connection to the application computer? Will you keep it offline? Will you connect it to the uni network?
It may be likely that the intruder wasn't particularly sophisticated considering their use of the machine, however as you haven't had anyone assess it you don't know that.
A intrusion by a person has a much higher risk in what they had complete access, its not necessarily just a piece of malware limited in scope, so its difficult to know what they may have done, so you have to keep that in mind.
I'd never connect the second computer to the internet or insert USB into it just in case. It would not be connected to the uni network. It seems like a decent solution to me.
That seems fine, but you'll have to keep this in mind going forward, and ensure when you do want to use the computers again on a network that you need to properly address the problem.
If you have a number of people using the system you might want to speak with the uni infosec team and see if you should implement a standalone syops that everyone needs to sign so that its clear to anyone using the system that it can never be connected to a network and can never be connected to any other devices except any that are single purpose for it.
they'd probably have an idea of what kind of risk the uni will and wont accept and what they'd suggest to implement to align with that risk.