2

If I had a firewall with two interfaces - one to an internal private network and the other on a link local network (169.254.0.0) - and sent all questionable requests to the link local computer, could a virus on that computer get access to the private network?

Tracy Cramer
  • 853
  • 5
  • 10
  • What prevents me from creating a request that does not meet your definition of questionable that contains an exploit? – Glen Pierce Sep 11 '18 at 01:59
  • @GlenPierce, 'questionable' in this case was an generalization for 'IP Address' from this question: https://security.stackexchange.com/questions/193393/advised-to-block-all-traffic-to-from-specific-ip-addresses – Tracy Cramer Sep 11 '18 at 21:47

3 Answers3

2

A virus is just a computer program. If Computer A can communicate with Computer B by any means, a virus on Computer A can reach Computer B. Reach, not necessarily infect.

To a virus infect Computer B, it must use a vulnerability, usually remote code execution. On a network where all computers share the same OS version and the same group of applications, usually infecting one computer via network is enough to infect all others.

If the firewall allows traffic from link local to the other network, any virus on Computer A have the possibility of reaching Computer B.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • So as long as the firewall doesn't become infected, the link local computer cannot infect computers on the private network? – Tracy Cramer Sep 11 '18 at 00:06
0

By definition, a link local IP address should not be routed out of the current network segment as it only has value on the local link and is there to provide services on the local link only. Or stated another way, no properly designed router (i.e. L3 device, like your firewall) will forward traffic from a local link address off the local link.

So, yes, a device with a local link address that is infected with malicious software of any kind should not be able to reach any device not on the local link. As such it would not be able to spread the malicious software off of the local link.

However your described situation has a number of flaws. The first and foremost is that 169.254.0.0/16 address should not be assigned manually or by DHCP server to any device, as per RFC3927. This will make any sort of configuration difficult (if even possible in the first place) and subject to interruption in the process should the associated address change.

Community
  • 1
YLearn
  • 3,967
  • 1
  • 17
  • 34
-2

Computer virus' are nothing but files. So, yes it is possible for the infected file to transfer from one system to another. The effect of the incoming malicious file on the receiving computer will depend upon its vulnerability.

nitishkapur
  • 1
  • 1
  • 3
    You have repeated exactly what the other answer says. We expect that answers are unique or have a unique perspective. – schroeder Sep 12 '18 at 10:57