How to prevent internet access for Viruses/Trogens/Botnets at the router?

Discussion in 'Networking Issues' started by Jacky, Apr 17, 2014.

  1. Jacky

    Jacky Reformed Router Member

    My ISP suspends my internet account whenever a virus is detected on my network. Is it possible to prevent internet access for Viruses/Trogens/Botnets at the router?

    My current Setup: Linksys E3000 router running Tomato. Wifi password - WAP2 personal

    My Business: I have a coffee shop, and I am required to offer free wifi to all my customer. I have a wifi password set to make sure only my customers are using the internet. There are about 50 - 100 different devices that connect to my Wifi everyday.

    How my ISP detects the virus: When a virus on a customer's computer connected to my network, connects to the internet to update itself, it connects to an IP address that has be Sinkholed (previously belonged to hacker, no belongs to security firm). After four days, the security firm then sends an email to my ISP saying a virus attempted to connect to their ip address. My ISP then Suspends my account.

    My ISP want me to prevent all Viruses/Trogens/Botnets from accessing the internet. How can I do this?
    It is not possible for me to run antiviruses on all the customers computers. It is not possible to block every port for every single virus known to exist.

    The only possible solution I can think of:
    1) Somehow prevent internet access for Viruses/Trogens/Botnets at the router.
    2) Use OpenDNS (I don't know if this will work/ or if this will slow my network down)
    3) Replace router with server running Pfsense and an antivirus (not sure if this will block internet access for viruses)
    4) Block the sinkhole IP address so that, it is not reported to my ISP (easiest solution, Not sure how to block IP address using tomato, URL Blocking does not block IP address)

    I want my ISP to stop suspending my internet account. What should I do? Your help is greatly appreciated.
  2. Resourze

    Resourze Network Newbie Member

    Hi Jacky,

    I think I might have a solution for you. Change your DNS Servers in your router to Comodo Secure DNS. It's a free service that will stop malware to connect to known Command Servers or search for updates. It won't stop new and so far undetected malware but it will halt a lot and hopefully your problems regarding your customers.

    "Safer - As a leading provider of computer security solutions, Comodo is keenly aware of the dangers that plague the Internet today. SecureDNS helps users keep safe online with its malware domain filtering feature. SecureDNS references a real-time block list (RBL) of harmful websites (i.e. phishing sites, malware sites, spyware sites, and parked domains that may contain excessive advertising including pop-up and/or pop-under advertisements, etc.) and will warn you whenever you attempt to access a site containing potentially threatening content. Additionally, our 'name cache invalidation' solution signals the Comodo Secure DNS recursive servers whenever a DNS record is updated - fundamentally eliminating the concept of a TTL. Directing your requests through highly secure servers can also reduce your exposure to the DNS Cache Poisoning attacks that may affect everybody else using your ISP."​

    I assume you know how to change this since you referred to OpenDNS.

    You can also find more information about free DNS Servers from other companies or authors here:
    Let us know how it work for you!
    Last edited: Aug 8, 2014
  3. dziny

    dziny Serious Server Member

    Changing DNS will not prevent his IP being reported since the customer will still connect to the "bad" IP. The solution that will work is to route all "café traffic" through VPN, in that case instead of his IP address the reported IP will belong to the VPN provider. Hence his ISP will never learn about it.
  4. WilsonL

    WilsonL Network Newbie Member

    The problem is most routers are underpowered and aren't going to do a good job of being a VPN client. He will have to look into a more dedicated solution but it's probably for the best.
  5. jbeightynine

    jbeightynine Reformed Router Member

    What about adblock on tomato with malware lists?
  6. KarimSultan

    KarimSultan Network Newbie Member

    Hate to say it, but you might want to look at other ISPs in your region. Problem is Tomato routers aren't application protocol aware, nor should they have to be. The best option is infeasible - to have all clients use up-to-date virus scanners. Due to the transient nature of your clientèle you won't be able to enforce that, no matter how creative...

    The least effective but most feasible option is exactly what Resourze suggests: route DNS requests through a service like Comodo that will at least vastly reduce the number of IP requests to sinkholes (won't eliminate them though). This is close to your option #4.

    IMHO, I don't recommend option #3 - pfsense may be free software but you'll have to invest in hardware and time to configure, and it is a beast. Yes, it has application protocol awareness via stateful packet inspection but this still won't stop virus code from accessing internet IPs unless it is specifically recognized. From a cost of opportunity standpoint, it is far cheaper for you to pick up the phone and call a new ISP. :)
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice