Linux box as Windows Update server (proxy) - Questions

This is a discussion on Linux box as Windows Update server (proxy) - Questions ; As you know, new installed WindowsXP is open for any atack, and time to update it via windowsupdate.microsoft.com:80 is much longer than time to get viruses. IT specialist said about 20 minutes. In this case, not possible to secure your ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Linux box as Windows Update server (proxy)

  1. Linux box as Windows Update server (proxy)

    As you know,

    new installed WindowsXP is open for any atack, and time to update it
    via windowsupdate.microsoft.com:80 is much longer than time to get
    viruses. IT specialist said about 20 minutes. In this case, not
    possible to secure your box.

    Here came to me an idea. To set up squid server to store all patches
    from microsoft web sites. After first person downloads all patches
    from Internet, next will download it from LAN much faster.

    It is not difficult to set squid and point it to cache only windows
    web sites. But i found problem in determining IP addresses of
    Windowsupdate server. It uses akamaitechnologies clusters and each
    time skip for next ip.

    I cant configure my iptables DNAT script to cache all connection to
    microsoft via proxy. And i do not want to cache all internet traffic.

    Can you help me witch this IPs or how to filer trafic to my squid?

  2. Re: Linux box as Windows Update server (proxy)

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Sounds lika a lot of unecessary work. Why not just activate the internal
    firewall in Windows XP? After that you can download patches without the
    risk of being infected.

    // Mattias

    Tomasz Popik wrote:
    | As you know,
    |
    | new installed WindowsXP is open for any atack, and time to update it
    | via windowsupdate.microsoft.com:80 is much longer than time to get
    | viruses. IT specialist said about 20 minutes. In this case, not
    | possible to secure your box.
    |
    | Here came to me an idea. To set up squid server to store all patches
    | from microsoft web sites. After first person downloads all patches
    | from Internet, next will download it from LAN much faster.
    |
    | It is not difficult to set squid and point it to cache only windows
    | web sites. But i found problem in determining IP addresses of
    | Windowsupdate server. It uses akamaitechnologies clusters and each
    | time skip for next ip.
    |
    | I cant configure my iptables DNAT script to cache all connection to
    | microsoft via proxy. And i do not want to cache all internet traffic.
    |
    | Can you help me witch this IPs or how to filer trafic to my squid?
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFBJYFsFm08quM42EURAr6rAKCnTVRlOfgDGuLsmpY6XW aaEF/b0gCffJq+
    bgFT7IICbwAo9gI7pSYn7lI=
    =XIM5
    -----END PGP SIGNATURE-----

  3. Re: Linux box as Windows Update server (proxy)

    > Sounds lika a lot of unecessary work. Why not just activate the internal
    > firewall in Windows XP? After that you can download patches without the
    > risk of being infected.


    If system is vulneable, firewall is not working, right?

  4. Re: Linux box as Windows Update server (proxy)

    On Fri, 20 Aug 2004 06:43:24 +0200, Mattias Pettersson wrote:

    > Sounds lika a lot of unecessary work. Why not just activate the internal
    > firewall in Windows XP? After that you can download patches without the
    > risk of being infected.


    Note that pre-SP2, the TCP stack loads up before the firewall does, thus
    you're vulnerable during that timeframe.

    Plus, if you're running Windows2000, you're SOL on this point as it has no
    built-in firewall.

    I run Sygate's Personal Firewall on my Windows installs.

    --
    Ian Merrithew - ADM Systems Engineering
    ian.merrithew "at" ieee.org


  5. Re: Linux box as Windows Update server (proxy)


    "Mattias Pettersson" wrote in message
    news:_LSdncEPssryHbjcRVnyhQ@giganews.com...
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Sounds lika a lot of unecessary work. Why not just activate the internal
    > firewall in Windows XP? After that you can download patches without the
    > risk of being infected.
    >
    > // Mattias
    >


    What about the situation where you have a small office lan that has to share
    a dialup connection to the internet? This is the situation I have. A small
    business lan 3 PC's running WinXP that cannot yet get broadband due to poor
    condition of phone lines. The only access to the internet is via a shared
    dialup connection. I'm looking for a proxy/caching solution to this problem
    mainly for security patches and antivirus defs.

    I have an old 486DX66 box that is currently unused - I've got turbolinux
    loaded on it but I think I'm expecting too much from this old box. If I
    could load a small distro that would achieve this caching objective then it
    would make life easier. As yet I have been unable to find a windows based
    solution to this problem. If linux can provide this solution, great.

    Cheers



+ Reply to Thread