Easy to configure, simple functionality, niche-use.
I think it's a pretty cool idea, and definitely might come to use it if I ever get a machine in-house infected with something interesting and I want to just toy with it (/ keep an eye on what it's doing). I'm sure this would be useful for security professionals dealing with all kinds of network-required infections (or not, as all the "BadBIOS" talk suggests).
Pretty cool stuff, I'm wondering if one could simply set this up with a set of iptables rules (on a Linux router, i.e. DD-WRT). Just drop all packets that aren't destined to the open internet, and even control which ports the isolated machine has access to (i.e. cut off port 80 and see if the infection/process tries to reach out on port xyz or something else).
Just using iptables would be easier but has the disadvantage that the quarantined box "knows you're there" and could attack or behave differently. The advantage of this solution is that the firewall is almost (but not quite) fully transparent.
I think it's a pretty cool idea, and definitely might come to use it if I ever get a machine in-house infected with something interesting and I want to just toy with it (/ keep an eye on what it's doing). I'm sure this would be useful for security professionals dealing with all kinds of network-required infections (or not, as all the "BadBIOS" talk suggests).
Pretty cool stuff, I'm wondering if one could simply set this up with a set of iptables rules (on a Linux router, i.e. DD-WRT). Just drop all packets that aren't destined to the open internet, and even control which ports the isolated machine has access to (i.e. cut off port 80 and see if the infection/process tries to reach out on port xyz or something else).