Urgent question re vlan setup

[blackpaw]

We run all our windows dev, test and production servers on our proxmox servers, weekly onsite DR backups and monthly offsite DR backups.



And we just got hammered with a root kit virus that is proving extremely difficult to remove.


I'm proposing that we restore one by one from last month DR backups to a vlan tag of 1, check thats its clear, then change it to a vlan tag of 2.


As you may have guessed, I'm a complete novice when it comes to stuff like vlans.


- Is it sufficient to just set the vlan for a VM via the proxmox network device gui?


- will that isolate it from the main (infected) network?


- can I keep the same subnet? (192.168.5.0)


- Will the VM's be able to access the outside internet?


Thanks.

 

[pirateghost]

A VLAN usually indicates separate subnets, but if you have no routing in place to confuse the networks, then you should be fine with using the same subnet on another VLAN

 

[windsor]

How did you find out that you had a virus? What were the symptoms? What tools did you use to investigate/clean?
which virus was it?

 

[spirit]

- Is it sufficient to just set the vlan for a VM via the proxmox network device gui?

yes

- will that isolate it from the main (infected) network?

yes

- can I keep the same subnet? (192.168.5.0)
- Will the VM's be able to access the outside internet?

you can keep the same subnet, but you need a gateway in the same vlan/subnet.

 

[blackpaw]

How did you find out that you had a virus? What were the symptoms? What tools did you use to investigate/clean?
which virus was it?

Weird crap on our intranet. The big give away was when every mp3 file on my pc was replaced with a executable - <Name>.mp3.exe There was a possible sapm bot on our net too.

Tools - we used Windows Defendor offline, Malware bytes, AVG, RougeKiller, eset, rkill, ComboFix, adwcleaner and jrt. I think they mostly identified the same virus under different names - Win32/Nabucur.gen!A, Win/Cryptor, Trojan.Agent.MSDGen, Win32/Injector.BQEU.

I've spent all of today trying to clean our AD Server with some professional help. In the end I rolled it back to a DR backup from last month, it was the only way to be confident. I suspect all our VM's will have to be rolled back. God knows what we will do with the physical desktops - there's serious talk about wiping them and installing Ubuntu.

 

[blackpaw]

you can keep the same subnet, but you need a gateway in the same vlan/subnet.

Pardon my ignorance, but how does that work? how does the gateway access the internet?

 

[1nerdyguy]

Pardon my ignorance, but how does that work? how does the gateway access the internet?

You're gateway itself will need to have a gateway to the internet, usually a firewall or modem like device. The gateway serves as a bridge between that device and your private network, allowing you to use NAT, etc.

Example:



>>>>>>Vlan1
Internet >>>>Gateway Vlan1and2>>>
>>>>>>Vlan2