2 years ago, I developed a server to act as a DHCP, DNS, FTP and webserver for a “Quarantine VLAN” that infected or misbehaving URHNet hosts can be moved to. This is an isolated network with no access to the outside world and some specialized configurations of the various services to simplify notification of users that their workstation has been quarantined.
The private quarantine interface on the server lives at 10.1.1.1.
The DHCP server is set up to hand out addresses from a very large pool with a short lease time.
/etc/dhcp/dhcpd.conf:
# option definitions common to all supported networks... option domain-name "quar.uiuc.edu"; option domain-name-servers 10.1.1.1; default-lease-time 1800; max-lease-time 7200; ddns-update-style none; authoritative; subnet 10.1.0.0 netmask 255.255.248.0 { range 10.1.1.11 10.1.7.250; option routers 10.1.1.1; }
The short lease time is set to have clients that are switched back to the normal network request proper addresses as soon as possible.
The BIND DNS server uses views and is configured to return only one address, the server itself, for all requests. The views are really only for testing purposes, no outside clients should be pointed at the quarantine DNS server. “130.126.123.123” represents a test workstation to give the same answers as hosts on the quarantine network.
view "quarantine" { match-clients { 130.126.123.123; 10.0.0.0/8; }; recursion no; zone "." { type master; file "quarantine/dot"; }; };
quarantine/dot contains:
@ IN SOA . hostmaster.housing.uiuc.edu. ( 1 ; se = serial number 3h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 3h ; min = minimum ) IN NS gateway. gateway IN A 10.1.1.1 * IN A 10.1.1.1
Apache is configured to forward requests that result in 404 return codes back to / using:
ErrorDocument 404 /
Students who have much more experience than me in PHP programming have developed pages that detect the client operating system and present a series of pages prompting users to attempt to clean their own machine, taking notes during the process to provide the NetTechs with information to verify the cleaning was attempted.