From: Pete Herzog (pete@isecom.org)
Date: Fri Jan 16 2004 - 19:17:22 EST
Hi,
In our testing lab, we have seen some problems with the sending and
receiving of various types of TCP / UDP packets from within a Virtual
Machine as part of an attack system. Now this won't effect all security
tests but it has become a problem in the scalpel-like precision required for
certain tests where we are looking for certain packets within a given time
frame. Source and Destination ports, for instance, comes to mind as an
example of the corruption occurring with tests. Our suspician is a
corruption which occurs in the binding with the ethernet card and regardless
of OS or whether the VM has it's own external IP address or not, it still
occurs enough that we had to stop using a VM to make tests from.
We have not done any further tests on this. Has anyone else seen this
problem though? Anyone have more information on this?
Sincerely,
-pete.
Pete Herzog, Managing Director
Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.isestorm.org
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:45 EDT