Re: Any caveats for linux under VMware, pen testing?

From: josh (josh@tkos.co.il)
Date: Sun Sep 05 2004 - 03:29:20 EDT

• Next message: Matt Hargett: "Re: [Dailydave] RE: Network Exploitation Tools aka ExploitationEngines"
• Previous message: ADT: "Re: Test scripts for NIDS"
• In reply to: shannon@areawidetech.com: "Any caveats for linux under VMware, pen testing?"
• Next in thread: Roman, David: "RE: Any caveats for linux under VMware, pen testing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On 3 Sep 2004 shannon@areawidetech.com wrote:

>
>
> I'm considering running Linux from my XP pro laptop under a VMWare (workstation edition) session. Anyone out there w/ experience using this setup that might have any tips / warnings / encouraging advice? This machine would be for pen testing, and is definitely beefy enough to handle the load, if this is a good solution. I'd be running Nessus, and doing probing w/ nmap.
>
> My other alternative is to repurpose a machine from our lab, but the physical setup and reloading would take far more time than the VMWare option, and would obviously be less flexible.
>
> So is anyone out there using this setup...? I heard rumors of problems related to direct hardware access (the NIC) for wardiving purposes...?

Hi Shannon,
This is a bad idea. I had the same setup and discovered that all the
limitations that Windows XP has (espcially in their TCP stack) you will
have in Linux (when run from VMWare). This will greatly effect the
reliabilty and capability of your Nessus scans.

-- 
  - josh
  94 F8 9F 3E 9A DB 6E FC  F8 17 F1 B4 C7 51 CB AA   ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - josh@tkos.co.il - tel: +972.58.520.636, http://www.tkos.co.il
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Matt Hargett: "Re: [Dailydave] RE: Network Exploitation Tools aka ExploitationEngines"
• Previous message: ADT: "Re: Test scripts for NIDS"
• In reply to: shannon@areawidetech.com: "Any caveats for linux under VMware, pen testing?"
• Next in thread: Roman, David: "RE: Any caveats for linux under VMware, pen testing?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:04 EDT