RE: Suggested lab materials/systems/setup?

From: R. DuFresne (dufresne@sysinfo.com)
Date: Mon Jul 18 2005 - 16:25:47 EDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

although some security software on the system might not work as predicted
or planned, as they do not play well with if0:1 kids of seetings, iptables
being at least one FW that plays poorly in that realm. I'm sure there are
others that are expecting a specific interface to route/block traffic on,
as well as for tracing packets in a IDS setup, so this might be an issue
for the host<s>/system<s> if not the pentester.

Thanks,

Ron DuFresne

On Mon, 18 Jul 2005, Billy Dodson wrote:

> When you configure vmware to share the same NIC, each guest still gets
> its own IP address. The Host OS will not do any modifying of packets
> destined for a guest machine. You can also assign a physical NIC to
> each guest if you had multiple network cards. But for security testing,
> using one NIC will not cause the problems you are questioning.
>
>
> Billy Dodson
> Network Engineer
> PMM
> (432) 561-7239
> Billy@pmm-i.com
> www.pmm-i.com
>
> -----Original Message-----
> From: Erin Carroll [mailto:amoeba@amoebazone.com]
> Sent: Friday, July 15, 2005 11:01 PM
> To: 'Desai, Dipen'; pen-test@securityfocus.com
> Subject: RE: Suggested lab materials/systems/setup?
>
> I'd considered Vmware for just the reasons you (and others) mentioned
> but since I have the extra hardware lying about I might as well put it
> to use.
> One thing that I need to read up on (or get some info from list members)
> is how Vmware handles socket connections. A lot of the assessment tools
> out there can query raw sockets (either via network or on the host
> depending on type of tool). Since Vmware runs the guest OS in a virtual
> machine, will the host OS layer skew report results or external data
> injection techniques etc?
>
>
> For instance, let's say Windows 2k3 is susceptible to a new tcp/ip
> attack due to the way the 2k3 stack handles things. If I ran a 2k3 guest
> virtual OS under a Linux host OS (which does not have vulnerabilities to
> the same tcp/ip stack weaknesses) would the host OS interfere when
> passing that data to the guest? One hypothetical scenario to help
> illustrate what I mean:
> attacker/tester sends malformed tcp packets to target "2k3" machine.
> Linux host OS (which is not vulnerable) accepts packet, ignoring or
> (worse) dropping the malformed payload portion, and passes it on to the
> guest virtual 2k3 OS. The attack/test fails but in the real world it
> wouldn't.
> Oops.
>
> I'm sure there are other considerations I'm overlooking in regards to a
> Host OS/Guest Virtual OS implementation but this was one of the first
> ones that came to mind.
>
> I'm a big believer in having a lab setup as close to "real life" as
> possible. But if Vmware can reduce the equipment investment and does not
> have issues such as I describe above that would be excellent. Anyone
> have more experience with Vmware that can answer my above questions?
>
> -Erin Carroll
>
>
>> -----Original Message-----
>> From: Desai, Dipen [mailto:ddesai1@ipolicynetworks.com]
>> Sent: Friday, July 15, 2005 2:08 PM
>> To: Erin Carroll; pen-test@securityfocus.com
>> Subject: RE: Suggested lab materials/systems/setup?
>>
>> VMWare is the way to go in such testing scenarios. I have it setup
>> with multiple guest Operating Systems. You can have each Virtual
>> machine set up with the configurations you want to and save the image
>> with the required configuration before executing the
>> attacks/exploits/malware against those virtual machines.
>>
>>
>> Thanks,
>> Deepen Desai
>>
>> -----Original Message-----
>> From: Erin Carroll [mailto:amoeba@amoebazone.com]
>> Sent: Sunday, July 10, 2005 3:43 PM
>> To: pen-test@securityfocus.com
>> Subject: Suggested lab materials/systems/setup?
>>
>> All,
>>
>> I'm in the process of setting up a pen-test lab environment of several
>
>> servers running various OS flavors (both Windows &
>> BSD/*nix) along with a netscreen-10 firewall and cisco 3825 to use as
>> the lab router. What do other list members use for their lab
>> environments and what suggestions/issues have you encountered? I'm
>> just using equipment I have laying around but would be interested in
>> hearing about other lab setups to get some ideas (or excuses to go
>> shopping) on what else I can utilize for pen-testing practice.
>>
>> I'm definitely going to set up an imaging server (jumpstart &
>> Altiris) to make changing things around less painful but I've also
>> considered Vmware on the hosts. Basically I'm curious as to what you
>> all use to practice pen-testing to keep the skills sharp when not "on
>> the job".
>>
>> Thanks!
>> --
>> Erin Carroll
>> "Do Not Taunt Happy-Fun Ball"
>>
>
>
>
>

- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         admin & senior security consultant: sysinfo.com
                         http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                 -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC3BBOst+vzJSwZikRAgvhAJ9RcdD9o9yb/XjYmTZ8Quniolt+IgCeJCF9
xzyeL0CWEhvQHS53eW0fZXE=
=6NXQ
-----END PGP SIGNATURE-----

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:35 EDT