Security Basics mailing list archives
RE: Looking for ideas for simulated intrusions
From: "M. Shirk" <shirkdog_list () hotmail com>
Date: Mon, 11 Jul 2005 23:40:35 -0400
Get a copy of Windows XP (on vmware or a separate machine) and don't patch it.
Then load up Metasploit http://www.metasploit.org Shirkdog http://www.shirkdog.us
From: Bill Moran <wmoran () potentialtech com> To: security-basics () securityfocus com Subject: Looking for ideas for simulated intrusions Date: Sun, 10 Jul 2005 12:37:52 -0400 Hello all. I'm new to this list. I'm running a security class for a client of mine, and I'm to a part of the course where the instructor (me) should be simulating breakins for the students to analyze. The curriculum doesn't give any details. We have a pretty isolated lab to work in, so I have a pretty free reign as to what I can try against the network the students put together. I'm looking for suggestions. The network is based on RH9, and the students have done a good bit of patching to ensure everything is up to date, as well as characterizing their system (using tripwire and nmap an the like) so they can detect when an intrusion occurs and determine what has been damaged and fix it. I only have a few ideas at this point, and they all revolve around "someone has leaked a password", and now a crook is running loose on your network. Even those are fully formed yet, and I have to have something together for this week, and more for next week. Here's what I'm looking for: * I know a lot of stuff is done with bot-nets these days, and most of thosebot-nets are running customized IRC servers. Is there anywhere I can getone of these special IRC servers to insert into the lab network. If so, what potential dangers are there in doing so? The lab is an isolated (sandbox, or air-gapped) environment, and it's specifically for this purpose (read: sacrificial) but I don't want to completely hose it with two weeks of labs still remaining ;) * Any ideas on simple (and especially illustrative) remote exploits? * I need to do something that triggers the snort machine, but this is less important because only two students worked on this ... better is things I can launch against all the machines on the network. I'm looking particularly for things that will trigger the tripwire rules to notice problems, as well as things that open up listening sockets. I'm not looking for things that are so terribly clever that they can find their way around tripwire - the point of the lab is to teach, not expose the students to something so complicated that it's beyond their grasp. Any ideas, or pointers to better forums are welcome. -- Bill Moran Potential Technologies http://www.potentialtech.com
_________________________________________________________________On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
Current thread:
- Looking for ideas for simulated intrusions Bill Moran (Jul 11)
- Re: Looking for ideas for simulated intrusions Kurt Buff (Jul 12)
- <Possible follow-ups>
- RE: Looking for ideas for simulated intrusions M. Shirk (Jul 12)