Penetration Testing mailing list archives
Re: VMWare and which linux distro?
From: "Roger A. Grimes" <rogerg () cox net>
Date: Sun, 18 Jan 2004 19:49:56 -0700
Pete, I don't know if this is a solution for you, but I do a lot of honeypot work and I've seen similiar packet manipulation problems when running virtual environments. I use Honeyd (a virtual honeypot) system a fair amount, and its author requires that it have its own, unique IP network address space so that the host OS doesn't "accidentally adjust" the virtual host's packets on the lower levels when passing traffic to and from the virtual environment. Although I'm purely guessing, maybe try setting up the VMWare session with its own IP subnet and IP address, and set up static routes on the workstation (i.e. route add -p ....) to point to the new virtual IP address space. For example, if you put the VMWare on it's own virtual IP subnet (say 192.168.2.0/24) and your host IP is 192.168.1.1, here's the static route command to add to the host PC: route add -p 192.168.2.0 mask 255.255.255.0 192.168.1.1 which is route add -p destnetwork mask subnetmask gatewayaddress It might be worth a quick try to see if it helps. Roger **************************************************************************** **** *Roger A. Grimes, Computer Security Consultant *CPA, MCSE:Security (NT/2000/2003/MVP), CNE (3/4), A+ *email: rogerg () cox net *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of upcoming Honeypots for Windows (Apress) **************************************************************************** ***** ----- Original Message ----- From: "Pete Herzog" <pete () isecom org> To: <pen-test () securityfocus com> Sent: Friday, January 16, 2004 5:17 PM Subject: RE: VMWare and which linux distro?
Hi, In our testing lab, we have seen some problems with the sending and receiving of various types of TCP / UDP packets from within a Virtual Machine as part of an attack system. Now this won't effect all security tests but it has become a problem in the scalpel-like precision required
for
certain tests where we are looking for certain packets within a given time frame. Source and Destination ports, for instance, comes to mind as an example of the corruption occurring with tests. Our suspician is a corruption which occurs in the binding with the ethernet card and
regardless
of OS or whether the VM has it's own external IP address or not, it still occurs enough that we had to stop using a VM to make tests from. We have not done any further tests on this. Has anyone else seen this problem though? Anyone have more information on this? Sincerely, -pete. Pete Herzog, Managing Director Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: VMWare and which linux distro?, (continued)
- Re: VMWare and which linux distro? Steve Kemp (Jan 08)
- Re: VMWare and which linux distro? Christopher Downs (Jan 08)
- Re: VMWare and which linux distro? mike (Jan 08)
- Re: VMWare and which linux distro? Eric Wilson (Jan 08)
- RE: VMWare and which linux distro? Karmil Asgarally (Jan 08)
- Re: VMWare and which linux distro? amine (Jan 08)
- RE: VMWare and which linux distro? Christoph Strizik (Jan 08)
- Re: VMWare and which linux distro? Martin Mačok (Jan 08)
- Re: VMWare and which linux distro? R. DuFresne (Jan 09)
- RE: VMWare and which linux distro? Pete Herzog (Jan 18)
- Re: VMWare and which linux distro? Roger A. Grimes (Jan 19)
- Re: VMWare and which linux distro? Martin Mačok (Jan 19)
- Re: VMWare and which linux distro? circut (Jan 08)
- Re: VMWare and which linux distro? Nathan R. Valentine (Jan 08)
- Re: VMWare and which linux distro? John Davis (Jan 08)