Penetration Testing mailing list archives
RE: Suggested lab materials/systems/setup?
From: "Lyal Collins" <lyal.collins () key2it com au>
Date: Sat, 16 Jul 2005 15:35:06 +1000
My limited experiences has been the otherway around - e.g. using Nessus on a VMWare (workstation) guest Linux OS under Windows XP host. In this situation, the TCP stack of Linux or XP locks up part way through the Nessus test, causing erroneous results. I haven't really investigated why, but it _seemed_ to occur when conducting large ICMP packet tests - but this is just guesswork. MS VirtualPC has seemed slightly more robust in the above scenario in my experience. But its nearly as easy/quick to dual boot into Linux and run nessus natively. VMWare Oses running on a linux host may get different mileage. Lyal -----Original Message----- From: Erin Carroll [mailto:amoeba () amoebazone com] Sent: Saturday, 16 July 2005 2:01 PM To: 'Desai, Dipen'; pen-test () securityfocus com Subject: RE: Suggested lab materials/systems/setup? I'd considered Vmware for just the reasons you (and others) mentioned but since I have the extra hardware lying about I might as well put it to use. One thing that I need to read up on (or get some info from list members) is how Vmware handles socket connections. A lot of the assessment tools out there can query raw sockets (either via network or on the host depending on type of tool). Since Vmware runs the guest OS in a virtual machine, will the host OS layer skew report results or external data injection techniques etc? For instance, let's say Windows 2k3 is susceptible to a new tcp/ip attack due to the way the 2k3 stack handles things. If I ran a 2k3 guest virtual OS under a Linux host OS (which does not have vulnerabilities to the same tcp/ip stack weaknesses) would the host OS interfere when passing that data to the guest? One hypothetical scenario to help illustrate what I mean: attacker/tester sends malformed tcp packets to target "2k3" machine. Linux host OS (which is not vulnerable) accepts packet, ignoring or (worse) dropping the malformed payload portion, and passes it on to the guest virtual 2k3 OS. The attack/test fails but in the real world it wouldn't. Oops. I'm sure there are other considerations I'm overlooking in regards to a Host OS/Guest Virtual OS implementation but this was one of the first ones that came to mind. I'm a big believer in having a lab setup as close to "real life" as possible. But if Vmware can reduce the equipment investment and does not have issues such as I describe above that would be excellent. Anyone have more experience with Vmware that can answer my above questions? -Erin Carroll
-----Original Message----- From: Desai, Dipen [mailto:ddesai1 () ipolicynetworks com] Sent: Friday, July 15, 2005 2:08 PM To: Erin Carroll; pen-test () securityfocus com Subject: RE: Suggested lab materials/systems/setup? VMWare is the way to go in such testing scenarios. I have it setup with multiple guest Operating Systems. You can have each Virtual machine set up with the configurations you want to and save the image with the required configuration before executing the attacks/exploits/malware against those virtual machines. Thanks, Deepen Desai -----Original Message----- From: Erin Carroll [mailto:amoeba () amoebazone com] Sent: Sunday, July 10, 2005 3:43 PM To: pen-test () securityfocus com Subject: Suggested lab materials/systems/setup? All, I'm in the process of setting up a pen-test lab environment of several servers running various OS flavors (both Windows & BSD/*nix) along with a netscreen-10 firewall and cisco 3825 to use as the lab router. What do other list members use for their lab environments and what suggestions/issues have you encountered? I'm just using equipment I have laying around but would be interested in hearing about other lab setups to get some ideas (or excuses to go shopping) on what else I can utilize for pen-testing practice. I'm definitely going to set up an imaging server (jumpstart & Altiris) to make changing things around less painful but I've also considered Vmware on the hosts. Basically I'm curious as to what you all use to practice pen-testing to keep the skills sharp when not "on the job". Thanks! -- Erin Carroll "Do Not Taunt Happy-Fun Ball"
Current thread:
- Suggested lab materials/systems/setup? Erin Carroll (Jul 10)
- RE: Suggested lab materials/systems/setup? Nathan Einwechter (Jul 10)
- Re: Suggested lab materials/systems/setup? Terry Vernon (Jul 10)
- Re: Suggested lab materials/systems/setup? Mike Sweeney (Jul 10)
- Re: Suggested lab materials/systems/setup? John Kinsella (Jul 11)
- <Possible follow-ups>
- RE: Suggested lab materials/systems/setup? glemmon (Jul 11)
- RE: Suggested lab materials/systems/setup? Desai, Dipen (Jul 15)
- RE: Suggested lab materials/systems/setup? Erin Carroll (Jul 15)
- RE: Suggested lab materials/systems/setup? Lyal Collins (Jul 16)
- Re: Suggested lab materials/systems/setup? Tim (Jul 16)
- Re: Suggested lab materials/systems/setup? ilaiy (Jul 19)
- RE: Suggested lab materials/systems/setup? Erin Carroll (Jul 15)
- RE: Suggested lab materials/systems/setup? Billy Dodson (Jul 18)
- RE: Suggested lab materials/systems/setup? R. DuFresne (Jul 18)
- RE: Suggested lab materials/systems/setup? Desai, Dipen (Jul 18)