RE: Suggested lab materials/systems/setup?

["R. DuFresne" <dufresne () sysinfo com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


although some security software on the system might not work as predicted 
or planned, as they do not play well with if0:1 kids of seetings, iptables 
being at least one FW that plays poorly in that realm.  I'm sure there are 
others that are expecting a specific interface to route/block traffic on, 
as well as for tracing packets in a IDS setup, so this might be an issue 
for the host<s>/system<s> if not the pentester.

Thanks,

Ron DuFresne


On Mon, 18 Jul 2005, Billy Dodson wrote:

> When you configure vmware to share the same NIC, each guest still gets
> its own IP address.  The Host OS will not do any modifying of packets
> destined for a guest machine.  You can also assign a physical NIC to
> each guest if you had multiple network cards.  But for security testing,
> using one NIC will not cause the problems you are questioning.
>
>
> Billy Dodson
> Network Engineer
> PMM
> (432) 561-7239
> Billy () pmm-i com
> www.pmm-i.com
>
> -----Original Message-----
> From: Erin Carroll [mailto:amoeba () amoebazone com]
> Sent: Friday, July 15, 2005 11:01 PM
> To: 'Desai, Dipen'; pen-test () securityfocus com
> Subject: RE: Suggested lab materials/systems/setup?
>
> I'd considered Vmware for just the reasons you (and others) mentioned
> but since I have the extra hardware lying about I might as well put it
> to use.
> One thing that I need to read up on (or get some info from list members)
> is how Vmware handles socket connections. A lot of the assessment tools
> out there can query raw sockets (either via network or on the host
> depending on type of tool). Since Vmware runs the guest OS in a virtual
> machine, will the host OS layer skew report results or external data
> injection techniques etc?
>
>
> For instance, let's say Windows 2k3 is susceptible to a new tcp/ip
> attack due to the way the 2k3 stack handles things. If I ran a 2k3 guest
> virtual OS under a Linux host OS (which does not have vulnerabilities to
> the same tcp/ip stack weaknesses) would the host OS interfere when
> passing that data to the guest? One hypothetical scenario to help
> illustrate what I mean:
> attacker/tester sends malformed tcp packets to target "2k3" machine.
> Linux host OS (which is not vulnerable) accepts packet, ignoring or
> (worse) dropping the malformed payload portion, and passes it on to the
> guest virtual 2k3 OS. The attack/test fails but in the real world it
> wouldn't.
> Oops.
>
> I'm sure there are other considerations I'm overlooking in regards to a
> Host OS/Guest Virtual OS implementation but this was one of the first
> ones that came to mind.
>
> I'm a big believer in having a lab setup as close to "real life" as
> possible. But if Vmware can reduce the equipment investment and does not
> have issues such as I describe above that would be excellent. Anyone
> have more experience with Vmware that can answer my above questions?
>
> -Erin Carroll
>
>
> > -----Original Message-----
> > From: Desai, Dipen [mailto:ddesai1 () ipolicynetworks com]
> > Sent: Friday, July 15, 2005 2:08 PM
> > To: Erin Carroll; pen-test () securityfocus com
> > Subject: RE: Suggested lab materials/systems/setup?
> >
> > VMWare is the way to go in such testing scenarios. I have it setup
> > with multiple guest Operating Systems. You can have each Virtual
> > machine set up with the configurations you want to and save the image
> > with the required configuration before executing the
> > attacks/exploits/malware against those virtual machines.
> >
> >
> > Thanks,
> > Deepen Desai
> >
> > -----Original Message-----
> > From: Erin Carroll [mailto:amoeba () amoebazone com]
> > Sent: Sunday, July 10, 2005 3:43 PM
> > To: pen-test () securityfocus com
> > Subject: Suggested lab materials/systems/setup?
> >
> > All,
> >
> > I'm in the process of setting up a pen-test lab environment of several
>
> > servers running various OS flavors (both Windows &
> > BSD/*nix) along with a netscreen-10 firewall and cisco 3825 to use as
> > the lab router. What do other list members use for their lab
> > environments and what suggestions/issues have you encountered? I'm
> > just using equipment I have laying around but would be interested in
> > hearing about other lab setups to get some ideas (or excuses to go
> > shopping) on what else I can utilize for pen-testing practice.
> >
> > I'm definitely going to set up an imaging server (jumpstart &
> > Altiris) to make changing things around less painful but I've also
> > considered Vmware on the hosts. Basically I'm curious as to what you
> > all use to practice pen-testing to keep the skills sharp when not "on
> > the job".
> >
> > Thanks!
> > --
> > Erin Carroll
> > "Do Not Taunt Happy-Fun Ball"

- -- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC3BBOst+vzJSwZikRAgvhAJ9RcdD9o9yb/XjYmTZ8Quniolt+IgCeJCF9
xzyeL0CWEhvQHS53eW0fZXE=
=6NXQ
-----END PGP SIGNATURE-----