Results 1 to 6 of 6

Thread: Possibility of attack on System

  1. #1
    Join Date
    Dec 2009
    Beans
    37

    Question Possibility of attack on System

    Hi I have a host system which has two NIC card, eth0 and eth1.

    eth0 is connected to Internet via a router and it does not have an IP assigned to it. eth1 is connected to Intranet.


    The host has a Virutal machine which is configured only to use eth0 in bridge mode to go out to internet via the router.

    I use Virtual host to test malwares, with this being the case, Can my Host system which is running Linux ever get attacked over the Internet ?

    What if I introduce more system between eth0 and Internet Router, Can I attack the Host system which is hosting the Guest VM ?

    If my explanation is not clear kindly refer the diagram.

    Last edited by bala150985; May 13th, 2012 at 11:29 AM. Reason: One more point added.

  2. #2
    Join Date
    Dec 2009
    Location
    Fareham, UK
    Beans
    1,963
    Distro
    Ubuntu

    Re: Possibility of attack on System

    Not being an expert at this only repeating some things from various places on the Forum.

    Provided you are not sharing folders/files between the machines the malware should be contained within the Guest OS. However there might be a possibility of 'drive by' attacks from risky web-sites.

    I think it all comes down to any shared folders to provide a gateway from the Guest to your Host OS.

  3. #3
    Join Date
    Dec 2009
    Beans
    37

    Re: Possibility of attack on System

    Thanks for the quick response westie457,

    I do have a share folder between the guest and the Host that is the only way by which I transfer data between the two.

    I believe that just giving a share folder in Read and Write mode to the Guest OS will just enable Guest OS to write to the Share folder correct ? I could be wrong that is why I am seeking other people advice on the same to prevent any blind mistake on my part.

  4. #4
    Join Date
    Dec 2009
    Location
    Fareham, UK
    Beans
    1,963
    Distro
    Ubuntu

    Re: Possibility of attack on System

    Prepare yourself for a lot of reading on security starting with bodhi.zazen's sticky here.

    http://ubuntuforums.org/forumdisplay.php?f=338

  5. #5
    Join Date
    Nov 2009
    Beans
    919
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Possibility of attack on System

    I would advise, if possible, only testing malware on a dedicated system, distinct from one that is used for other tasks. Physical separation is always best. A machine that is running something you know to be malware should be physically separated from your internal network.

    Having said that, if the malware is not designed for the OS or applications of the host system, there's not much risk. That's just in general, though, since it's hard to say specifically given all the different kinds of malware. The kind made for crime behaves much differently than the kind made for espionage. Some of them will try to break out of a virtual host, some won't even run if they are on a virtual host (to evade testing), and some will try to map the internal network and get a shell or process on another device. If you are deliberately compromising the guest system you can't really trust it to behave .

  6. #6
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Possibility of attack on System

    Quote Originally Posted by OpSecShellshock View Post
    I would advise, if possible, only testing malware on a dedicated system, distinct from one that is used for other tasks. Physical separation is always best. A machine that is running something you know to be malware should be physically separated from your internal network.
    +1. This is really the best way to do it.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •