| Botnets And VMware |
| Thursday, 20 July 2006 by Michel Roth | |||
|
Sounds like fun? Of course it does. That's why we should get involved. This is where the VMware comes in. In an essence, we're making a sandbox (much like Java infact) on our machine so anything that happens to the VMware virtual machine is independent of our own box. Right... So we load up VMware. Build a virtual machine with Windows XP on it. However, do not patch it what so ever. We want to make it as easy as possible for them to exploit it. We are creating a honeypot in a way, however, it's sole purpose is not just for research. Right. Now you will have to mess about a little with internal bridging and networking (and even port forwarding) to get it so that if an attacker connects to say port 139 (netbios) on your external IP (which is obviously your box, not the VMware), that it forwards this to the VMware virtual machine on port 139. Once this is complete, we are almost ready to go. One more thing to do and that is to grab Ethereal (and the pCap plugin) and install it so we can sniff packets. Done that? Ready to set sail! Read the entire article here.
Show/Hide comment form
|
|||
