Internet Related/Filtering/Firewall Thread, Sandbox Ideas in Technical; I need to create a mini standalone network where the attached client sees itself as connected to the Internet. This ...
21st July 2010, 05:26 PM #1
I need to create a mini standalone network where the attached client sees itself as connected to the Internet. This is to launch a suspected rootkit I believe is on the machine but hasn't been detected by any of the dozen or so programs I've scanned it with.
I don't want to connect the PC to my networks or at work for obvious reasons, so was wondering if I could create a sandbox environment where I could trick the infected machine into thinking it is attached to the Internet so I can examine the rootkit, which certainly seems to only activate when it is connected to the Internet?
22nd July 2010, 03:05 AM #2
JoeBox might be an easier option?
Joebox is an extensive runtime analysis system with a special concept. It is designed for automatic runtime analysis of malware and other software on Windows based operating systems. Key Features
- Modular design and structure
- CSV, TXT and HTML based behaviour analysis reports
- 100% complete network traffic reports
- Applicable on Windows XP, Windows Vista and Windows 7
- Runs on virtual, emulated and native systems
- Ability to build and differentiate behaviour baselines
- Reputation based system call evaluation
- Scalable to analyse several binaries at once
- Analyses any binary (exe, dll, sys, doc, pdf, ..)
- Fully scriptable
- Simply extensible
- Highly configurable
Thanks to Arthur from:
tech_guy (22nd July 2010)
22nd July 2010, 09:08 AM #3
Depends how involved you fancy getting but depending upon how the malware identifies 'internet' (one would imagine dns look up for external domain) you could have a static IP configured on the box, false gateway address and real DNS servers on your internal subnet should be enough to let it start it's stuff.
Or you could let it fire up and 'get' internet access but then just firewall it from the router denying all traffic except DNS.
Thanks to kmount from:
tech_guy (22nd July 2010)
7th August 2010, 08:11 PM #4
7th August 2010, 09:14 PM #5
I can point you in the direction of somebody who works for one of the AV firms who might be interested at looking into this. He researches all this kind of thing.
By ljlbray in forum Web Development
Last Post: 25th June 2010, 01:42 PM
Last Post: 17th March 2010, 09:32 AM
By mossj in forum General Chat
Last Post: 23rd April 2009, 09:44 AM
By TechMonkey in forum How do you do....it?
Last Post: 18th June 2008, 11:36 AM
By Edu-IT in forum Windows
Last Post: 23rd November 2007, 06:38 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)