+ Post New Thread
Results 1 to 5 of 5
Internet Related/Filtering/Firewall Thread, Sandbox Ideas in Technical; I need to create a mini standalone network where the attached client sees itself as connected to the Internet. This ...
  1. #1

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,136
    Thank Post
    1,913
    Thanked 1,345 Times in 743 Posts
    Blog Entries
    3
    Rep Power
    395

    Sandbox Ideas

    I need to create a mini standalone network where the attached client sees itself as connected to the Internet. This is to launch a suspected rootkit I believe is on the machine but hasn't been detected by any of the dozen or so programs I've scanned it with.

    I don't want to connect the PC to my networks or at work for obvious reasons, so was wondering if I could create a sandbox environment where I could trick the infected machine into thinking it is attached to the Internet so I can examine the rootkit, which certainly seems to only activate when it is connected to the Internet?

  2. #2


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,897
    Thank Post
    226
    Thanked 2,674 Times in 1,971 Posts
    Rep Power
    786
    JoeBox might be an easier option?

    Joebox is an extensive runtime analysis system with a special concept. It is designed for automatic runtime analysis of malware and other software on Windows based operating systems.

    Key Features
    • Modular design and structure
    • CSV, TXT and HTML based behaviour analysis reports
    • 100% complete network traffic reports
    • Applicable on Windows XP, Windows Vista and Windows 7
    • Runs on virtual, emulated and native systems
    • Ability to build and differentiate behaviour baselines
    • Reputation based system call evaluation
    • Scalable to analyse several binaries at once
    • Analyses any binary (exe, dll, sys, doc, pdf, ..)
    • Fully scriptable
    • Simply extensible
    • Highly configurable

  3. Thanks to Arthur from:

    tech_guy (22nd July 2010)

  4. #3


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,690
    Thank Post
    352
    Thanked 796 Times in 715 Posts
    Rep Power
    347
    Depends how involved you fancy getting but depending upon how the malware identifies 'internet' (one would imagine dns look up for external domain) you could have a static IP configured on the box, false gateway address and real DNS servers on your internal subnet should be enough to let it start it's stuff.

    Or you could let it fire up and 'get' internet access but then just firewall it from the router denying all traffic except DNS.

  5. Thanks to kmount from:

    tech_guy (22nd July 2010)

  6. #4


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    8,897
    Thank Post
    226
    Thanked 2,674 Times in 1,971 Posts
    Rep Power
    786
    Another program you may find useful is Buster Sandbox Analyzer for Sandboxie. More details here...

    http://www.raymond.cc/blog/archives/...oxie-stronger/

  7. #5

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,140
    Thank Post
    403
    Thanked 622 Times in 568 Posts
    Rep Power
    181
    I can point you in the direction of somebody who works for one of the AV firms who might be interested at looking into this. He researches all this kind of thing.

SHARE:
+ Post New Thread

Similar Threads

  1. Can I do this?? Any Ideas Welcome!!
    By ljlbray in forum Web Development
    Replies: 1
    Last Post: 25th June 2010, 12:42 PM
  2. any ideas?
    By neon in forum Windows
    Replies: 6
    Last Post: 17th March 2010, 08:32 AM
  3. old pc ideas
    By mossj in forum General Chat
    Replies: 12
    Last Post: 23rd April 2009, 08:44 AM
  4. Student sandbox machines
    By TechMonkey in forum How do you do....it?
    Replies: 7
    Last Post: 18th June 2008, 10:36 AM
  5. Any ideas?
    By Edu-IT in forum Windows
    Replies: 9
    Last Post: 23rd November 2007, 05:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •