+ Post New Thread
Results 1 to 5 of 5
Internet Related/Filtering/Firewall Thread, Sandbox Ideas in Technical; I need to create a mini standalone network where the attached client sees itself as connected to the Internet. This ...
  1. #1

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,162
    Thank Post
    1,924
    Thanked 1,358 Times in 748 Posts
    Blog Entries
    3
    Rep Power
    400

    Sandbox Ideas

    I need to create a mini standalone network where the attached client sees itself as connected to the Internet. This is to launch a suspected rootkit I believe is on the machine but hasn't been detected by any of the dozen or so programs I've scanned it with.

    I don't want to connect the PC to my networks or at work for obvious reasons, so was wondering if I could create a sandbox environment where I could trick the infected machine into thinking it is attached to the Internet so I can examine the rootkit, which certainly seems to only activate when it is connected to the Internet?

  2. #2


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,792
    Thank Post
    262
    Thanked 2,963 Times in 2,178 Posts
    Rep Power
    846
    JoeBox might be an easier option?

    Joebox is an extensive runtime analysis system with a special concept. It is designed for automatic runtime analysis of malware and other software on Windows based operating systems.

    Key Features
    • Modular design and structure
    • CSV, TXT and HTML based behaviour analysis reports
    • 100% complete network traffic reports
    • Applicable on Windows XP, Windows Vista and Windows 7
    • Runs on virtual, emulated and native systems
    • Ability to build and differentiate behaviour baselines
    • Reputation based system call evaluation
    • Scalable to analyse several binaries at once
    • Analyses any binary (exe, dll, sys, doc, pdf, ..)
    • Fully scriptable
    • Simply extensible
    • Highly configurable

  3. Thanks to Arthur from:

    tech_guy (22nd July 2010)

  4. #3


    Join Date
    Feb 2007
    Location
    Northamptonshire
    Posts
    4,706
    Thank Post
    354
    Thanked 807 Times in 722 Posts
    Rep Power
    348
    Depends how involved you fancy getting but depending upon how the malware identifies 'internet' (one would imagine dns look up for external domain) you could have a static IP configured on the box, false gateway address and real DNS servers on your internal subnet should be enough to let it start it's stuff.

    Or you could let it fire up and 'get' internet access but then just firewall it from the router denying all traffic except DNS.

  5. Thanks to kmount from:

    tech_guy (22nd July 2010)

  6. #4


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,792
    Thank Post
    262
    Thanked 2,963 Times in 2,178 Posts
    Rep Power
    846
    Another program you may find useful is Buster Sandbox Analyzer for Sandboxie. More details here...

    http://www.raymond.cc/blog/archives/...oxie-stronger/

  7. #5

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,452
    Thank Post
    408
    Thanked 671 Times in 613 Posts
    Rep Power
    192
    I can point you in the direction of somebody who works for one of the AV firms who might be interested at looking into this. He researches all this kind of thing.



SHARE:
+ Post New Thread

Similar Threads

  1. Can I do this?? Any Ideas Welcome!!
    By ljlbray in forum Web Development
    Replies: 1
    Last Post: 25th June 2010, 01:42 PM
  2. any ideas?
    By neon in forum Windows
    Replies: 6
    Last Post: 17th March 2010, 09:32 AM
  3. old pc ideas
    By mossj in forum General Chat
    Replies: 12
    Last Post: 23rd April 2009, 09:44 AM
  4. Student sandbox machines
    By TechMonkey in forum How do you do....it?
    Replies: 7
    Last Post: 18th June 2008, 11:36 AM
  5. Any ideas?
    By Edu-IT in forum Windows
    Replies: 9
    Last Post: 23rd November 2007, 06:38 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •