i came up with something **NEW** (i think)

>>> i came up with something **NEW** (i think)

taken me about 5 months of idle thinking, but the other day i had 1 single moment of clarity when everything fell into place. i have a vmware windows 2000 pro guest, and my internet goes into it, then kerio firewall is the upnp NAT router with filtering to my pc so the vmware has external access and thus is the first thing to be hit in the event of an attack . . better than a router because it costs free because vmware server is free, and you can then use the vmware kerio software to see connections and blocked things that a root kit may hide from your actual pc

 

Re: i came up with something new

also, you can configure vmware server to start a vmware OS when your pc load, so i have a vmware win2k with 356 mb ram starting on start up since i have 2 gb ram. i could drop it to 128 if i want i suppose . . this i believe would add security to a network, and / or at least allow you to honeypot withought the need for an external router.

 

anyone esle done this ? or do you have any opinions about it or questions ?

 

I am interested about your honeypot experience with vmware. I tried it a while ago with a clean install of windows xp without any servicepacks or hotfixes (or router) just a LAN straight to the net with a uniqe ISP provided IP number(ie not the same as the Vmware host IP) but gave up after 8 hours when no worms or bad guys showed any interest of my bate

 

your trouble is same as i have, the ISP block those ports to prevent you getting infected i want to be infected damn it ! thats why i have disposeable vmwares that reset on a reboot but nothing you can do about this. i find best to run an open ftp server etc and let people play. But what i am doing this is because its a router to me, that i have complete control of, and the internet goes straight to the vmware and then using winroute, gets back to my "host only" nic where it allows my pc to have internet access with uPNP for msn etc. perfect plus vmware server allow you to start an os same time as yours, so this way about 1 minute after my system fully boots up, the vmware kicks in on its own in the background and gives me internet. This is really cool because a) my internet does not exist till vmware is started minimising chance of malware messing with me at bootup for internet accedd b) if i get a root kit on my host pc, there is a high chance i can go in the vmware and see the conenctions since its self contained and i can see all connectios too and from the NAT.

But you can honey pot like this, though not standard windows exploits. you have to like open buggy http servers, open ftp servers etc and this is quite lame honeypot. My favorite thin to do it go in the yahoo chat hackers room and give my ip out and watch them rip my vmware a new ass, but now because i figured out how to do what i have done, i can do it more convincing since the whole vmware has access, see before what i was doing was running the vmware and using its nat feature to forward ports from my pc to it, so the ftp link would goto the vmware, but now i can let everything goto the vmware and then forward my real services to my pc .

THis is a little sticky what i have riged up here, but it works and works very well indeed plus i can lower protection on winroute and open it like a book for hackers to play