Most malware is designed to reach back out to the internet, either to wait for further instructions or to send data back to the bad guys. Sometimes we want to allow this to happen, mostly when dealing with Web Exploits that typically use a multistage method to infect your machine. For those times when we don’t want malware to interact with the internet, but we want to see how it behaves. Or if we are testing our own lab generated samples, we need to deploy a Fake Internet. There are many ways we could do this, set up servers running the required services, deploy honeypots or even create our own set of scripts if we are that savvy.
Fortunately someone has already done most of the hard-work for us.
My deployment of preference is InetSim.
InetSim is not very actively maintained but its stable and feature full so this isn’t a major issue for me.
Installation
This installation guide was based on using a turnkey linux distribution, but any debian based os should follow a similar process.
InetSim has some pre compiled Debian Packages that we can use for a simple installation.
Edit the Sources list to include InetSim, the sources.list is not in the usual place on turnkey
root@core ~# nano /etc/apt/sources.list.d/sources.list
add this line
deb http://www.inetsim.org/debian/ binary/
save the file and install the signature key
wget -O - http://www.inetsim.org/inetsim-archive-signing-key.asc | apt-key add -
Update APT
root@core ~# apt-get update
And now we can install.
.gif)
I am facing an error
ReplyDelete