Logging communication between two VMs

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by sYnfo on Super User See other posts from Super User or by sYnfo
Published on 2009-09-01T13:52:31Z Indexed on 2010/03/19 6:01 UTC
Read the original article Hit count: 202

Filed under:
|

Hi,
I'm trying to set up "malware lab" described in this paper.
So far, I've set up Windows guest system, adding one Host-only Network adapter, and setting this (sorry if the names aren't exactely correct, I don't have an english language version):

    - IP Address - 10.0.0.3
    - Subnet mask - 255.255.255.0
    - Default gateway - not set
    - Preferred DNS - 10.0.0.4
    - Alternate DNS - not set

And a Linux guest system - Ubuntu 9.04 - with two Network adapters - Bridged (eth0) and Host-only (eth1), and setting eth1 IP Address to 10.0.0.4, leaving the eth0 to be set by DHCP. Then, I have configured iptables as described in the paper, ie.: 

iptables -F -t nat  
iptables -F -t mangle  
iptables -t mangle -P PREROUTING ACCEPT  
iptables -t mangle -P OUTPUT ACCEPT  
iptables -t nat -P PREROUTING ACCEPT  
iptables -t nat -P POSTROUTING ACCEPT  
iptables -t nat -P OUTPUT ACCEPT  
iptables -t mangle -A PREROUTING -i eth0 -j ACCEPT  
iptables -t mangle -A PREROUTING -p udp -i eth1 -d 10.0.0.3 --dport 53 -j ACCEPT  
iptables -t mangle -A PREROUTING -p tcp -i eth1 --dport 80 -j ACCEPT  
iptables -t mangle -A PREROUTING -p tcp -i eth1 -d 10.0.0.3 --dport 6000:7000 -j ACCEPT  
iptables -t mangle -A PREROUTING -i eth1 -j ULOG  
iptables -t mangle -A PREROUTING -i eth1 -j DROP

Now, when I try to ping the windows system from within the Linux system, it does not reply, I guess thats perfectly normal, because iptables is blocking ping responce. Same when I try to ping the Linux system from within the Windows. But when I try to access any web page from within the Windows system, I would expect that this action should get logged by iptables. But thing is, I don't see any of that kind of lines in log file (If I am looking in the right place, that is. :) It is at /var/log/messages, isn't it?). So, what do you think might be the problem here?

I should note, that this is the first time I'm using linux, so don't expect ANY working knowledge of Linux at all... :) Also, since english is not my mother tongue, feel free to point out any gramatical mistakes... :)

Thanks for any advice.

© Super User or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about vmware

Related posts about ubuntu

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle