Malware Testing In Vmware Workstation 8

Status
Not open for further replies.

MDTechVideos

Moderator
Thread author
Verified
Staff Member
Well-known
Aug 5, 2012
473
Hello,

I intend on doing some AV testing in VMware. What is the most secure network connection, bridged or NAT, because I have heard pro's and cons about both. Thanks
 

Malware Maniac

Level 1
May 14, 2012
673
I think this thread could be moved since it does not seem to be an introduction. Possibly here: http://malwaretips.com/Forum-Other-Security-Related-Discussions


Hotrod123 I see you already posted here http://malwaretips.com/Thread-Protecting-Host-Machine-from-Malware-escaping-a-VM?pid=66522#pid66522 it is just a matter of time until someone posts back to you.
 

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,222
Have not done this in a while but i say Nat, but that's just me.
 
P

Plexx

NAT is better than Bridge. However sometimes I do loose connection on NAT for some odd reason. Nevertheless, you still need to know what you are doing.
 

MDTechVideos

Moderator
Thread author
Verified
Staff Member
Well-known
Aug 5, 2012
473
Thanks I appreciate your opinion and fast response. When you tested malware in the VM, were there other machines on the network and had they ever gotten infected during testing with NAT?
 

HeffeD

Level 1
Feb 28, 2011
1,690
Hotrod123 said:
What is the most secure network connection, bridged or NAT,

Neither is more secure than the other.

NAT is a better choice for helping to isolate your VM from your LAN, but there is always risk involved when you're playing with malware.

Using NAT for a VM is a lot like connecting to the internet behind a NAT enabled router. Your host machine is acting a bit like a NAT router between your VM and your LAN.
 
P

Plexx

HeffeD said:
Hotrod123 said:
What is the most secure network connection, bridged or NAT,

Neither is more secure than the other.

NAT is a better choice for helping to isolate your VM from your LAN, but there is always risk involved when you're playing with malware.

Using NAT for a VM is a lot like connecting to the internet behind a NAT enabled router. Your host machine is acting a bit like a NAT router between your VM and your LAN.

Wouldn't defining Dedicated Virtual Network in VMware be a better option for malware testing?

Edit: By having a Dedicated Virual Network, I was unable to configure it to have internet access.

Perhaps having it as NAT but disable the VMnet8 network adapter on host do the trick? VMnet8 is by default the NAT adapter for VMware
 

MDTechVideos

Moderator
Thread author
Verified
Staff Member
Well-known
Aug 5, 2012
473
I tried using a LAN segment on my VM, but I had no internet connection. Is there any way I could isolate my VM using VLAN settings for network isolation purposes?
 
P

Plexx

Only think I can think is set 2 VMs to be running. Have machine one connected activated as host only, have machine 2 be host only and add a second NIC as bridge and manually configure the NAT settings.

You will then ensure that the machine one is looking at machine 2 as a gateway or something like that.

In theory looks like it works but I might be something here.
 

HeffeD

Level 1
Feb 28, 2011
1,690
Biozfear said:
Wouldn't defining Dedicated Virtual Network in VMware be a better option for malware testing?

Yep. This is a great guide for setting up an isolated network. VMware Network Isolation for a Malware Analysis Lab

Biozfear said:
Edit: By having a Dedicated Virual Network, I was unable to configure it to have internet access.

Well that's the rub isn't it? We want an isolated network, but we want it to be able to access the internet through the host? (I want a HIPS, but what is with all of these popups? :p ) Any time you make usability concessions, you're decreasing security.

Which by the way reminds me, don't install VMWare tools on the guest machine if you're playing with malware. The guest tools add usability, but by its nature makes a backdoor to the host machine. I'm not aware of any malware that has exploited this, but there is always tomorrow. :s

Biozfear said:
Only think I can think is set 2 VMs to be running. Have machine one connected activated as host only, have machine 2 be host only and add a second NIC as bridge and manually configure the NAT settings.

You will then ensure that the machine one is looking at machine 2 as a gateway or something like that.

In theory looks like it works but I might be something here.

I read something a while ago about someone using a technique similar to this. I've been looking for it again and have been unable to find it... :blush:

I don't know if it will work or not.
 
P

Plexx

Although In essence having 2 VMs to be running and one configured to be the gate way, I have been unable to recreate this thought.

Here is what I did:
1.OS1 was set with Host Only adapter.
2.OS2 was set with Host Only adapter. I then added another NIC and set it as Bridged.
3.Set OS1 to look at the DHCP data from OS2.
4.Configure OS2's Bridged connection according to NAT data.
5.At this stage I am sure I have one thing is missing since despite appointing OS2 as the default Gateway to OS1, I still can't connect to the internet via OS1 or even OS2. Yet, I can see OS2 from OS1 and vice versa.
 

MDTechVideos

Moderator
Thread author
Verified
Staff Member
Well-known
Aug 5, 2012
473
Biozfear said:
Although In essence having 2 VMs to be running and one configured to be the gate way, I have been unable to recreate this thought.

Here is what I did:
1.OS1 was set with Host Only adapter.
2.OS2 was set with Host Only adapter. I then added another NIC and set it as Bridged.
3.Set OS1 to look at the DHCP data from OS2.
4.Configure OS2's Bridged connection according to NAT data.
5.At this stage I am sure I have one thing is missing since despite appointing OS2 as the default Gateway to OS1, I still can't connect to the internet via OS1 or even OS2. Yet, I can see OS2 from OS1 and vice versa.



Please report back if you find anything that works.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top