Setting VM network for malware analysis

Raffaele

Raffaele

Level 2
Thread author
Verified
Nov 1, 2017
52
Hello to all,
I should do the analysis of a malware for educational purposes.
How do I configure network parameters to make sure the real machine is secure?
At this time I have a connection in NAT mode. Is it safe?
I need an internet connection because I need to analyze network traffic.
Thank you all.
 
  • Like
Reactions: vemn, Sunshine-boy, Deletedmessiah and 2 others
L

Lightning_Brian

Level 15
Verified
Top Poster
Content Creator
Sep 1, 2017
743
For your requirements, I’d recommend NAT mode.

Please remember this:

NAT Mode: Your host computer (your own computer) will act as the given gateway to your network for your VM. No one on your network except your own computer will be able to see it since you will be on a separate network.

Bridged Mode (quite risky in my opinion in any situation): Your host computer (your own computer) will now share its own network connection with your VM. Your VM will be set up as if it was another computer on your network and everyone on the given network will see it and could potentially interact with it.

I say by all means please use NAT. For added security you could use a VPN on your physical computer (not the VM) to ensure that your even more secure from a potential leak. This is a great question! Glad you asked this question on the forms.

Please remember to not share any folders or files between the VM and your physical computer. One can never be too safe. Just for added security I'd also recommend running a backup of your phyiscal machie prior to the use of any malware samples - this is just my personal preference just in case.

Excellent question!
 
  • Like
Reactions: Handsome Recluse, upnorth, tim one and 6 others
T

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
NAT mode is the best choice, but keep in mind that your IP is shared host/guest so if you do dynamic malware analysis, it is necessary to use a VPN host level to avoid that some malware may process your real IP not for benevolent purposes for sure.
 
  • Like
Reactions: Deleted member 65228, Handsome Recluse, vemn and 6 others
L

Lightning_Brian

Level 15
Verified
Top Poster
Content Creator
Sep 1, 2017
743
tim one said:
NAT mode is the best choice, but keep in mind that your IP is shared host/guest so if you do dynamic malware analysis, it is necessary to use a VPN host level to avoid that some malware may process your real IP not for benevolent purposes for sure.
Click to expand...

Indeed very true! I mentioned this in my posting as well. A VPN is a must, in this case, to ensure your host IP is not discovered. Windscribe free VPN is nice if you want to keep to a free VPN with 10 GB of traffic allowed.

From all of my experience use a VPN on my host computer, router, and for added security, I use it inside my VM too. While it slows stuff down a bit I know for sure my actual IP address is not leaked what-so-ever.
 
  • Like
Reactions: Deleted member 65228, Handsome Recluse, vemn and 4 others
grumpy_joe

grumpy_joe

Level 1
Verified
Oct 18, 2017
38
Lightning_Brian said:
For your requirements, I’d recommend NAT mode.

Please remember to not share any folders or files between the VM and your physical computer. One can never be too safe. Just for added security I'd also recommend running a backup of your phyiscal machie prior to the use of any malware samples - this is just my personal preference just in case.

Excellent question!
Click to expand...

If you really want you can actually share a folder but just make it read only.

Alternatively just upload files to the cloud :)
 
  • Like
Reactions: vemn, Rengar and upnorth
T

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
Lightning_Brian said:
Indeed very true! I mentioned this in my posting as well. A VPN is a must, in this case, to ensure your host IP is not discovered. Windscribe free VPN is nice if you want to keep to a free VPN with 10 GB of traffic allowed.

From all of my experience use a VPN on my host computer, router, and for added security, I use it inside my VM too. While it slows stuff down a bit I know for sure my actual IP address is not leaked what-so-ever.
Click to expand...
Fully agree about Windscribe, I'm using it, pretty fast and I got 50GB per month thanks to a previous giveaway :)

Sorry @Lightning_Brian I have to admit I read your post too quickly and I had not noticed you had already mentioned the VPN :)
 
Last edited:
  • Like
Reactions: Deleted member 65228, Lightning_Brian, vemn and 5 others
L

Lightning_Brian

Level 15
Verified
Top Poster
Content Creator
Sep 1, 2017
743
No worries @tim one . A VPN inside your host to help keep your real IP safe and hidden is best - in my humble opinion. I don't go testing anything without having this on. In addition to this I back up my system to ensure I have a backup to fall back on. This is a full disk image backup. Prior to doing any testing - making sure that image is super squeeky clean too.

I take things even a step further with turning on Shadow Defender on my physical operating system to protect it even more and lock it down like Fort Knox.

I don't like to risk anything at all. A VPN integrated with my router too makes things tough to crack. Just have to find one that's not slowing things down on ya'.

Stay safe testing!
 
Last edited:
  • Like
Reactions: tim one, Rengar, harlan4096 and 1 other person
You must log in or register to reply here.

Similar threads

simmerskool
Advice Request VMware 17.6.0 network glitch
Replies
6
Views
253
VM and Remote Access
simmerskool
simmerskool
C
    • Like
  • Question
Question What application to use for monitoring system and network activity?
Replies
9
Views
829
System utilities
dinosaur07
dinosaur07
RRlight
Question Possibilities of malware in Virtual Machine infecting Host Machine (Excluding 0-day/VM platform own vulnerabilities)?
Replies
1
Views
463
VM and Remote Access
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top