Name: Computer Pseudoscience 2009-10-17 18:38
I tried asking this on /prog/, but I forgot they only know Stallman memes, hot stripping coeds, and the essentials of LISP.
Virtual machines suck for running malware (timing tests, little holes left for the guest to talk to the hypervisor, device strings, etc.). I want to automate the task of getting a physical box up with a fresh disk image to boot up on. It's not really going to be used as a honeypot, but as a shitbox for running botnet executables (most of these will immediately kill themselves in typicals VMs... vmware is absolutely useless in this respect).
It seems that network booting is the most natural option, but I'm wondering if anything slightly lower-tech (that doesn't involve me getting off my fat ass to put in a CD or something) exists. I don't think any of my current boxes support network booting in the BIOS, but I'll build one if it's the best idea.
In either case, the second firewall box that this malware box sits behind is going to have some other duties (namely, turning off the malware box... probably with a hack to directly wire it to the power switch on malware box's motherboard). And, of course, if network booting is used, then the firewall box can host the image(s).
In the end, it'll be as easy as booting/restoring a virtual machine, but without the nice parallelism thing.
I'm curious as to how /comp/ would approach this!
Virtual machines suck for running malware (timing tests, little holes left for the guest to talk to the hypervisor, device strings, etc.). I want to automate the task of getting a physical box up with a fresh disk image to boot up on. It's not really going to be used as a honeypot, but as a shitbox for running botnet executables (most of these will immediately kill themselves in typicals VMs... vmware is absolutely useless in this respect).
It seems that network booting is the most natural option, but I'm wondering if anything slightly lower-tech (that doesn't involve me getting off my fat ass to put in a CD or something) exists. I don't think any of my current boxes support network booting in the BIOS, but I'll build one if it's the best idea.
In either case, the second firewall box that this malware box sits behind is going to have some other duties (namely, turning off the malware box... probably with a hack to directly wire it to the power switch on malware box's motherboard). And, of course, if network booting is used, then the firewall box can host the image(s).
In the end, it'll be as easy as booting/restoring a virtual machine, but without the nice parallelism thing.
I'm curious as to how /comp/ would approach this!