Results 1 to 6 of 6

Thread: Playing in a Sandbox

  1. #1
    Senior Member
    Join Date
    Sep 2003
    Posts
    156

    Playing in a Sandbox

    I'm in the process of building myself a "sandbox" it's going to consist of:

    DEC 1000 as a honeypot
    Gateway E-3200 running OpenBSD 3.4 with PF as the firewall
    Linksys dual-ethernet router
    compaq laptop as a host running slackware 9.1
    PII 266 w/ 192MB RAM running XP Pro and VMWare (its slow as a dog, but it runs )

    Compaq Presario 4784 running OpenBSD 3.4 with SNORT
    xl0: inside sensor
    xl1: outside sensor
    xl2: private network to Sun Ultra 1 running ACID, MySQL and APACHE/PHP/SSL

    my question is this: what do you think would be better? Patch all the system then play, or leave them unpatched..play, then go back and patch and play some more.

    I've gotten mixed answers from searching and talking to others. I'm curious what the AO communities view is on this.

    If anyone wants pictures of my sandbox when its complete...let me know...i'll be more than happy to post them


    laters.
    t.e.k.n.o.

  2. #2
    Senior Member
    Join Date
    Sep 2003
    Posts
    179
    I would say play around and then patch. This way you can get some experience managing systems after they have been exploited. Also you can always reinstall and try diffrent options, such as not fully updating a system (example: patching O/S but not Firewall) all can have diffrent affects.

    DeafLamb

    P.S. Some pictures would be cool

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Personally, I'd play first unpatched so I'd experience what it's like and what the responses look like. Make an evaluation on how serious the issues (so I know in the future how to prioritize fixes). Then fix and play again.

    Lather, rinse, repeat.

    And do... reeeeeeeeeeeeee-search.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Posts
    156
    all my machines are ghosted as soon as the default os is installed so wiping them and reinstalling isn't an issue. I was planning on playing with the systems unpatched...then patching them. Basically I would be doing the job of the attacker, defender, and clean-up. Then creating a report based on my findings. I'm snowed in so i have nothing better to do

    msmittens: you trying to say I haven't done my research?


    **EDIT**

    i'll post pics when the sandbox is complete
    t.e.k.n.o.

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    No.. Mooooooooorre reeeeeeeeeeee-search!!
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Junior Member
    Join Date
    Dec 2002
    Posts
    27
    DEAFLAMB: and u said patched systems can't be exploited? i would play and then patch, and then keep playing! cheers.
    consoleknight

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •