Jump to content

Problem with virtual lab


JIB
 Share

Recommended Posts

Hello,

I am working with a penetration testing lab environment that uses Kali Linux 2018 VM (as an attacker), CentOS 7 (as a target), Windows Server 2016 (as a target), and Security Onion 2019 (as the Intrusion Detection system). All VMs are in VirtualBox and are on the same local network.

I am looking to test out some footprinting commands like "whois", "nslookup", and "traceroute". For example, I am using Kali to issue a command like "nslookup www.google.com" and "traceroute www.google.com". My goal is to receive alerts in Security Onion tools (like Sguil, Squert, Kibana) to detect those footprinting commands from Kali. I am not sure why I am unable to do that. I believe it is because Security Onion cannot see the commands being issued because they are gathering information from websites.

In VirtualBox, I am using a NAT adapter for both Kali and Security Onion. I am able to successfully perform the attacks in Kali but cannot detect them in Security Onion (attacks like nslookup and traceroute, just to name a couple of them).

 

Another lab I'm doing involves using hping3 to conduct IP spoofing. The attack is tracked using Wireshark. But I'm having trouble detecting it in Security Onion. I have tried loading a snort rule into the "downloaded.rules" file in Sec. Onion (ran "rule-update" to do that). But each time, I've tried I don't see any alerts in Security Onion tools like Sguil or Squert. I thought that since all VMs are on the local network (and the lab does not rely on Internet), it would be a greater chance to detect the IP spoofing (hping3) attack??
 

I would appreciate any suggestions/help with these problems. I am stuck as to how to solve them.

Thank you in advance!

Jacob

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...