Regarding Vulnerable Practice Vm’s

Viewing 2 reply threads
  • Author
    Posts
    • #7970
      skorpinok
      Participant

      Hello,       
      I have read many times that when using vulnerable virtual machines like Metasploitable, Damn Vulnerable Linux, & DVWA that it should never be exposed to network, why ? so when i practice with these vulnerable vm’s should i disconnect myself from internet ?
      please share with me.

      Regards
      skorpinok

    • #50584
      tturner
      Participant

      Just configure the VM’s host only so only your computer can communicate with them. The reason is that a network is only as robust as it’s weakest link and those VM’s are pretty weak. An attacker could use a vulnerable VM as a pivot point to engage attacks against your inner network, and it’s likely you will expose systems in other ways. All sorts of reasons to do it this way.

    • #50585
      rattis
      Participant

      tturner’s got some good points.

      Another reason, if you go in to a more research role later (like say malware analysis), you’ll now have bad habits to break. You might leak data to people you’re looking into and make yourself a target.

      There is also always a chance you’ll typo something and instead of attacking your vm, attacking another system on your network.  If you have a dedicated network, without internet access not so much a problem. However, if you have boxes on the network that need to stay up…

Viewing 2 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?