doomedraven
commented
7 years ago host or nat mode ? firewall?
Closed choiwj1216 closed 7 years ago
doomedraven
commented
7 years ago host or nat mode ? firewall?
choiwj1216
commented
7 years ago firewall is turned off as the instruction shows.
host(ubuntu) has internet connection, but guest can't even ping 8.8.8.8 anymore.
doomedraven
commented
7 years ago check iptables
doomedraven
commented
7 years ago iptables on your host where cuckoo installed, as you should apply iptables to enable internet
choiwj1216
commented
7 years ago You were right! I applied it again, and it worked. I did not even think about iptables in host because already added that in when was installing. I don't understand why it got deleted...
doomedraven
commented
7 years ago i suggest you use iptables-save to save/restore it automatically, probably reboot or someone else just did -F?
i glad what the issue is solved :)
choiwj1216
commented
7 years ago Thanks for your help!! I really appreciate it!
choiwj1216
commented
7 years ago @doomedraven one more question about having guest os connected to internet. Since the guest does not have any protection with firewall turned off, but analyzing malicious urls from time to time, would that make the host or any other servers in same network dangerous from malware?
doomedraven
commented
7 years ago you don't need to reopen it, we still getting your comment even if that closed
well there are a lot of stuff to have in mind, if i/or an employee upload some sample to sandbox and that has reverse shell I will have full access there, then it depends if no nat activated there no possibility to scan, but there can be possibility to vm escape if you don't have patched hypervisor or that is 0day, so there some risk to have in mind as always
choiwj1216
commented
7 years ago @doomedraven I see! thank you very much!!
doomedraven
commented
7 years ago You are welcome :)
I was wondering if Win7 guest has to be connected with internet? If yes, how should this be configured?
It was actually connected to internet on the day I installed Cuckoo. Test ran with few malicious url, and got the results that were expected.
But today, which is 3 days after the installation, I found out that it does not have an internet connection when no change was made. So out of curiosity, ran the same url samples I ran on the first day, but got little bit different results.