Re: Sandboxing Techniques for Nmap in the Cloud

[Henri Salo <henri () nerv fi>]

On Tue, 4 May 2010 12:37:19 -0400
jrf <jay.fink () gmail com> wrote:

> On Tue, May 04, 2010 at 07:38:49AM +0300, Henri Salo wrote:
> > On Tue, 4 May 2010 00:08:48 -0400
> > Patrick Donnelly <batrick () batbytes com> wrote:
> >
> > > This is part of Alexandru's Cloud GSoC project [1]. I wondered
> > > what everyone's thoughts were on sandboxing Nmap? I figure this
> > > has particular importance with respect to NSE and misbehaving
> > > scripts. A current evolving practice in distributed computing
> > > research is to setup virtual machines dynamically that can do
> > > work. My feeling is that we could setup something similar that
> > > launches VMs so Nmap can run with root access while not being
> > > able to compromise the host. I envision it using a distributed VM
> > > creator like Eucalyptus to accomplish this.
> > >
> > > [1] http://seclists.org/nmap-dev/2010/q2/350
> >
> > This sounds good. I can test it once you have working model.  Please
> > contact me when needed.
>
> Seconded. I actually did something similar to this today. I created a
> virtualbox vm to run openvas, as soon as I had a report I shut it
> down. 
>
>  j

This can also be used to test Nmap in different environments since
result should be the same.

---
Henri Salo
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/