Back from holiday and managed to get my hands on an excellent cheap Dell laptop and a Dualcomm Network tap.
I loaded the full Security Onion suite (Xubuntu 12.04 64-bit) on the Dell laptop and rigged the network tap to mirror the router and pump all the data to the laptop. To check it was working I opened Wireshark which confirmed every single packet flowing in and out of the router was being captured.
With Security Onion configured and Snorby and Squert up and running I went off and launched Metasploit Armitage exploits from another laptop against my Windows XP hacking lab.
It was satisfying to see this activity picked up in both Squert and Snorby:
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
The attacking IP was 192.168.70 and the target 192.168.1.79.
I’m delighted all of this has proved to function as expected. I just need to learn the ins and outs of metasploit Armitage as I still haven’t managed to compromise my extremely vulnerable, unpatched and unprotected Windows XP system. Interestingly, Security Onion revealed some other “High Severity” intrusion activity on this XP system which has not been instigated by me:
Image may be NSFW.
Clik here to view.
As you can see if would seem that somebody/something else has taken advantage of the deliberately vulnerable state of the hacking lab. I don’t know what all of this “Google Talk/Jabber” is about but I will look into it out of interest and investigate the IP address.
Of course. do let me know if you’ve heard of this type of intrusion.
