Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Tip of the Day - Turn the NICs off during installation SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Tip of the Day - Turn the NICs off during installation
During one of those past weekends I was installing and configuring some honeypots.

I decided to try different Operating Systems to see which one would fit better for my needs.

As I already had a perfect NAT for one IP, nothing more natural that I already put the IP address on the OS during installation, right?
Yep, WRONG! The reason is that if you install an internet facing OS (like my NAT was providing me), maybe there will be not enough time to apply the patches (even offline patches, from CDs or Pen Drivers).

So, my Tip of the Day, is for whatever OS that you are installing, if you can't unplug physically the network, choose to not configure the NICs during installation. In this way, you will have enough time to check which Services will be running in your machine, and turn it down before someone explore your unpatched OS, because if you are installing a fresh OS, chances are that some applications/services are already outdated and you may be a victim of some bot of the day...
Don't trust me? Check this out...

Handler on Duty: Pedro Bueno ( pbueno //&&// isc .sans .org )

155 Posts
ISC Handler
Aug 17th 2006

Sign Up for Free or Log In to start participating in the conversation!