Comment by wizzy on "Bridge mode vs NAT for a VM" | Hashnode

Popular posts

wizzy

Dec 7, 2017

I'll take the question from a penetration testing angle.

The biggest downside of running NAT (in its standard configuration) is that you cannot get connections back from other systems and are on a different network(broadcast traffic). In my normal workflow this would stop me using reverse shells or launching spoofing attacks (thing smbrelay/responder).

Kali, like most pen testing distros are not built with security in mind. I would often setup a host only network with SSH enabled and use that to connect to the kali box to perform any testing that required Kali, minimizing the likelihood of attacks against my box and allowing me to use rubbish passwords.

My normal configuration was 1 host-only network and 1 bridged network, just be sure to bind your services to the right ones.

Rey Bango

Honey badger and community advocate

Dec 7, 2017

Thanks wizzy. Couple of questions"

When you mention that you would setup a host-only network with SSH enabled, did you mean that you would setup a SSH server on Kali and connect into it? If so, how would that minimize the likelihood of attacks on your box if you're running Kali in a VM? (I may not be understanding the config)

In terms of ensuring services are bound to the right adapter, how do you go about verifying that? I'm assuming they should be bound to the host-only adapter.

Thanks for replying.

If I'm understanding wizzy correctly, he's saying that he setups a ssh connection/proxy from his 'main' box to his 'kali' box. He is then able to use tools inside of kali and point them towards the ssh proxy, to have them come out through his 'main' box connection. This prevents individuals from directly attacking his 'kali' instance, as they would have to either compromise his 'main' box, or be able to send back packets across the same connections he initiates from within kali, to successfully traverse the NAT 'firewall' to directly attack his 'kali' box.

For verification in VMware Workstation, select the target VM, then from the menu, click: VM -> Settings -> Network Adapter.

Search Hashnode