LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 01-12-2021, 09:02 AM   #1
hkjz
Member
 
Registered: Apr 2019
Distribution: MX
Posts: 126

Rep: Reputation: Disabled
Does this (suspicious) data would like to connect to internet?


If i would have some suspicious data,
which i don't want to open on regular system,

and i would rather run it, in the virtual environment, with has internet connection turned off,

How can i check, if there are any attempts to connect internet?
what else i suppose to be aware, while running/opening suspicious data?
 
Old 01-12-2021, 09:16 AM   #2
boughtonp
Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 941

Rep: Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720Reputation: 720

To prevent network access, completely remove network access. See https://en.wikipedia.org/wiki/Air_gap_(networking)

Alternatively, the top result for searching "opensource malware sandbox" is: https://cuckoosandbox.org/ which claims: "You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment."

 
1 members found this post helpful.
Old 01-12-2021, 09:44 AM   #3
heathcliff36
Member
 
Registered: Jun 2019
Location: West Coast, USA
Distribution: Debian
Posts: 73

Rep: Reputation: Disabled
Quote:
Originally Posted by hkjz View Post
If i would have some suspicious data,
which i don't want to open on regular system,

and i would rather run it, in the virtual environment, with has internet connection turned off,

How can i check, if there are any attempts to connect internet?
what else i suppose to be aware, while running/opening suspicious data?
You can't run data - it would be in a text file.
Unless there is an executable program within the text file - but I'm not familiar with such things.

If you have a suspicious program then you can simply remove the ethernet cable and run the program. See if error messages are reported.
No virtualization needed.

If you're not satisfied with the data or program - simply remove it.
Re-install the data or program from your MX Linux repository.
 
Old 01-12-2021, 09:47 AM   #4
sevendogsbsd
Senior Member
 
Registered: Sep 2017
Distribution: FreeBSD
Posts: 2,194

Rep: Reputation: 973Reputation: 973Reputation: 973Reputation: 973Reputation: 973Reputation: 973Reputation: 973Reputation: 973
I am not a malware researcher but I would never run anything "suspicious" on a host box; I would always use a VM and one that has no network access. boughtonp's suggestions are I think, good.
 
1 members found this post helpful.
Old 01-13-2021, 02:21 AM   #5
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 16,538
Blog Entries: 10

Rep: Reputation: 4879Reputation: 4879Reputation: 4879Reputation: 4879Reputation: 4879Reputation: 4879Reputation: 4879Reputation: 4879Reputation: 4879Reputation: 4879Reputation: 4879
Code:
firejail --noprofile --net=none <name of application>
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Hi, I would like to find out which distro would be best for an old dell sammer47 Linux - Newbie 13 06-29-2014 04:07 AM
new toshiba C8500 does not connect via wireless. Does it not connect using linux? ffRayMuldoon% Linux - Laptop and Netbook 1 11-17-2013 08:10 PM
I would like to access the data on my persistent Ubuntu flash drive, but.... White Essence Linux - Newbie 5 02-09-2013 03:55 PM
Draft data loss mitigation method for spanned LVM (would like suggestions) ACiD GRiM Linux - General 1 10-18-2009 04:17 AM
Does IPCop act on Suspicious Activity gizza23 Linux - Security 8 09-27-2007 04:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 05:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration