Does this (suspicious) data would like to connect to internet?
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Alternatively, the top result for searching "opensource malware sandbox" is: https://cuckoosandbox.org/ which claims: "You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment."
If i would have some suspicious data,
which i don't want to open on regular system,
and i would rather run it, in the virtual environment, with has internet connection turned off,
How can i check, if there are any attempts to connect internet?
what else i suppose to be aware, while running/opening suspicious data?
You can't run data - it would be in a text file.
Unless there is an executable program within the text file - but I'm not familiar with such things.
If you have a suspicious program then you can simply remove the ethernet cable and run the program. See if error messages are reported.
No virtualization needed.
If you're not satisfied with the data or program - simply remove it.
Re-install the data or program from your MX Linux repository.
I am not a malware researcher but I would never run anything "suspicious" on a host box; I would always use a VM and one that has no network access. boughtonp's suggestions are I think, good.
"How can i check, if there are any attempts to connect internet?
what else i suppose to be aware, while running/opening suspicious data?"
Almost all VM's have a local only network configuration. I'd consider using that to a second VM that acts as a router then monitor traffic via wireshark or other monitor.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
