Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


LEB for a Backtrack 5R1 install?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

LEB for a Backtrack 5R1 install?

xanthixanthi Member
edited February 2012 in General

Any suggestions for / from providers willing to host a VM of Backtrack for legal and ethical pen testing?

The few providers I've contacted have either been unwilling to create an OpenVZ template for BT or stated it would violate their ToS / AUP anyway.

I'd be happy with Xen if a provider is willing to make the ISO available.

Thoughts?

Comments

  • Couldn't you just add the backtrack repo and install the things yourself?

  • Can't you install your own .iso with almost every KVM provider?

  • @Daniel said: Couldn't you just add the backtrack repo and install the things yourself?

    Of course, but I figured it would be easier to just start with the build provided. Also the main issue here is finding a host which would be happy to host such a setup without violating any ToS / AUP.

    I'd rather find a host that accepts this sort of usage after being open and honest about my intentions, rather than have to jump providers every few months when they decide they don't like this sort of activity...

  • You're not going to find a provider willing and if you do, it's a sign of inexperience because if they are hosted with OVH I've seen horror stories where a DMCA complaint got a whole VPS node taken offline.

  • I'd question whether or not the DMCA applies in this usage case. I don't know a huge amount about it though -

    The Digital Millennium Copyright Act (DMCA)...criminalizes production and dissemination of technology, devices, or services intended to circumvent measures (commonly known as digital rights management or DRM) that control access to copyrighted works. It also criminalizes the act of circumventing an access control, whether or not there is actual infringement of copyright itself.

    Surely this only applies in unauthorised circumvention of access controls (although, strictly speaking I suppose if you're authorised to circumvent an access control then there isn't an access control to be circumvented) for the purpose of accessing copyrighted material? How then do security companies stand with regards to penetration testing networks and security audits?

  • Imho OVH should completly ignore DMCA requests since its an American law and OVH is a French company.

  • @pdqso said: You're not going to find a provider willing and if you do, it's a sign of inexperience because if they are hosted with OVH I've seen horror stories where a DMCA complaint got a whole VPS node taken offline.

    What's up with the influx of new folks that endlessly insult providers that choose not to allow certain activities? All you see now is "They prefer not to allow torrenting? THEY MUST BE INEPT/INEXPERIENCED/SCARED."

    To quote Tim, "our house, our rules". If you don't like a provider's TOS, then move on.

    Back on topic... @xanthi - I can think of a couple of hosts (us included) that would probably allow sanctioned pen testing with restrictions. Off the top of my head (for us at least), this would include written/signed waivers from the companies being tested, including the target, associated IPs, method of testing, etc. Such docs were more than sufficient when I did similar work in the DoD.

    Thanked by 1TheHackBox
  • FranciscoFrancisco Top Host, Host Rep, Veteran

    I know we have a few people that run honey pots on us. We asked them to log tickets with support so we had them on record if it ever threw off our monitors.

    Francisco

  • The point is about DMCA is one complaint, either about DMCA or "illegal activity", is more than enough to get a whole node taken down. If this is so important to you, learn Chinese or Russian. They would be more than eager to accommodate you.

  • @pdqso said: You're not going to find a provider willing and if you do, it's a sign of inexperience because if they are hosted with OVH I've seen horror stories where a DMCA complaint got a whole VPS node taken offline.

    OVH isn't required to follow the DMCA, it just treats DMCA notices as normal copyright notices.

  • That's pretty funny, I handle all of the DMCA requests (legit and bogus) that come in via our abuse@, and none of our nodes have been taken down over them. Maybe it's because I speak Russian and Chinese <_<

    Do you have any source for your claims? I don't recall of any provider losing entire nodes just because they received a DMCA.

  • @Aldryic You have owned IP space and servers, not cheap dedicated server rentals.

  • Heh, true enough.

  • Backtrack is like any distro, and any distro has the same tools, the same.... Just install/compile what you need and don't be lazy

    So the question is how you will behave

  • @yomero said: Backtrack is like any distro, and any distro has the same tools, the same.... Just install/compile what you need and don't be lazy So the question is how you will behave

    Again, it's not about being lazy. It's about finding a provider that knows enough to not get scared and boot me from their service the first time they see my VPS port scanning an IP / whatever.

    As for how I'll behave, that's the whole point of this thread. If I was up to no good, would I really come on here and ask the questions I've asked? I'm being open and honest with what I want to do to avoid any potential issues.

    I'm sure @Aldryic (and probably most of the experienced hosts here) understands the potential issues and has been very helpful so far - I'll certainly be looking into BuyVM as a possible provider.

  • I've run scanners and stuff from my VPSs to my other machines, I don't see anything bad on doing that.

    Also, if the question is "about finding a provider that knows enough to not get scared" then why to start with a question about Backtrack? Better to ask directly "about finding a provider that knows enough to not get scared"...

  • imagineimagine Member
    edited February 2012

    @Daniel said: @pdqso said: You're not going to find a provider willing and if you do, it's a sign of inexperience because if they are hosted with OVH I've seen horror stories where a DMCA complaint got a whole VPS node taken offline.OVH isn't required to follow the DMCA, it just treats DMCA notices as normal copyright notices.

    Look up:
    Haute Autorité pour la diffusion des œuvres et la protection des droits sur internet

  • I don't speak any French, I refuse to learn it.

  • @Daniel why refuse knowledge?

  • @Daniel said: I don't speak any French, I refuse to learn it.

    Its the French version of DMCA, sort-of... or, at least, the equivalent.

  • Or you can just google HADOPI. I'm sure there's an article in the English wiki for it.

Sign In or Register to comment.