About

To perform a quick run-time analysis of the network behaviour of unknown malware samples, we were in need of a tool to simulate internet services which are commonly used by malware in our laboratory environment. We started off with a bunch of home-grown Perl scripts together with specially configured server service implementations like Apache, Postfix, dnsmasq and ntpd, but we were not happy with this because of a lot of disadvantages resulting from the combination of many programs (e.g. problems with correlation of log data).

While talking to other security analysts, we noticed that there is definitely a need for a comfortable single suite to simulate different internet services with common logging and centralized control functions. So we decided to start the project 'INetSim' to develop such a suite.

Due to lack of time at the office, the programming was done in our spare time. We both have been using Perl for many years but mostly for small scripts, e.g. for the analysis of logfiles. The project INetSim was a welcome opportunity to gain more practical experience in programming Perl and to deal with the specifications (RFCs) for several services in depth.

We think INetSim might be useful for other security researchers as well and therefore decided to release it to the community as free software licensed under the GNU General Public License (GPL).

Any feedback on your experiences with INetSim is appreciated.
Please send your comments to <inetsim at inetsim dot org>.

Note:
As this is our first larger software project written in Perl, please do not be too harsh when you review the code. By now, we learned a lot more about using references, packages and object-oriented programming in Perl, so the design and code will be much better in our next project. ;-)

INetSim is developed by Thomas Hungenberg and Matthias Eckert. We both work in the field of IT security and part of our daily work is the analysis of unknown malware samples.