S

skip navigation

honeypots for windows
Index
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

T

TamoSoft SmartWhois query tool

website address, 311

taps

using in hubs and bridge scenarios, 46

tarball unzippers

for the Windows platform, 178

tarpits (blackholes)

as sticky honeypots, 9

TCP Conversation screen

in Ethereal protocol analyzer utility, 246

TCP flags

list of, 234

used in a TCP connection session, 126–127

TCP packets

timestamp for, 127–128

TCP packet structure

example of, 233

TCP ports

common Windows listening by platform, 85–86

TCP Stream feature

in Ethereal protocol analyzer utility, 247–248

TCP window size

function of, 126

tcpdump utility

using with Ethereal protocol analyzer utility, 249

website address for downloading, 249

TCP/IP configuration

documenting for your honeypot system, 270

TCP/IP packet types

list of, 125–126

TCP/IP pathway

basic function of, 230–232

TCP/IP port emulation

in Honeyd, 131–134

TCP/IP ports

website address for comprehensive listing of, 65

TCP/IP protocol

flow example, 231

reliability of vs. UDP, 234

three-way handshake process, 234–236

use of vs. UDP, 236–237

TCP/IP protocol suite

basics of, 230–237

TCP/IP stack

mimicking in Honeyd, 124–126

recommended registry entries to harden, 104

TCPView utility

for listing listening network ports, 276

Telnet Server (Tkbtsvr.exe)

availability of, 80

Telnet Server Logon banner text

code example, 80

Telnet_negotiation preprocessor

in Snort, 259

templates

in Honeyd, 154

TCP/IP port setting recommendations, 133–134

Terminal Server

included starting with Windows Server 2000, 93

Terminal Server sim standard server

in KFSensor honeypot, 207

Terminal Services, Application Mode

in Server 2003, 78

Test2pcap.exe

for converting an ASCII hexidecimal dump to a tcpdump-style log, 250

Test.sh

source code for, 172–173

Tethereal.exe

command-line version of Ethereal utility, 250

text editors

website addresses for, 357

TextPad text editor

website address, 357

The Cuckoo’s Egg (Clifford Stoll)

about honeypots, 20

The Disk Investigator program

disk viewer, 314

The Shellcoder’s Handbook: Discovering and Exploiting Security Holes

book exploring different ways to secure your system, 359

Thing Trojan

MASM disassembly of showing called Windows APIs, 351

sampling of MASM disassembly of, 352

website address, 350

third-party APIs

using, 343–344

threats

ensuring early detection of with honeytokens, 7

time synchronization

importance of for security logging of honeypots, 285

timestamp

for TCP packets, 127–128

tools

for finding hosts without IP addresses, 43

for making copies of a honeypot hard drive, 306–308

top talkers

identifying in network traffic analysis, 309–310

Tower of Babel problem

of establishing common names for viruses, 292

traceroute utility

fooled by Honeyd network emulation, 129

Tracking Hacker’s web site

website address, 219

Transmission Control Protocol (TCP)

packet structure, 233

transport layer

in OSI model, 229

traps and services

in SPECTER honeypot, 192–193

Tribble

hardware-based solution for capturing and storing RAM data, 306

trigger events

command for displaying, 298

Tripwire program

website address, 23, 272

troubleshooting

your Honeyd configuration files, 165–166

TUCOFS-The Ultimate Collection of Forensic Software

website address, 335

TYPE

memory variable useful in scripts, 171

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net