| ||||||||||||
| |||||
Faketelnet.pl script
website address, 179
false-negatives
as number one reason for using honeypots, 5–7
false-positives
as number one reason for using honeypots, 5–7
Fc.exe
using to compare two sets of files on command line, 272
feature packs
for specific applications, 101
Febotti Command Line utility
website address, 299
File and Printing Service
NetBIOS services as the heart of, 73–74
file extensions
learning which are associated with which programs, 314
file handle
defined, 344
file hashing programs
website addresses for, 312
File Investigator
for determining a files real content, 314
File menu options
using in Ethereal protocol analyzer utility, 244
file properties analyzer
Forensic Toolkit as, 281
file system
analyzing for malicious activity, 311–317
looking for hidden files and alternate data streams in, 313
file types
confirming in network traffic analysis, 314
FileCheckMD5
website address, 312
Filemon monitoring utility
function of, 279
FileStat
analyzing file systems with, 312
filters
needed by network analysis tools, 238
FIN (Finish) flag
in TCP, 234
FIN port scans
keywords for allowing and disallowing, 156–157
FIN scan
use of by hackers, 236
FINALeMail tool
for recovering Outlook Express and Eudora e-mail, 315
fingerprinting
active, 27–28
as part of manual hacking attacks, 26–30
passive, 29
firewalls
as honeypot network system devices, 51
importance of in stopping hackers, 8
forensic analysis
in action, 325–332
beginning by taking the honeypot offline, 305
of honeypot data, 301–336
making copies of the hard drive, 306–309
recovering RAM data in Windows honeypots, 305–306
reviewing log files for logon/logoff activity, 319–322
steps for a structured approach, 304–305
a structured approach, 304–325
forensic analysis toolkits
website address for overview of all major, 324
forensic analysis tools
bootable forensic distributions, 324
for documenting and analyzing honeypot systems, 280
needed for operating a honeypot, 12
web sites for, 335
Forensic and Incident Response Environment
website address for bootable forensic distribution, 324
Forensic Toolkit
file properties analyzer, 281
Foundstone utilities
website address, 276, 280, 335
Foundstone’s Bin Text utility
for finding text and Unicode strings in a file, 318
Foundstone’s Galleta tool
for examining contents of Internet Explorer cookies, 316
Foundstone’s NTLast utility
for keeping track of logon information, 321
Foundstone’s Pasco tool
for tracking Internet Explorer hacker activity, 316
Foundstone’s Rifiuti utility
for examining Recycle Bin activity, 315
Fport and Vision utilities
for collecting network traffic baseline data, 276
looking for new network ports and services with, 319
frag attack
defined, 124
reasons for using, 233
Frag2 preprocessor
in Snort, 259
FRAGMENT instruction
in Honeyd templates, 157
Fragment Offset field
in IP packet, 232
fragmentation attack. See frag attack
freeware
defined, 122
FTP login session
Windows event log message generated by, 211
FTP server daemon
most popular used on the Internet, 168
FTP sim standard server
behavior, 202–203
for KFSensor honeypot, 202–203
FTP Windows service
ports used by, 79–80
ftp.sh script
website address, 180
| |||||