data
publicly available information, 8-18
security of, 359
in source code, 170-171
data-driven attacks, 218-230
Data Encryption Standard (DES), 262
Data Execution Prevention (DEP), 207-208, 533
databases
ARIN, 28-31, 116-118, 356
authentication, 562
axfr, 35-36
DB2, 563
EDGAR, 12
Google Hacking, 15-16
hacking, 15-16, 522
MS SQL, 563
MySQL, 563
ODBC, 564
Oracle, 563
Postgress, 563
public, 8-32
Solaris Fingerprint Database, 279
SQL injection, 561-564
WHOIS, 22, 24-31, 39, 295
WiGLE.net, 424
DCAR (Distributed CAR), 501
DCOM (Distributed Component Object Model) services, 161, 163
DCs (domain controllers), 94, 118, 144-145, 160
DDoS (distributed denial of service) attacks, 494-497, 641
deauthentication attacks, 441
demon dialers. See war-dialing
denial of service (DoS) attacks, 487-507
alternate infrastructure, 507
anti-DoS products, 499
application-layer , 497
application modes, 507
bandwidth consumption, 491-497
buffer overflows. See buffer overflows
capacity depletion, 491-497, 499, 507
common techniques, 489-497
countermeasures, 498-507
detecting attacks, 503-504
distributed denial of service attacks, 494-497, 641
DoS bots, 494-497, 503-504, 507
DoS testing, 503
Fraggle attacks, 493-494
ICMP and, 49
infrastructure-layer, 491-497
ISPs and, 499-500, 506
Linux platform, 493, 495, 502-504
moving targets, 506
network hardening and, 500-501
overview, 488-489
resources, 507
responding to, 504-507
server hardening and, 501-503
Smurf attack, 493-494, 496
Solaris platform, 495, 502
syn floods, 491-492
UDP floods, 492-493
UNIX platform, 490, 493, 495, 503-504
VoIP, 340
vulnerabilities, 490-491
wireless networks, 441, 456
DEP (Data Execution Prevention), 207-208, 533
DES (Data Encryption Standard), 262
DESX (Extended Data Encryption Standard), 205-206
detection agents , 352-356
dial-back authentication, 324
dial-up hacking
authentication mechanisms, 313-325
brute-force scripting, 313-325
Caller ID and, 298
carrier exploitation, 311-313
hardware considerations, 296-297
legal issues, 297-298
long-distance charges, 298
low hanging fruit, 314-315
PBX hacking, 325-329
PhoneSweep, 298, 308-311
preparation for, 294-296
randomization, 303-304
security measures, 323-325
software for, 298-313
THC-Scan, 298-299, 304-308
ToneLoc, 298-313
war-dialing. See war-dialing
dictionary attacks
ancontrol utility, 453
automated, 261-262
L0phtcrack (LC) tool, 179-183
password cracking, 261-262
WASAT tool, 556
digital signal processing (DSP) device, 331
directories
finding unprotected , 546
hiding, 637-638
IIS, 165, 171
traversal issues, 165, 171, 519, 521
UNIX, 273-276
virtual, 171
web servers and, 540
Directory Services Client (DSClient), 160-161
discovering network devices, 352-356
Distributed CAR (DCAR), 501
Distributed Component Object Model (DCOM) services, 161, 163
distributed denial of service. See DDoS
DLL injection, 173, 177-178, 185, 640
DNS (Domain Name System)
security, 36-37
TSIG overflow attacks, 253-254
UNIX and, 250-252
DNS interrogation , 32-37
DNS lookups, 30-31, 392, 478
DNS servers
domain queries, 30-31
DoS attacks, 506
UNIX and, 250-252
DNS zone transfers, 32-37, 84-86, 478
domain controllers (DCs), 94, 118, 144-145, 160
Domain Name System. See DNS
domain- related searches, 24-27
domain security model, 595
domains
brute-force scripting and, 313
enumeration, 93-94, 101, 104-105, 110
hijacking, 32
trusted, 101, 104-105, 110
vulnerabilities, 582-583
DoS. See denial of service
DoS bots, 494-497, 503-504, 507, 641
DOS platform
attrib tool, 198
defined, 79
SUID files and, 274
THC-Scan and, 304-305
war-dialing and, 298-299
DOSEMU for Unix, 274, 305
dot-dot-slash attacks, 171
Double Decode exploit, 171, 519
double- escapes , 519-521
drivers
GPS units, 414
OpenBSD, 410-411
PCMCIA, 410
Wavelan, 444
wireless, 410-411
WLAN, 427-428
DSClient (Directory Services Client), 160-161
dsniff program, 280-281, 369, 383-386
DSP (digital signal processing) device, 331
DTP (Dynamic Trunking Protocol), 378
DumpSec tool, 98-102, 143
Dynamic Trunking Protocol (DTP), 378