| < Day Day Up > |
|
packet analyzers, 465
packet content expressions, 469, 475-478
packet filters
Ethereal program, 479-481, 510-511
IPFW, 393-403
packet characteristics examined, 366-367
problems with, 449-451
stateful, 434
stateless, 434
vs. firewalls, 365
packet injection, 565-567
packets
ACK, 66, 433
characteristics, 366-367
controlling, 558-559
FIN, 65, 68
ICMP, 783-785
information about, 485
IP, 426, 562-567
ISIC suite and, 558-559
Nemesis utility, 562-564
packet injection, 565-567
Ping, 422
RST, 65-69, 565
spoofed, 285
SYN, 66, 68
TCP. See TCP packets
UDP, 16, 108-109, 475-476
PAM (Pluggable Authentication Module), 210-214
Paraben E-Mail Examiner, 726-729
parental control software, 365
Paros Proxy, 199-203
partitions, 630, 660-661
PASS password, 475
pass rules, 502
PassFilt.dll tool, 208-210
passive connections, 71
password cracking. See also brute-force attacks
Cracklib tool, 212-214
distributed cracking, 223-226
Hydra tool, 237-241
L0phtcrack tool, 228-233
password dictionary, 209-210, 227
password hashes, 216-217, 234-235
passwords
administrator, 144-145, 147, 154, 161
Apache Web server, 219
bad, 140-141
batch files and, 150
BO2k and, 266
brute force attacks. See brute-force attacks
checking password policy, 239-241
Cisco devices, 219
cracking. See password cracking
DES-based, 213, 219
enum tool and, 143-146
evidence files, 623
GetUserInfo utility and, 140-141
guessing, 185-186
.htaccess, 219
Linux systems, 210-214
lockouts, 145-146
lsadump2 utility, 235-236
MD5, 213, 216
PassFilt.dll tool, 208-210
policies for, 227-228
protection, 231-232
pwdump tool, 234-235
pwdump3 tool, 235
remote administration and, 147
shares, 113
sniffers, 287, 459-460, 464
Solaris, 219
SSH and, 268
strong, 549
Sub7 and, 274
Unix systems, 210-214
VNC program, 256, 258
Windows systems, 208-210
patch tool, 58
patches, 278, 359-360
pcap library, 465-466
PDBLOCK (Physical Drive Blocker) utility, 626-627
performance, firewall, 560
Perl modules, 170-171
Perl scripts
RATS tool and, 297
running, 57
Wellenreiter, 520-521
permissions, 55-56, 248
perm.n files, 248-249
PHP scripts, 297
Physical Drive Blocker (PDBLOCK) utility, 626-627
PIDs (process IDs), 608-610
pine program, 725
Ping of Death, 422
Ping packets, 422
Ping scanning, 66
Ping tool, 420-423
pings, 76-77, 422-423
PIX firewalls, 408-410
plex86 project, 50
plug-ins, snort, 505-508
Pluggable Authentication Module (PAM), 210-214
Point-to-Point Protocol (PPP), 468
Ponder, Scott, 730
port 0, 257
port 21, 434-435
port 80, 257, 287, 436
port 111, 115
port 139, 142
port 3028, 23-24
port 5900, 256-257
port 65535, 257
PORT command, 71-72
port filters, 20, 68-69, 465
port forwarding
described, 368-371
disadvantages, 392-393
firewalls and, 368-371
ipchains, 383
IPFW, 403
iptables, 391-393
port hopping, 445-449
port redirection, 274, 439-452
Port Scanner tool, 91-92
port scanning, 63-110
case study, 84-85
described, 64
hping utility, 435-436
IpEye, 100-101
with Netcat, 12-16
NetScanTools, 90-94
nmap. See nmap utility
Port Scanner tool, 91-92
ScanLine, 101-104
SuperScan, 94-100
TCP ports, 66-70
udp_scan, 107-109
WUPS, 106-107
port type qualifiers, 470
portmapper utility, 115-117
ports
blocking, 450-451
BSD Ports collection, 521
destination, 449-450
dynamic, 440
filters, 20, 68-69, 465
forwarding. See port forwarding
hopping, 445-449
inbound, 286
information about, 14-16
IPsec, 451
local, 8
NetBIOS, 146, 154, 160-161
Netcat and, 12-14
problems with, 449-451
randomizing, 73
registered, 440
remote, 8
scanning. See port scanning
sorting by, 580
source, 449-450
span, 560
SSL, 187
TCP. See TCP ports
UDP. See UDP ports
PPP (Point-to-Point Protocol), 468
precompiled binaries, 294-295
preprocessors, 505-508
prescan.exe utility, 540-541
printf statements, 748-749
problems. See troubleshooting
process IDs (PIDs), 608-610
processes
hiding, 284
information about, 152-153
killing, 153-154
listing, 152-153
monitoring, 163-164
suspending, 153-154
promiscuous mode, 467
property masks, 346-348
proto type qualifiers, 470
protocol headers, 780-785
protocol qualifier, 469
protocol qualifiers, 468
protocols
ARP. See ARP
FTP. See FTP
ICMP, 555-556
IMAP, 191
Internet Protocol. See IP
MIT-KERBEROS-5, 33
MIT-MAGIC-COOKIE-1, 31-32
NetBIOS, 583
PPP, 468
SLIP, 468
SUN-DES-1, 32-33
UDP. See UDP
XDM-AUTHORIZATION-1, 31
XDMCP, 35-36
proxies
gateway, 198
Netcat, 20
OpenSSL, 187-191
Paros Proxy, 199-203
vulnerability scans and, 187-191
ps command, 126, 607-610
PsExec utility, 158-159, 164
PsFile utility, 147-148
PsGetSid utility, 148-149
PsInfo utility, 149-150
PsKill utility, 153-154
PsList utility, 152-153, 584-586
PsLoggedOn utility, 148
PsLogList utility, 154-158, 164
PsService utility, 150-152
PsShutdown utility, 159-160
PsSuspend utility, 153-154
PsTools suite, 146-164
public files, 121
pwdump tool, 218-219, 234-235
pwdump3 tool, 235
Python scripts, 247-251, 297
| < Day Day Up > |
|