J

skip navigation

honeypots for windows
Index
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

K

KaZaA .dat Viewer

for viewing and managing KaZaA data, 317

Kerberos

hardening a Windows machine with, 118–119

kernel mode programs

use of to attack honeypots, 345

KeyFocus Ltd.

HTTP engine that runs as a freeware web server, 202

website address, 196

keystroke logger

needed for operating a honeypot, 12

used for honeypot data capture, 22–23

keystroke monitoring programs

used for honeypot data capture, 22–23

KFSensor honeypot

analysis of Ethereal capture files, 326–329

anti-DoS setting dialog box, 211

capture showing Windows Media Service buffer overflow attack, 330

configuring listeners and anti-DoS settings, 210–211

Edit Sim Banner dialog box in, 200

emulated IIS 6.0 Under Construction error page, 202

emulating services with, 198–208

Ethereal generated protocol distribution report, 327

Event Details screen for an FTP session, 204

example of SMTP sim standard server screen, 204

forensic analysis in action, 325–332

function of, 196

IIS sim server, 201–202

initial review, 325–326

installation versions, 201

installing and running, 197–198

by KeyFocus Ltd., 196

lessons learned from attacks, 331–332

listing of event column fields, 209

log detail for one of the attacks, 329

log example showing an FTP login session, 210

logging and alerting with, 208–210

logs of the spam open relay, 331

logs showing the first IIS attack, 328

monitor in Ports view, 199

NetBIOS sim banner server, 205

open proxy server for, 205

open-relay attack, 330

other emulated Microsoft services offered by, 207–208

scenarios for sim standard server listener ports, 201

sim banner server banner parameters list, 200

sim banner servers in, 199–200

sim standard servers in, 200–201

SMTP alert configuration dialog box, 208

SMTP sim standard server, 203–204

SQL Server SA password-guessing attack, 330

Terminal Server sim standard server, 207

types of sim servers, 198

website address, 196

Windows Media Service buffer overflow attack, 329–330

KFSensor Monitor

function of, 197

KFSensor Server

function of, 197

KFSensor Set Up Wizard

components (port listeners) selection, 197

Kiwi Syslog

function of, 290

website address, 290

Knoppix bootable forensic distribution

website address, 324

Know Your Enemy (Lance Spitzner)

honeypot book, 8

Kuang2.pl script

website address, 179

-l <logfiledirectory> Snort parameter

for logging packet traffic to an ASCII text file, 255

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net