K

skip navigation

honeypots for windows
Index
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

L

LaBrea tarpit

developed in response to Code Red worm, 9

getting a list of all command-line options for, 191

installing and running, 191

as sticky honeypot, 9

using, 191–192

website address, 9, 190

Lan Manager (LM) protocol

weakness of, 118–119

layer 2 bridge devices

Ethernet switches as, 46–47

layer 2 bridging

implementation of, 24

LibnetNT

needed to run LaBrea tarpit, 191

website address, 191

licenses

needed for operating honeypots, 18

Linux-based Bait and Switch Honeypot

website address, 10

listening ports

listing all with Netstat.exe, 276

LiveScript. See JavaScript

LM password hashing

website address for information about disabling, 119

LM protocol. See Lan Manager (LM) protocol

Local Computer Policy object

accessing, 119

Local Package Directory dialog box

in Cygwin Setup dialog box, 143

local subnet problems

fixing in Honeyd installations, 138–139

LocalService account, 116

LocalSystem account

configuring services in, 115–116

log file formats, 290–291

log files

analyzing, 319–323

reviewing logon/logoff activity, 319–322

useful information extraction from, 294

Log Parser

in the Microsoft IIS 6 Resource Kit, 289

website address, 289

log protection

in honeypots, 295

log rotation and permanence

importance of, 287

log tools

for detecting various types of intrusions, 282

logging

of data captured from honeypot monitoring systems, 284–285

in-band methods, 284

out-of-band methods, 284

logging and alerting

with KFSensor honeypot, 208–210

with PatriotBox honeypot, 214

with SPECTER honeypot, 194–195

Logon event properties

fields in the Event Properties dialog box, 320

logon events

list of interesting IDs, 322–323

reviewing log files for, 319–322

logon/logoff activity

reviewing log files for, 319–322

LogProc utility

function of, 282

LogShares utility

function of, 282

LogStartup utility

function of, 282

LogUser utility

function of, 282

Longhorn. See Microsoft Longhorn

low-interaction honeypots

function of, 14–15

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net