| ||||||||||||
| |||||
LaBrea tarpit
developed in response to Code Red worm, 9
getting a list of all command-line options for, 191
installing and running, 191
as sticky honeypot, 9
using, 191–192
website address, 9, 190
Lan Manager (LM) protocol
weakness of, 118–119
layer 2 bridge devices
Ethernet switches as, 46–47
layer 2 bridging
implementation of, 24
LibnetNT
needed to run LaBrea tarpit, 191
website address, 191
licenses
needed for operating honeypots, 18
Linux-based Bait and Switch Honeypot
website address, 10
listening ports
listing all with Netstat.exe, 276
LiveScript. See JavaScript
LM password hashing
website address for information about disabling, 119
LM protocol. See Lan Manager (LM) protocol
Local Computer Policy object
accessing, 119
Local Package Directory dialog box
in Cygwin Setup dialog box, 143
local subnet problems
fixing in Honeyd installations, 138–139
LocalService account, 116
LocalSystem account
configuring services in, 115–116
log file formats, 290–291
log files
analyzing, 319–323
reviewing logon/logoff activity, 319–322
useful information extraction from, 294
Log Parser
in the Microsoft IIS 6 Resource Kit, 289
website address, 289
log protection
in honeypots, 295
log rotation and permanence
importance of, 287
log tools
for detecting various types of intrusions, 282
logging
of data captured from honeypot monitoring systems, 284–285
in-band methods, 284
out-of-band methods, 284
logging and alerting
with KFSensor honeypot, 208–210
with PatriotBox honeypot, 214
with SPECTER honeypot, 194–195
Logon event properties
fields in the Event Properties dialog box, 320
logon events
list of interesting IDs, 322–323
reviewing log files for, 319–322
logon/logoff activity
reviewing log files for, 319–322
LogProc utility
function of, 282
LogShares utility
function of, 282
LogStartup utility
function of, 282
LogUser utility
function of, 282
Longhorn. See Microsoft Longhorn
low-interaction honeypots
function of, 14–15
| |||||