![]() | ![]() |
| ||||||||||
![]() |
![]() |
![]() | |||||
| |||||
![]() |
MAC address
changing for VM network interface card, 100
machine/assembly language instructions
common 80x86, 348
Macro Assembler. See MASM (Macro Assembler)
mail servers
Exchange Server as most popular, 83
malicious code
analyzing, 317–318
performing string analysis on, 317–318
malicious programming techniques, 358–359
malicious programming tutorials
list of available, 359
malware attack
analyzing packet time distribution for, 310
malware code analysis, 337–361
debugging tricks, 359
executable code pathway, 338
an overview of code disassembly, 337–339
of registers, 346–348
Malware: Fighting Malicious Code (Ed Skoudis and Lenny Zeltser)
book about malware vectors, 359
management workstation
needed for operating a honeypot, 12
man-in-the-middle attacks, 127
manual hacking models
function of, 26–30
MASM (Macro Assembler)
example showing disassembly of the Thing Trojan, 351
function of, 350–352
sampling of disassembly of Thing Trojan, 352
MBlaster worm
Honeyd used to catch, 180–181
script used to clean from originating hosts, 182
MBlaster.sh script, 181
media access control (MAC) address, 43
memory variables
useful in Honeyd scripts, 171
Mergecap.exe
for combining multiple capture longs into one log file, 250
MessageLabs antispam resource
website address, 304
Microsoft Audit Collection System (MACS)
website address for information about, 289
Microsoft Foundation Classes (MFC)
C++ API libraries for coders to use, 342
Microsoft FTP
characteristics of, 79
Microsoft FTP server
creating by customizing an existing script, 183–188
Microsoft FTP Service login banner
code example, 79
Microsoft Longhorn
availability of, 92
Microsoft network model
website address for information about, 227
Microsoft patches
different levels of, 101–103
patching pathway, 102
to protect against Blaster worm, 87
tools for checking status, 101
Microsoft POP3 server
emulated by KFSensor honeypot, 208
Microsoft Security Baseline Analyzer tool
website address, 101
Microsoft Security web site
website address, 41
Microsoft sharing
NetBIOS services as the heart of, 73–74
Microsoft Software Update Services (SUS)
using to update virtual systems, 17
Microsoft tools
for documenting baseline measurements, 271
Microsoft Visual Basic (VB). See Visual Basic (VB)
Microsoft Windows
hardening for your honeypots, 100–120
Microsoft Windows ports and services
list of common, 66–68
Microsoft’s Automated Deployment Services
website address, 306
Microsoft’s ExMerge utility
for recovering deleted e-mail when Outlook uses Exchange Server, 315
Microsoft’s Virtual PC
undo disks in, 100
monitoring
after a baseline has been documented, 276–283
monitoring communications
protection for, 284
monitoring devices. See honeynet monitoring devices
monitoring programs, 277–283
monitoring/logging tools
needed for operating a honeypot, 12
MS03-026 patches
to protect against Blaster worm, 87
Ms-ftp.sh script file
mimicking a Microsoft FTP server, 183–187
multicast packets
defined, 41
Mydoom.pl script
website address, 179
![]() | |||||
| |||||
![]() |