L

M

MAC address

changing for VM network interface card, 100

machine/assembly language instructions

common 80x86, 348

Macro Assembler. See MASM (Macro Assembler)

mail servers

Exchange Server as most popular, 83

malicious code

analyzing, 317–318

performing string analysis on, 317–318

malicious programming techniques, 358–359

malicious programming tutorials

list of available, 359

malware attack

analyzing packet time distribution for, 310

malware code analysis, 337–361

debugging tricks, 359

executable code pathway, 338

an overview of code disassembly, 337–339

of registers, 346–348

Malware: Fighting Malicious Code (Ed Skoudis and Lenny Zeltser)

book about malware vectors, 359

management workstation

needed for operating a honeypot, 12

man-in-the-middle attacks, 127

manual hacking models

function of, 26–30

MASM (Macro Assembler)

example showing disassembly of the Thing Trojan, 351

function of, 350–352

sampling of disassembly of Thing Trojan, 352

MBlaster worm

Honeyd used to catch, 180–181

script used to clean from originating hosts, 182

MBlaster.sh script, 181

media access control (MAC) address, 43

memory variables

useful in Honeyd scripts, 171

Mergecap.exe

for combining multiple capture longs into one log file, 250

MessageLabs antispam resource

website address, 304

Microsoft Audit Collection System (MACS)

website address for information about, 289

Microsoft Foundation Classes (MFC)

C++ API libraries for coders to use, 342

Microsoft FTP

characteristics of, 79

Microsoft FTP server

creating by customizing an existing script, 183–188

Microsoft FTP Service login banner

code example, 79

Microsoft Longhorn

availability of, 92

Microsoft network model

website address for information about, 227

Microsoft patches

different levels of, 101–103

patching pathway, 102

to protect against Blaster worm, 87

tools for checking status, 101

Microsoft POP3 server

emulated by KFSensor honeypot, 208

Microsoft Security Baseline Analyzer tool

website address, 101

Microsoft Security web site

website address, 41

Microsoft sharing

NetBIOS services as the heart of, 73–74

Microsoft Software Update Services (SUS)

using to update virtual systems, 17

Microsoft tools

for documenting baseline measurements, 271

Microsoft Visual Basic (VB). See Visual Basic (VB)

Microsoft Windows

hardening for your honeypots, 100–120

Microsoft Windows ports and services

list of common, 66–68

Microsoft’s Automated Deployment Services

website address, 306

Microsoft’s ExMerge utility

for recovering deleted e-mail when Outlook uses Exchange Server, 315

Microsoft’s Virtual PC

undo disks in, 100

monitoring

after a baseline has been documented, 276–283

monitoring communications

protection for, 284

monitoring devices. See honeynet monitoring devices

monitoring programs, 277–283

monitoring/logging tools

needed for operating a honeypot, 12

MS03-026 patches

to protect against Blaster worm, 87

Ms-ftp.sh script file

mimicking a Microsoft FTP server, 183–187

multicast packets

defined, 41

Mydoom.pl script

website address, 179