| ||||||||||||
| |||||
NAT. See Network Address Translation (NAT)
NAT routing
example of, 48
National Security Agency
website address, 40
nbtscan enumeration tool
website address, 77
NET SEND command
for sending short console messages in Windows, 296
Net Send Command Line utility
website address, 299
NET SEND console alert message
example of, 298
NetBEUI protocol, 75
NetBIOS Auditing Tool
website address, 77
NetBIOS Datagram Service
port for sending data, 76
NetBIOS enumeration tools
website address, 77
NetBIOS Extended User Interface (NetBEUI), 75
“NetBIOS: Friend or Foe?”
website address, 77
NetBIOS names
command for listing local, 75
understanding, 74–75
NetBIOS operations, 75–77
NetBIOS over TCP/IP (NetBT or NBT), 75
NetBIOS ports
list of, 76–77
NetBIOS services
importance of Windows honeypot running or emulating, 73–78
list of common suffixes, 74
list of resources, 77
NetBIOS Session Service
port for sending data, 76
NetBIOS sim banner server
for KFSensor honeypot, 205
NetBIOS/CIFS attacks, 77–78
Netcat tunnel
function of, 281
Netcat utility
command for logging probes to port 21, 14
creating a simple port listener with, 14
website address, 14, 81
netForensics
website address, 294
Netmon (Network Monitor) utility
for collecting network traffic baseline data, 275
Netscape
development of JavaScript by, 170
Netsky worm
website address, 265
Netstat.exe
listing all active listening ports with, 276
looking for new network ports and services with, 319
Network Address Translation (NAT)
function of, 47–48
network analysis
and the OSI model, 229
network device hardware
needed for operating a honeypot, 11
network emulation
and IP addressing in Honeyd, 128–129
Network General Sniffer
packet-capturing program, 43
network layer
in OSI model, 228
Network Neighborhood
NetBIOS services as the heart of, 73–77
network packet protocol analyzers. See sniffers
network packets
performing string analysis on, 311
network protocol analyzers.
See also sniffers
network traffic capturing basics, 239–240
network protocol basics, 227–239
network protocol capturing
basics of, 239–240
Network Security
SPECTER honeypot by, 192
Network Service account, 116
network shares
removing or securing, 104–105
Network Sniffer’s Netasyst Network Analyzer
website address, 246
network system devices. See honeypot network system devices
network traffic
analysis of, 223–268
capturing basics, 239–240
filtering, 105–106
network traffic analysis
analyzing malicious code, 317–318
analyzing packet time distribution, 310
analyzing the file system, 311–317
analyzing the operating system, 318–319
confirming file types, 314
determining number of collected packets, 309
discerning patterns in, 310–311
doing detailed code analysis, 318
drawing conclusions from, 324
filtering by packet size, 310
for honeypot systems, 309–311
identifying the IP addresses and top talkers, 309–310
learning which ports were involved, 310
tracking Internet Explorer hacker activity, 316
network traffic baselines
utilities for collecting data, 275–276
NISER Computer Forensics Laboratory
website address, 335
Nmap active fingerprinting tool
for fingerprinting OSs, 124–125
website address, 27
Nmap documentation
website address, 156
nmapNT active fingerprinting tool
website address, 27
nmapNT fingerprinting process
code example for testing, 27–28
Nmap.prints file
in Honeyd, 125–126
website address for updated, 151
NMapWin
website address, 27
Norton Ghost. See Symantec’s Norton Ghost
Norton System Utilities
for recovering deleted files and formatted disks, 315
Nslookup.exe program
resolving an IP address to a domain name with, 311
NT Objective’s ntoinsight’s
website address, 316
NTFS permissions
restricting access to the application folder and files with, 106–107
NTLast utility
keeping track of logon information with, 321
Windows security log analyzer, 281
NTLM authentication
using to review log files for logon/logoff activity, 319
NTLMv2 protocol
securing authentication protocols with, 118–119
| |||||