M

skip navigation

honeypots for windows
Index
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

N

NAT. See Network Address Translation (NAT)

NAT routing

example of, 48

National Security Agency

website address, 40

nbtscan enumeration tool

website address, 77

NET SEND command

for sending short console messages in Windows, 296

Net Send Command Line utility

website address, 299

NET SEND console alert message

example of, 298

NetBEUI protocol, 75

NetBIOS Auditing Tool

website address, 77

NetBIOS Datagram Service

port for sending data, 76

NetBIOS enumeration tools

website address, 77

NetBIOS Extended User Interface (NetBEUI), 75

“NetBIOS: Friend or Foe?”

website address, 77

NetBIOS names

command for listing local, 75

understanding, 74–75

NetBIOS operations, 75–77

NetBIOS over TCP/IP (NetBT or NBT), 75

NetBIOS ports

list of, 76–77

NetBIOS services

importance of Windows honeypot running or emulating, 73–78

list of common suffixes, 74

list of resources, 77

NetBIOS Session Service

port for sending data, 76

NetBIOS sim banner server

for KFSensor honeypot, 205

NetBIOS/CIFS attacks, 77–78

Netcat tunnel

function of, 281

Netcat utility

command for logging probes to port 21, 14

creating a simple port listener with, 14

website address, 14, 81

netForensics

website address, 294

Netmon (Network Monitor) utility

for collecting network traffic baseline data, 275

Netscape

development of JavaScript by, 170

Netsky worm

website address, 265

Netstat.exe

listing all active listening ports with, 276

looking for new network ports and services with, 319

Network Address Translation (NAT)

function of, 47–48

network analysis

and the OSI model, 229

network device hardware

needed for operating a honeypot, 11

network emulation

and IP addressing in Honeyd, 128–129

Network General Sniffer

packet-capturing program, 43

network layer

in OSI model, 228

Network Neighborhood

NetBIOS services as the heart of, 73–77

network packet protocol analyzers. See sniffers

network packets

performing string analysis on, 311

network protocol analyzers.

See also sniffers

network traffic capturing basics, 239–240

network protocol basics, 227–239

network protocol capturing

basics of, 239–240

Network Security

SPECTER honeypot by, 192

Network Service account, 116

network shares

removing or securing, 104–105

Network Sniffer’s Netasyst Network Analyzer

website address, 246

network system devices. See honeypot network system devices

network traffic

analysis of, 223–268

capturing basics, 239–240

filtering, 105–106

network traffic analysis

analyzing malicious code, 317–318

analyzing packet time distribution, 310

analyzing the file system, 311–317

analyzing the operating system, 318–319

confirming file types, 314

determining number of collected packets, 309

discerning patterns in, 310–311

doing detailed code analysis, 318

drawing conclusions from, 324

filtering by packet size, 310

for honeypot systems, 309–311

identifying the IP addresses and top talkers, 309–310

learning which ports were involved, 310

tracking Internet Explorer hacker activity, 316

network traffic baselines

utilities for collecting data, 275–276

NISER Computer Forensics Laboratory

website address, 335

Nmap active fingerprinting tool

for fingerprinting OSs, 124–125

website address, 27

Nmap documentation

website address, 156

nmapNT active fingerprinting tool

website address, 27

nmapNT fingerprinting process

code example for testing, 27–28

Nmap.prints file

in Honeyd, 125–126

website address for updated, 151

NMapWin

website address, 27

Norton Ghost. See Symantec’s Norton Ghost

Norton System Utilities

for recovering deleted files and formatted disks, 315

Nslookup.exe program

resolving an IP address to a domain name with, 311

NT Objective’s ntoinsight’s

website address, 316

NTFS permissions

restricting access to the application folder and files with, 106–107

NTLast utility

keeping track of logon information with, 321

Windows security log analyzer, 281

NTLM authentication

using to review log files for logon/logoff activity, 319

NTLMv2 protocol

securing authentication protocols with, 118–119

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net