O

skip navigation

honeypots for windows
Index
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

P

-p parameter

defined, 138

P0f tool

website address, 29

Packages dialog box

in Cygwin Setup dialog box, 143–144

packers

used by malware to hide infection, 358–359

packet analyzer

needed for operating a honeypot, 12

packet capturing

implementation of, 24

packet filters

commercial alternative products to building your own, 246

packet injectors

using to exactly duplicate hacker’s actions, 224

packet size

filtering network traffic by, 310

packet time distribution

analyzing, 310

packing

used by malware to hide infection, 358

parsers

needed by network analysis tools, 238

Pasco utility

for documenting and analyzing honeypot systems, 280

Passdump utility

function of, 283

passive fingerprinting

function of and tools for, 29

passive fingerprinting tool

POf website address, 43

passwords

importance of using complex for user accounts, 118

password-stealing trojan script

website address, 179

patch management tools

availability of, 101

patches. See Microsoft patches

pathping utility

fooled by Honeyd network emulation, 129

PatriotBox honeypot

creating custom port listeners in, 214

emulating services in, 212–214

interface and HTTP configuration dialog box, 213

logging and alerting with, 214

website address, 212

PC hardware

pros and cons of writing directly to, 344

PC Magazine’s InCtrl5 utility

function of, 283

PE Explorer disassembler

example disassembling Netlog1.exe, 356

function of, 355–356

website address, 355

PE files. See Portable Executables (PE files)

PE file segments, 349

PendMove utility

website address, 319

Performance Monitoring console. See Windows Performance Monitoring console

Perkeo program

for finding hidden pornography files, 317

Perl

using for Honeyd service scripts, 168

website address for information about, 168

permissions

checking for changes in files and folders, 314

Perms.exe utility

for checking permissions, 314

personalities.

See also Windows personalities

annotating, 156–157

associating a template with, 157

personality instructions

adding to Honeyd templates, 156–157

Photo Retriever tool

for recovering deleted multimedia files, 315

physical layer

in OSI model, 228

Pictuate program

for finding hidden pornography files, 317

Ping of Death attacks

use of ICMP by hackers for, 237

website address for information about, 237

POF utility

using to identify remote computers, 311

website address, 311

pop3.sh script

website address, 180

popping

information to the stack, 348

port analysis

in network traffic analysis, 310

port emulation

TCP/IP in Honeyd, 131–134

Port Explorer utility

looking for new network ports and services with, 319

website address, 276

port instructions

adding to Honeyd templates, 158–160

port listeners

creating custom in PatriotBox honeypot, 214

Foundstone’s Attacker, 190

using to create low-interaction honeypots, 14–15

port mirroring (port spanning), 23

using with a managed switch, 46–47

port scans

use of by hackers, 235–236

port spanning. See port mirroring (port spanning)

Portable Executables (PE files)

website address for tutorials on, 349

Windows 32-bit executables known as, 348–349

ports

common Windows applications and their, 86–87

common Windows listening TCP by platform, 85–86

common Windows listening UDP by platform, 84

ports and services

common ports by platform, 83–86

list of common for Windows, 66–68

PORTS variable

syntax for using in Snort, 258

Portscan preprocessor

in Snort, 259

preprocessors

in Snort, 259

presentation and application layers

in OSI model, 229

Process Explorer monitoring utility

function of, 280

investigating processes or services with, 319

ProDiscover software

website address, 308

production honeynet

example of, 38

production honeypots

complexity of, 39

defined, 8

function of, 37–39

setting up IP addressing for, 38–39

programming interfaces

choices available, 340

pornography

programs for finding hidden on exploited computers, 317

protocol analyzer utilities

downloading and installing Ethereal, 147–148

features of Ethereal, 240–250

Microsoft-specific display filters in latest version, 238

Protocol Type field

in IP packet, 233

Provos, Dr. Niels

Cisco telnet session script created by, 174–176

creator of Honeyd honeypot, 10

website address, 121

website address for MBlaster worm document, 181

proxy services

adding to Honeyd templates, 160

in Honeyd, 132

proxying

defined, 160

PSH (Push) flag

in TCP, 234

PsTools monitoring utilities

investigating processes or services with, 319

list and functions of, 280

public domain software

defined, 122

pushing

information to the stack, 348

Putty SSH program

website address, 284

Python

using for Honeyd service scripts, 169

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net