P

skip navigation

honeypots for windows
Index
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

R

RDP protocol

used by Windows Terminal Server and related services, 78

real honeypots

choosing over virtual, 39–40

Realtime-Spy

spying program, 317

receive-only Ethernet cable

methods for constructing, 44–45

wiring schematic for, 45

redirectors

redirecting malicious activity with, 9–10

RegisterEventSource function

for writing to the Windows Application log, 341

registers

in Intel processors, 346

Registry

checking for changes to autorun keys and, 319

Registry key

enabling before creating a Windows STOP error, 305–306

RegistryProt utility

for real-time monitoring of Registry activity, 283

Regmon monitoring utility

function of, 279

relevancy

defined, 10

Remote Administrator

website address, 333

remote computers

utilities for identifying, 311

Remote Desktop

in Windows XP, 78

Remote Desktop for Administration

in Windows Server 2003, 78

Remote Desktop Protocol (RDP)

remotely managing Windows 2000 and above computers with, 284

remote-access trojans (RATs)

dropped by Bugbear worm, 77–78

installed on the WhiteDoe honeypot, 333

use of in blended attacks, 31–32

removable media

disabling booting from in CMOS BIOS, 100

repeater. See hub network device

research honeypots

complexity of, 39

defined, 8

function of, 39

research resources

needed for operating a honeypot, 12

Rifiuti tool

for examining content of the Info2 file in the Recycle Bin, 280

Robinton, Michael

LaBrea tarpit developed by, 190

Roesch, Martin

Snort network packet analysis tool written by, 250

rooted tree network topology model

Windows version of Honeyd limited to, 128–129

rootkits

use of in blended attacks, 31

routers

capabilities of, 48–49

example of simple segment IP address scheme, 53

as layer 3 network devices, 47

Router-telnet.pl script

example of in action, 174

routing tables

displaying local, 49

function of, 49–50

RPC patch

for Blaster worm, 73

RPC services

understanding, 72–73

RST (Reset) flag

in TCP, 234

Rstack team

Honeyd used by to catch MBlaster worm, 180–181

Rugrat virus

website address, 93

rule sets

list of Snort default, 263

RULE_PATH variable

checking for forward slashes in the default Snort.conf file, 259

Russinovich, Mark

monitoring utilities created by, 278–280

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net