| ||||||||||||
| |||||
RDP protocol
used by Windows Terminal Server and related services, 78
real honeypots
choosing over virtual, 39–40
Realtime-Spy
spying program, 317
receive-only Ethernet cable
methods for constructing, 44–45
wiring schematic for, 45
redirectors
redirecting malicious activity with, 9–10
RegisterEventSource function
for writing to the Windows Application log, 341
registers
in Intel processors, 346
Registry
checking for changes to autorun keys and, 319
Registry key
enabling before creating a Windows STOP error, 305–306
RegistryProt utility
for real-time monitoring of Registry activity, 283
Regmon monitoring utility
function of, 279
relevancy
defined, 10
Remote Administrator
website address, 333
remote computers
utilities for identifying, 311
Remote Desktop
in Windows XP, 78
Remote Desktop for Administration
in Windows Server 2003, 78
Remote Desktop Protocol (RDP)
remotely managing Windows 2000 and above computers with, 284
remote-access trojans (RATs)
dropped by Bugbear worm, 77–78
installed on the WhiteDoe honeypot, 333
use of in blended attacks, 31–32
removable media
disabling booting from in CMOS BIOS, 100
repeater. See hub network device
research honeypots
complexity of, 39
defined, 8
function of, 39
research resources
needed for operating a honeypot, 12
Rifiuti tool
for examining content of the Info2 file in the Recycle Bin, 280
Robinton, Michael
LaBrea tarpit developed by, 190
Roesch, Martin
Snort network packet analysis tool written by, 250
rooted tree network topology model
Windows version of Honeyd limited to, 128–129
rootkits
use of in blended attacks, 31
routers
capabilities of, 48–49
example of simple segment IP address scheme, 53
as layer 3 network devices, 47
Router-telnet.pl script
example of in action, 174
routing tables
displaying local, 49
function of, 49–50
RPC patch
for Blaster worm, 73
RPC services
understanding, 72–73
RST (Reset) flag
in TCP, 234
Rstack team
Honeyd used by to catch MBlaster worm, 180–181
Rugrat virus
website address, 93
rule sets
list of Snort default, 263
RULE_PATH variable
checking for forward slashes in the default Snort.conf file, 259
Russinovich, Mark
monitoring utilities created by, 278–280
| |||||