![]() | ![]() |
| ||||||||||
![]() |
![]() |
![]() | |||||
| |||||
![]() |
TamoSoft SmartWhois query tool
website address, 311
taps
using in hubs and bridge scenarios, 46
tarball unzippers
for the Windows platform, 178
tarpits (blackholes)
as sticky honeypots, 9
TCP Conversation screen
in Ethereal protocol analyzer utility, 246
TCP flags
list of, 234
used in a TCP connection session, 126–127
TCP packets
timestamp for, 127–128
TCP packet structure
example of, 233
TCP ports
common Windows listening by platform, 85–86
TCP Stream feature
in Ethereal protocol analyzer utility, 247–248
TCP window size
function of, 126
tcpdump utility
using with Ethereal protocol analyzer utility, 249
website address for downloading, 249
TCP/IP configuration
documenting for your honeypot system, 270
TCP/IP packet types
list of, 125–126
TCP/IP pathway
basic function of, 230–232
TCP/IP port emulation
in Honeyd, 131–134
TCP/IP ports
website address for comprehensive listing of, 65
TCP/IP protocol
flow example, 231
reliability of vs. UDP, 234
three-way handshake process, 234–236
use of vs. UDP, 236–237
TCP/IP protocol suite
basics of, 230–237
TCP/IP stack
mimicking in Honeyd, 124–126
recommended registry entries to harden, 104
TCPView utility
for listing listening network ports, 276
Telnet Server (Tkbtsvr.exe)
availability of, 80
Telnet Server Logon banner text
code example, 80
Telnet_negotiation preprocessor
in Snort, 259
templates
in Honeyd, 154
TCP/IP port setting recommendations, 133–134
Terminal Server
included starting with Windows Server 2000, 93
Terminal Server sim standard server
in KFSensor honeypot, 207
Terminal Services, Application Mode
in Server 2003, 78
Test2pcap.exe
for converting an ASCII hexidecimal dump to a tcpdump-style log, 250
Test.sh
source code for, 172–173
Tethereal.exe
command-line version of Ethereal utility, 250
text editors
website addresses for, 357
TextPad text editor
website address, 357
The Cuckoo’s Egg (Clifford Stoll)
about honeypots, 20
The Disk Investigator program
disk viewer, 314
The Shellcoder’s Handbook: Discovering and Exploiting Security Holes
book exploring different ways to secure your system, 359
Thing Trojan
MASM disassembly of showing called Windows APIs, 351
sampling of MASM disassembly of, 352
website address, 350
third-party APIs
using, 343–344
threats
ensuring early detection of with honeytokens, 7
time synchronization
importance of for security logging of honeypots, 285
timestamp
for TCP packets, 127–128
tools
for finding hosts without IP addresses, 43
for making copies of a honeypot hard drive, 306–308
top talkers
identifying in network traffic analysis, 309–310
Tower of Babel problem
of establishing common names for viruses, 292
traceroute utility
fooled by Honeyd network emulation, 129
Tracking Hacker’s web site
website address, 219
Transmission Control Protocol (TCP)
packet structure, 233
transport layer
in OSI model, 229
traps and services
in SPECTER honeypot, 192–193
Tribble
hardware-based solution for capturing and storing RAM data, 306
trigger events
command for displaying, 298
Tripwire program
website address, 23, 272
troubleshooting
your Honeyd configuration files, 165–166
TUCOFS-The Ultimate Collection of Forensic Software
website address, 335
TYPE
memory variable useful in scripts, 171
![]() | |||||
| |||||
![]() |