List of Figures

skip navigation

honeypots for windows
List of Tables
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

Chapter 1: An Introduction to Honeypots

Table 1-1: Summary of Honeypot Types

Chapter 2: A Honeypot Deployment Plan

Table 2-1: Honeypot Placement Location Comparison

Chapter 3: Windows Honeypot Modeling

Table 3-1: Common Microsoft Windows Ports and Services
Table 3-2: Generic Windows Server Ports
Table 3-3: Common IIS Server Ports
Table 3-4: Common Windows 2000 Domain Controller Ports
Table 3-5: Common Windows Workstation Ports
Table 3-6: Common SQL Server Ports
Table 3-7: Common Ports on a Simple Exchange Server
Table 3-8: Common Ports on a Complex Exchange Server
Table 3-9: Common NetBIOS Suffixes
Table 3-10: NetBIOS Ports
Table 3-11: IIS Versions and Related Operating Systems
Table 3-12: Default IIS Folders and Subfolders
Table 3-13: Common Windows Listening UDP Ports by Platform
Table 3-14: Common Windows Listening TCP Ports by Platform
Table 3-15: Common Windows Applications and Their Port Numbers

Chapter 4: Windows Honeypot Deployment

Table 4-1: Windows OS Minimum and Recommended Hardware Requirements
Table 4-2: Recommended Hardware Requirements for a Honeypot
Table 4-3: Recommended Registry Entries to Harden the TCP/IP Stack
Table 4-4: Recommended Windows Services Startup Type Settings

Chapter 5: Honeyd Installation

Table 5-1: TCP/IP Packet Types
Table 5-2: TCP Flags
Table 5-3: Honeyd Simple Port Behaviors
Table 5-4: Recommended Honeyd Directories

Chapter 6: Honeyd Configuration

Table 6-1: Honeyd Runtime Options

Chapter 7: Honeyd Service Scripts

Table 7-1: Default Scripts in the Windows Version of Honeyd
Table 7-2: Service Scripts Available at Honeyd.org

Chapter 8: Other Windows-Based Honeypots

Table 8-1: SPECTER Traps and Services
Table 8-2: KFSensor Sim Banner Server Banner Parameters
Table 8-3: KFSensor Event Column Fields

Chapter 9: Network Traffic Analysis

Table 9-1: Default Snort Variables
Table 9-2: Some Snort Preprocessors
Table 9-3: Snort Rule Syntax Fields

Chapter 10: Honeypot Monitoring

Table 10-1: Microsoft Tools for Gathering Baseline Information
Table 10-2: Sysinternal PsTools Utilities
Table 10-3: EVENTTRIGGERS /Create Options

Chapter 11: Honeypot Data Analysis

Table 11-1: Logon Event Properties
Table 11-2: Event Description Information
Table 11-3: Interesting Event IDs

Chapter 12: Malware Code Analysis

Table 12-1: 8086 Register Types and Common Functions
Table 12-2: Common 80x86 Instructions
Table 12-3: PE File Segments

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net