What You Need to Know
 | |
| ||||||||||
| ||||||||||||
 |
| |||||
| |||||
| |||||
In order to mimic a production Windows host using a emulated honeypot, it is important to know the following:
-
The TCP and UDP ports to put in a listening state to mimic the desired production computer
-
The banner text that should be presented to inquiring hackers
-
Common Windows services and applications, and to which platforms they apply
While you might feel very comfortable with Windows and think you are familiar with the ports and services, do you really know all of them? A good hacker does. Here’s a quick quiz:
-
What port does Universal Plug and Play listen on: UDP or TCP? Which Windows platforms run Universal Plug and Play?
-
Does DNS use UDP or TCP?
-
Does IIS FTP use port 20, as well as port 21?
A QUICK REVIEW OF WINDOWS PORT-RELATED PROTOCOLS AND SERVICES You’re probably familiar with the abbreviations used for common protocols and services, but just in case there are some you don’t recognize, here is a list of the ones mentioned in this chapter:
CIFS
Common Internet File System
DHCP
Dynamic Host Configuration Protocol
DNS
Domain Name System
FTP
File Transfer Protocol
HTTP
Hypertext Transfer Protocol
HTTPS
Hypertext Transfer Protocol over SSL
IAS
Internet Authentication Service
IBS
Installation Bootstrap Service
IIS
Internet Information Server (or Services)
IMAP
Internet Message Access Protocol
IPP
Internet Printing Protocol
IPSec
IP Security Protocol
ISAKMP
Internet Security Association and Key Management Protocol
L2TP
Layer 2 Tunneling Protocol
LDAP
Lightweight Directory Access Protocol
NetBIOS
Network Basic Input Output System
NNTP
Network News Transfer Protocol
NTP
Network Time Protocol
POP3
Post Office Protocol version 3
PPTP
Point-to-Point Tunneling Protocol
RDP
Remote Desktop Protocol
RIS
Remote Installation Services
RPC
Remote Procedure Call
SMB
Server Message Block
SMTP
Simple Mail Transfer Protocol
SSL
Secure Sockets Layer
TCP/IP
Transmission Control Protocol/Internet Protocol
TFTP
Trivial FTP
TLS
Transport Layer Security
UDP
User Datagram Protocol
WINS
Windows Internet Naming Service
-
What are the differences between NetBIOS ports 137, 138, and 139?
-
Which versions of Windows run which NetBIOS ports?
-
What services and applications are represented by Microsoft Windows Server 2003 Simple TCP Services?
-
Is the banner text returned with IIS’s virtual SMTP server different from what is returned with Exchange’s Internet Mail Service mail connector?
-
On what port does RPC over HTTP run?
-
On what port does MSN Messenger run?
If you don’t know the answers to all of these questions, keep reading. Near the end of this chapter, Tables 3-13 and 3-14 will list the common ports and services for all the Windows platforms from Windows 95 and later. Table 3-15 lists the ports for some common Windows applications. You can use these tables as a guide when constructing your emulated Windows honeypot to mimic a particular platform.
| |||||
| |||||
| |||||
EAN: 2147483647
Pages: 119