What You Need to Know

skip navigation

honeypots for windows
Chapter 3 - Windows Honeypot Modeling
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

In order to mimic a production Windows host using a emulated honeypot, it is important to know the following:

  • The TCP and UDP ports to put in a listening state to mimic the desired production computer

  • The banner text that should be presented to inquiring hackers

  • Common Windows services and applications, and to which platforms they apply

While you might feel very comfortable with Windows and think you are familiar with the ports and services, do you really know all of them? A good hacker does. Here’s a quick quiz:

  • What port does Universal Plug and Play listen on: UDP or TCP? Which Windows platforms run Universal Plug and Play?

  • Does DNS use UDP or TCP?

  • Does IIS FTP use port 20, as well as port 21?

    image from book
    A QUICK REVIEW OF WINDOWS PORT-RELATED PROTOCOLS AND SERVICES

    You’re probably familiar with the abbreviations used for common protocols and services, but just in case there are some you don’t recognize, here is a list of the ones mentioned in this chapter:

    CIFS

    Common Internet File System

    DHCP

    Dynamic Host Configuration Protocol

    DNS

    Domain Name System

    FTP

    File Transfer Protocol

    HTTP

    Hypertext Transfer Protocol

    HTTPS

    Hypertext Transfer Protocol over SSL

    IAS

    Internet Authentication Service

    IBS

    Installation Bootstrap Service

    IIS

    Internet Information Server (or Services)

    IMAP

    Internet Message Access Protocol

    IPP

    Internet Printing Protocol

    IPSec

    IP Security Protocol

    ISAKMP

    Internet Security Association and Key Management Protocol

    L2TP

    Layer 2 Tunneling Protocol

    LDAP

    Lightweight Directory Access Protocol

    NetBIOS

    Network Basic Input Output System

    NNTP

    Network News Transfer Protocol

    NTP

    Network Time Protocol

    POP3

    Post Office Protocol version 3

    PPTP

    Point-to-Point Tunneling Protocol

    RDP

    Remote Desktop Protocol

    RIS

    Remote Installation Services

    RPC

    Remote Procedure Call

    SMB

    Server Message Block

    SMTP

    Simple Mail Transfer Protocol

    SSL

    Secure Sockets Layer

    TCP/IP

    Transmission Control Protocol/Internet Protocol

    TFTP

    Trivial FTP

    TLS

    Transport Layer Security

    UDP

    User Datagram Protocol

    WINS

    Windows Internet Naming Service

    image from book

  • What are the differences between NetBIOS ports 137, 138, and 139?

  • Which versions of Windows run which NetBIOS ports?

  • What services and applications are represented by Microsoft Windows Server 2003 Simple TCP Services?

  • Is the banner text returned with IIS’s virtual SMTP server different from what is returned with Exchange’s Internet Mail Service mail connector?

  • On what port does RPC over HTTP run?

  • On what port does MSN Messenger run?

If you don’t know the answers to all of these questions, keep reading. Near the end of this chapter, Tables 3-13 and 3-14 will list the common ports and services for all the Windows platforms from Windows 95 and later. Table 3-15 lists the ports for some common Windows applications. You can use these tables as a guide when constructing your emulated Windows honeypot to mimic a particular platform.

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net