Summary

skip navigation

honeypots for windows
Chapter 3 - Windows Honeypot Modeling
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

So, what have you learned from this chapter? Most important, there are very common ports and services that should be advertised on any emulated Windows honeypot, like RPC (port 135) and NetBIOS (ports 137 through 139 and 445). If you don’t advertise them, the intruder might detect your honeypot as a decoy. On the other hand, you shouldn’t open ports that aren’t common on most Windows PCs. Doing so will only confuse the hacker. You also must be sure that your advertised ports and services match the Windows OS platform. Advertising IIS 6.0 on a Windows NT Server 4.0 machine is a mismatch.

We also took a look at some of the banner text messages that your honeypot will need to respond with in order to make the honeypot seem real. If you’re going to put up a server in a particular role, there are sets of ports that should be opened together to provide a realistic honeypot. Chapter 4 will discuss the details of installing a honeypot using a Microsoft Windows OS.

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net