ROGER A. GRIMES
© 2005 by Roger A. Grimes
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.ISBN (pbk): 1590593359
Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.
Lead Editor: Jim Sumser
Technical Reviewers: Alexzander Nepomnjashiy, Jacco Tunnissen
Editorial Board: Steve Anglin, Dan Appleman, Ewan Buckingham, Gary Cornell, Tony Davis, Jason Gilmore, Chris Mills, Dominic Shakeshaft, Jim Sumser
Assistant Publisher: Grace Wong
Project Manager: Sofia Marchant
Copy Manager: Nicole LeClerc
Copy Editor: Marilyn Smith
Production Manager: Kari Brooks-Copony
Production Editor: Kelly Winquist
Compositors: Kinetic Publishing Services, LLC; Dina Quan
Proofreader: Katie Stence
Indexer: Carol Burbo
Artist: Kinetic Publishing Services, LLC; Dina Quan
Cover Designer: Kurt Krames
Manufacturing Manager: Tom Debolski
Distributed to the book trade in the United States by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013, and outside the United States by Springer-Verlag GmbH & Co. KG, Tiergartenstr. 17, 69112 Heidelberg, Germany.
In the United States: phone 1-800-SPRINGER, fax 201-348-4505, e-mail firstname.lastname@example.org, or visit http://www.springer-ny.com. Outside the United States: fax +49 6221 345229, e-mail email@example.com, or visit http://www.springer.de.
For information on translations, please contact Apress directly at 2560 Ninth Street, Suite 219, Berkeley, CA 94710. Phone 510-549-5930, fax 510-549-5939, e-mail firstname.lastname@example.org, or visit http://www.apress.com.
The information in this book is distributed on an “as is” basis, without warranty. Although every precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work.
The source code for this book is available to readers at http://www.apress.com in the Downloads section. You will need to answer questions pertaining to this book in order to successfully download the code.
To those who fight the good fight with constant vigilance.
About the Author
ROGER A. GRIMES is a 17-year computer security industry veteran, full-time teacher, author, and consultant. He is the author of 4 books and more than 150 magazine articles on computer security, specializing in Microsoft Windows security and malware defenses. He is a contributing editor for Windows IT Pro and InfoWorld magazines. His certifications include CPA, CISSP, CEH, CHFI, TICSA, MCT, MCSE: Security (NT/2000/2003/MVP), Security+, A+, and others. Roger is a frequent presenter at national conferences, including MCP TechMentor, Windows Connections, and SANS, where he is always among the highest rated presenters. Roger has created several courses on advanced Windows security for Microsoft, Windows IT Pro magazine, and SANS. His clients have included every branch of the armed forces, Microsoft, VeriSign, Fortune 500 companies, cities, and large public school systems and universities.
About the Technical Reviewers
ALEXZANDER NEPOMNJASHIY is a Microsoft SQL Server database designer for NeoSystems NorthWest, a security services, consulting, and training company. He has more than 11 years of experience in the IT field. His work involves extending and improving clients’ corporate ERP systems to manage retail sales data, predict market changes, and calculate trends for future market situations.
JACCO TUNNISSEN has been working in the ISP and security fields since the mid-1990s, mainly focusing on FreeBSD and OpenBSD implementations. Currently, he is “educating the masses” using his web sites, where you can find out all about intrusion detection, honeypots (http://www.honeypots.net), incident handling, wireless security, computer forensics, DNS, and BGP routing. In his spare time, he enjoys good food and biking in Rotterdam. Jacco likes working as a technical reviewer for several authors.
I wish to thank Apress and my editor Jim Sumser, Sofia Marchant, Marilyn Smith, and StudioB’s Neil J. Salkind for seeing the vision for a book like this and putting up with my moving deadlines.
I also want to thank Lance Spitzner, Michael Davis, and Niels Provos, for evangelizing honeypot technology, and answering my many questions. Thanks to Alexzander Nepomnjashiy and Jacco Tunnissen for the excellent technical editing.
Much of this book could not have been written without the previous contributions of The Honeynet Project (http://project.honeynet.org), Honeypot: Tracking Hackers (http://www.tracking-hackers.com), SANS (http://www.sans.org), and the Honeypot mailing list (http://www.securityfocus.com).
On a personal note, I would especially like to thank my wife, Tricia, who took care of my every need while I was writing and neglecting her. I could not ask for a better friend and partner.