Numbers and Symbols | Honeypots for Windows (Books for Professionals by Professionals)

Index
Honeypots for Windows
by Roger A. Grimes
Apress 2005

A

A86/A386 assembler

website address, 353

AccessEnum utility

for listing permissions, 314

website address, 314

ACK (Acknowledgment) flag

in TCP, 234

acknowledgment number field

in TCP, 233

active fingerprinting

function of and tools for, 27–28

Active@ UNDELETE program

for recovering deleted files and formatted disks, 315

Active@ UNERASER program

for recovering deleted files and formatted disks, 315

ActiveState Perl engine

preferred by Perl programmers, 145

Activeworx, Inc.

free software offerings, 294

website address, 293

Activeworx Security Center (ASC)

as honeynet security console, 294

ADD command

for adding service scripts to Honeyd configuration files, 171–172

address resolution protocol

how it works, 43

administrator accounts

renaming to protect your honeypots, 117

ADSScan data stream checker

function of, 281–282

Advanced Attachments Processor tool

for extracting file attachments from e-mail databases for analysis, 315

Advanced Process Manipulation tool

for controlling target processes, 283

Afind program

for analyzing file system, 312

website address, 312

Akonix L7 Enterprise tool

for checking for IM services hacker activity, 317

alert messages

considerations for, 295–296

alert or message throttling

defined, 295

alert utilities

additional for honeypots and monitoring systems, 299

for honeypots, 296–299

alerting mechanism

flexible in IDSs, 226

importance of in honeypot systems, 295–299

needed for operating a honeypot, 12

using the NET SEND command in Windows, 296

Alkasis Corporation

website address for PatriotBox honeypot, 212

AllAPI

website address, 343

“An Evening with Berferd” paper (Bill Cheswick)

website address, 20

Analyze menu

in Ethereal protocol analyzer utility, 246–248

analyzing honeypots. See data analysis, for honeypots

annotate command

in Honeyd, 129

ANNOTATE keyword

example showing use of, 157

annotation

syntax for Windows personalities, 156–157

anonymous enumerations

disabling, 118

antispam relay server

Jackpot tarpit as, 9

API enforcement, 345

application and presentation layers

in OSI model, 229

application fingerprinting.

See also fingerprinting

function of, 29–30

application folders and files

restricting access to, 106–108

Application Programming Interfaces (APIs)

defined, 340

using third party, 343–344

ArcSight

website address, 294

Argus

website address, 309

Arkin, Ofir

PowerPoint presentation about ICMP fingerprinting by, 29

ARP flooding

using to overwhelm switches, 46

ARP poisoning

using to overwhelm switches, 46

ARP proxying, 128

assembler and disassembler programs

choosing, 349–357

assemblers

choosing, 349–353

other available, 352–353

Webster’s web site for information about, 353

assembly language

learning, 339–349

resources for learning, 346

using, 344

website address for resources, 340

assembly language instructions

on computer platforms, 345–349

AT&T Mexican honeynet

website address, 8

attack models

summary of, 32

used by hackers, 26–32

attack programs

automated, 30

Audit Account Logon Events