Numbers and Symbols

skip navigation

honeypots for windows
Index
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

A

A86/A386 assembler

website address, 353

AccessEnum utility

for listing permissions, 314

website address, 314

ACK (Acknowledgment) flag

in TCP, 234

acknowledgment number field

in TCP, 233

active fingerprinting

function of and tools for, 27–28

Active@ UNDELETE program

for recovering deleted files and formatted disks, 315

Active@ UNERASER program

for recovering deleted files and formatted disks, 315

ActiveState Perl engine

preferred by Perl programmers, 145

Activeworx, Inc.

free software offerings, 294

website address, 293

Activeworx Security Center (ASC)

as honeynet security console, 294

ADD command

for adding service scripts to Honeyd configuration files, 171–172

address resolution protocol

how it works, 43

administrator accounts

renaming to protect your honeypots, 117

ADSScan data stream checker

function of, 281–282

Advanced Attachments Processor tool

for extracting file attachments from e-mail databases for analysis, 315

Advanced Process Manipulation tool

for controlling target processes, 283

Afind program

for analyzing file system, 312

website address, 312

Akonix L7 Enterprise tool

for checking for IM services hacker activity, 317

alert messages

considerations for, 295–296

alert or message throttling

defined, 295

alert utilities

additional for honeypots and monitoring systems, 299

for honeypots, 296–299

alerting mechanism

flexible in IDSs, 226

importance of in honeypot systems, 295–299

needed for operating a honeypot, 12

using the NET SEND command in Windows, 296

Alkasis Corporation

website address for PatriotBox honeypot, 212

AllAPI

website address, 343

“An Evening with Berferd” paper (Bill Cheswick)

website address, 20

Analyze menu

in Ethereal protocol analyzer utility, 246–248

analyzing honeypots. See data analysis, for honeypots

annotate command

in Honeyd, 129

ANNOTATE keyword

example showing use of, 157

annotation

syntax for Windows personalities, 156–157

anonymous enumerations

disabling, 118

antispam relay server

Jackpot tarpit as, 9

API enforcement, 345

application and presentation layers

in OSI model, 229

application fingerprinting.

See also fingerprinting

function of, 29–30

application folders and files

restricting access to, 106–108

Application Programming Interfaces (APIs)

defined, 340

using third party, 343–344

ArcSight

website address, 294

Argus

website address, 309

Arkin, Ofir

PowerPoint presentation about ICMP fingerprinting by, 29

ARP flooding

using to overwhelm switches, 46

ARP poisoning

using to overwhelm switches, 46

ARP proxying, 128

assembler and disassembler programs

choosing, 349–357

assemblers

choosing, 349–353

other available, 352–353

Webster’s web site for information about, 353

assembly language

learning, 339–349

resources for learning, 346

using, 344

website address for resources, 340

assembly language instructions

on computer platforms, 345–349

AT&T Mexican honeynet

website address, 8

attack models

summary of, 32

used by hackers, 26–32

attack programs

automated, 30

Audit Account Logon Events

Windows auditing category, 286

Audit Account Management enabling

Windows auditing category, 286

Audit Directory Service Access

Windows auditing category, 286

Audit Logon Events

Windows auditing category, 286

Audit Object Access

Windows auditing category, 286

Audit Policy Change

Windows auditing category, 287

Audit Privilege Use

Windows auditing category, 287

Audit Process Tracking

Windows auditing category, 287

Audit System Events

Windows auditing category, 287

authentication protocols

securing, 118–119

automated attack programs

types of, 30

Autoruns monitoring utility

checking for changes to the Registry and autorun keys with, 319

function of, 279

AutoStart Viewer utility

function of, 283

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net