| ||||||||||||
| |||||
A86/A386 assembler
website address, 353
AccessEnum utility
for listing permissions, 314
website address, 314
ACK (Acknowledgment) flag
in TCP, 234
acknowledgment number field
in TCP, 233
active fingerprinting
function of and tools for, 27–28
Active@ UNDELETE program
for recovering deleted files and formatted disks, 315
Active@ UNERASER program
for recovering deleted files and formatted disks, 315
ActiveState Perl engine
preferred by Perl programmers, 145
Activeworx, Inc.
free software offerings, 294
website address, 293
Activeworx Security Center (ASC)
as honeynet security console, 294
ADD command
for adding service scripts to Honeyd configuration files, 171–172
address resolution protocol
how it works, 43
administrator accounts
renaming to protect your honeypots, 117
ADSScan data stream checker
function of, 281–282
Advanced Attachments Processor tool
for extracting file attachments from e-mail databases for analysis, 315
Advanced Process Manipulation tool
for controlling target processes, 283
Afind program
for analyzing file system, 312
website address, 312
Akonix L7 Enterprise tool
for checking for IM services hacker activity, 317
alert messages
considerations for, 295–296
alert or message throttling
defined, 295
alert utilities
additional for honeypots and monitoring systems, 299
for honeypots, 296–299
alerting mechanism
flexible in IDSs, 226
importance of in honeypot systems, 295–299
needed for operating a honeypot, 12
using the NET SEND command in Windows, 296
Alkasis Corporation
website address for PatriotBox honeypot, 212
AllAPI
website address, 343
“An Evening with Berferd” paper (Bill Cheswick)
website address, 20
Analyze menu
in Ethereal protocol analyzer utility, 246–248
analyzing honeypots. See data analysis, for honeypots
annotate command
in Honeyd, 129
ANNOTATE keyword
example showing use of, 157
annotation
syntax for Windows personalities, 156–157
anonymous enumerations
disabling, 118
antispam relay server
Jackpot tarpit as, 9
API enforcement, 345
application and presentation layers
in OSI model, 229
application fingerprinting.
See also fingerprinting
function of, 29–30
application folders and files
restricting access to, 106–108
Application Programming Interfaces (APIs)
defined, 340
using third party, 343–344
ArcSight
website address, 294
Argus
website address, 309
Arkin, Ofir
PowerPoint presentation about ICMP fingerprinting by, 29
ARP flooding
using to overwhelm switches, 46
ARP poisoning
using to overwhelm switches, 46
ARP proxying, 128
assembler and disassembler programs
choosing, 349–357
assemblers
choosing, 349–353
other available, 352–353
Webster’s web site for information about, 353
assembly language
learning, 339–349
resources for learning, 346
using, 344
website address for resources, 340
assembly language instructions
on computer platforms, 345–349
AT&T Mexican honeynet
website address, 8
attack models
summary of, 32
used by hackers, 26–32
attack programs
automated, 30
Audit Account Logon Events
Windows auditing category, 286
Audit Account Management enabling
Windows auditing category, 286
Audit Directory Service Access
Windows auditing category, 286
Audit Logon Events
Windows auditing category, 286
Audit Object Access
Windows auditing category, 286
Audit Policy Change
Windows auditing category, 287
Audit Privilege Use
Windows auditing category, 287
Audit Process Tracking
Windows auditing category, 287
Audit System Events
Windows auditing category, 287
authentication protocols
securing, 118–119
automated attack programs
types of, 30
Autoruns monitoring utility
checking for changes to the Registry and autorun keys with, 319
function of, 279
AutoStart Viewer utility
function of, 283
| |||||