B

skip navigation

honeypots for windows
Index
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

C

-c command-line parameter

for putting Snort into network IDS mode, 256

Cache Reader tool

for tracking Internet Explorer hacker activity, 316

Cache View tool

for tracking hacker activity, 316

CacheInfo tool

ActiveX control for tracking hacker activity, 316

CacheX utility

for tracking Internet Explorer hacker activity, 316

CALs. See client access licenses (CALs)

Cambia Security Inc.

website address for CM utility, 276

Capture menu options

using in Ethereal protocol analyzer utility, 244–246

CARO naming convention. See Computer Antivirus Researcher’s Organization (CARO) naming convention

Center for Internet Security

website address, 40

Cheswick, Bill

“An Evening with Berferd” paper by, 20

CIFS protocol

updated version of SMB, 74

Cisco telnet session script

login prompt for, 173

Router-telnet.pl, 173–176

Cleaver, Jack

Jackson tarpit written by, 215

client access licenses (CALs)

required for Windows honeypots, 91

CM utility

for documenting and monitoring networks, 276

website address, 276

CMOS BIOS

importance of password protecting, 101

settings for disabling booting from removable media, 100

code disassembly

overview of, 337–339

steps for becoming a competent disassembler, 338

code listing

for adding a static route to a multihomed Windows computer, 138

for adding proxies to Honeyd templates, 160

for adding service scripts to Honeyd templates, 159

banner text received from various Exchange Server Services, 83

basic syntax for using Dd.exe, 306

of Code Red worm buffer overflow exploit, 24

for configuring preprocessors in Snort, 260

for creating Honeyd templates, 155

for defining the default port state in Honeyd templates, 158

example of full syntax Declare statement, 342

example of Nmap entry for Windows 2000 server with SP2, 125

example of rules from Snort’s Web-IIs.rules rule set, 262

examples of Dd commands, 307

of Honeyd.bat configuration file with multiple runtime configurations, 153

IIS virtual SMTP server banner text, 82

for listing all available storage devices and their GUIDs, 307

for loading Snort rule sets at runtime, 264

of Microsoft FTP Service login banner, 79

of ms-ftp.sh script mimicking a Microsoft FTP server, 183–187

for putting Snort into network IDS mode, 256

of sample Honeyd.bat file, 153

of a sample Honeyd configuration file, 162–165

of sample Snort configuration file, 265–267

for setting system variable for Honeyd templates, 160

showing Honeyd.log file entries, 134–135

showing sample Honeyd Exchange Server template, 161

for Snort command for fastest performance, 255

of source code for Cisco telnet session script, 174–176

of source code for Test.sh, 172–173

of source code for Test.sh modified for Windows, 173

source code for Web.sh script, 177–178

syntax for adding ports in Honeyd, 158–159

syntax for typical Snort rules, 260

Telnet Server Logon banner text, 80

for testing and troubleshooting Honeyd on the local host, 166

for testing nmapNT fingerprinting process, 27–28

for testing your Snort configuration file, 267

using Netcat to retrieve IIS HTTP headers, 81–82

using the SET command, 157

for Windows auto-run areas for honeypots, 98–99

Code Red worm

LaBrea tarpit developed in response to, 9

Cogswell, Bryce

monitoring utilities created by, 278–280

Cohen, Dr. Fred

website address, 21

Comcraft tap maker

website address, 44

ComLog utilities.

See also commercial ComLog utility;

open-source ComLog utility

disabling Windows File Protection to use, 281

website address, 23

command-line options

case-sensitivity of, 151

using in Honeyd, 151–152

command-line tools

using built-in in Ethereal utility, 249–250

commercial ComLog

function of vs. open-source ComLog, 281

Comp.exe

comparing two sets of files on command line with, 272

Computer Antivirus Researcher’s Organization (CARO) naming convention

failure of, 291

Computer Associates

website address, 294

Computer Forensics, Cybercrime and Steganograph Resources

website address, 335

Computer Management window

configuring services in, 108–109

computer platforms

assembly language instructions on, 345–349

computer roles

defined, 68–72

configuration settings

documenting for honeypots, 98

configuring

Honeyd templates, 154–165

Jackpot SMTP tarpit, 216–218

service accounts to protect honeypots, 115–117

services in Computer Management window, 108–109

services in LocalSystem account, 115–116

services in Windows Computer Management Services window, 108–109

Snort, 252–268

Connection Type dialog box

in Cygwin Setup dialog box, 143

console keystroke loggers. See monitoring programs

CookieView tool

for decoding internal cookie data, 316

Coordinated Universal Time (UTC), 128

CREATE command

using to create a Honeyd template, 155–156

/Create options

table of for EVENTTRIGGERS command, 298

Crucial ADS

for listing alternate data streams, 313

Ctrl-C

ending a Netcat session with, 14

exiting Snort with, 255

Cute FTP, 178

Cygwin

adding directories to the system PATH statement after installation, 144

installing, 142–145

website address for downloading, 142

Cygwin Setup dialog box

choosing the Installation Directory dialog box in, 143

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

Similar book on Amazon
Honeypots: Tracking Hackers
Honeypots: Tracking Hackers
Know Your Enemy: Learning about Security Threats (2nd Edition)
Know Your Enemy: Learning about Security Threats (2nd Edition)
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net