B
 | |
| ||||||||||
| ||||||||||||
 |
| |||||
| |||||
| |||||
C
-c command-line parameter
for putting Snort into network IDS mode, 256
Cache Reader tool
for tracking Internet Explorer hacker activity, 316
Cache View tool
for tracking hacker activity, 316
CacheInfo tool
ActiveX control for tracking hacker activity, 316
CacheX utility
for tracking Internet Explorer hacker activity, 316
CALs. See client access licenses (CALs)
Cambia Security Inc.
website address for CM utility, 276
Capture menu options
using in Ethereal protocol analyzer utility, 244–246
CARO naming convention. See Computer Antivirus Researcher’s Organization (CARO) naming convention
Center for Internet Security
website address, 40
Cheswick, Bill
“An Evening with Berferd” paper by, 20
CIFS protocol
updated version of SMB, 74
Cisco telnet session script
login prompt for, 173
Router-telnet.pl, 173–176
Cleaver, Jack
Jackson tarpit written by, 215
client access licenses (CALs)
required for Windows honeypots, 91
CM utility
for documenting and monitoring networks, 276
website address, 276
CMOS BIOS
importance of password protecting, 101
settings for disabling booting from removable media, 100
code disassembly
overview of, 337–339
steps for becoming a competent disassembler, 338
code listing
for adding a static route to a multihomed Windows computer, 138
for adding proxies to Honeyd templates, 160
for adding service scripts to Honeyd templates, 159
banner text received from various Exchange Server Services, 83
basic syntax for using Dd.exe, 306
of Code Red worm buffer overflow exploit, 24
for configuring preprocessors in Snort, 260
for creating Honeyd templates, 155
for defining the default port state in Honeyd templates, 158
example of full syntax Declare statement, 342
example of Nmap entry for Windows 2000 server with SP2, 125
example of rules from Snort’s Web-IIs.rules rule set, 262
examples of Dd commands, 307
of Honeyd.bat configuration file with multiple runtime configurations, 153
IIS virtual SMTP server banner text, 82
for listing all available storage devices and their GUIDs, 307
for loading Snort rule sets at runtime, 264
of Microsoft FTP Service login banner, 79
of ms-ftp.sh script mimicking a Microsoft FTP server, 183–187
for putting Snort into network IDS mode, 256
of sample Honeyd.bat file, 153
of a sample Honeyd configuration file, 162–165
of sample Snort configuration file, 265–267
for setting system variable for Honeyd templates, 160
showing Honeyd.log file entries, 134–135
showing sample Honeyd Exchange Server template, 161
for Snort command for fastest performance, 255
of source code for Cisco telnet session script, 174–176
of source code for Test.sh, 172–173
of source code for Test.sh modified for Windows, 173
source code for Web.sh script, 177–178
syntax for adding ports in Honeyd, 158–159
syntax for typical Snort rules, 260
Telnet Server Logon banner text, 80
for testing and troubleshooting Honeyd on the local host, 166
for testing nmapNT fingerprinting process, 27–28
for testing your Snort configuration file, 267
using Netcat to retrieve IIS HTTP headers, 81–82
using the SET command, 157
for Windows auto-run areas for honeypots, 98–99
Code Red worm
LaBrea tarpit developed in response to, 9
Cogswell, Bryce
monitoring utilities created by, 278–280
Cohen, Dr. Fred
website address, 21
Comcraft tap maker
website address, 44
ComLog utilities.
See also commercial ComLog utility;
open-source ComLog utility
disabling Windows File Protection to use, 281
website address, 23
command-line options
case-sensitivity of, 151
using in Honeyd, 151–152
command-line tools
using built-in in Ethereal utility, 249–250
commercial ComLog
function of vs. open-source ComLog, 281
Comp.exe
comparing two sets of files on command line with, 272
Computer Antivirus Researcher’s Organization (CARO) naming convention
failure of, 291
Computer Associates
website address, 294
Computer Forensics, Cybercrime and Steganograph Resources
website address, 335
Computer Management window
configuring services in, 108–109
computer platforms
assembly language instructions on, 345–349
computer roles
defined, 68–72
configuration settings
documenting for honeypots, 98
configuring
Honeyd templates, 154–165
Jackpot SMTP tarpit, 216–218
service accounts to protect honeypots, 115–117
services in Computer Management window, 108–109
services in LocalSystem account, 115–116
services in Windows Computer Management Services window, 108–109
Snort, 252–268
Connection Type dialog box
in Cygwin Setup dialog box, 143
console keystroke loggers. See monitoring programs
CookieView tool
for decoding internal cookie data, 316
Coordinated Universal Time (UTC), 128
CREATE command
using to create a Honeyd template, 155–156
/Create options
table of for EVENTTRIGGERS command, 298
Crucial ADS
for listing alternate data streams, 313
Ctrl-C
ending a Netcat session with, 14
exiting Snort with, 255
Cute FTP, 178
Cygwin
adding directories to the system PATH statement after installation, 144
installing, 142–145
website address for downloading, 142
Cygwin Setup dialog box
choosing the Installation Directory dialog box in, 143
| |||||
| |||||
| |||||
EAN: 2147483647
Pages: 119