![]() | ![]() |
| ||||||||||
![]() |
![]() |
![]() | |||||
| |||||
![]() |
IBM
website address, 294
ICMP. See Internet Control Message Protocol (ICMP)
ICMP behavior
emulation of by Honeyd, 128
ICMP fingerprinting
use of ICMP by hackers for, 237
website address for presentation about, 29
IDA Pro Disassembler and Debugger
classes for using to disassemble malware, 318
for doing detailed code analysis, 318
example disassembling Netlog1.exe instructions, 354
function of, 353–355
logic diagram, 355
website address, 353
Identification field
in IP packet, 232
identification number
for IP packets, 124
IDSs
benefits of using in a honeypot environment, 225–226
flexible alerting mechanisms in, 226
importance of in stopping hackers, 8
vs. sniffers, 223–224
IDSs and sniffers
how they complement each other, 226
where to place them, 226
if argument
in Dd.exe command-line syntax, 307
IIS
components of, 80–81
versions and related operating systems, 81
IIS directory structure
default folder and subfolder locations of an IIS installation, 82
IIS server ports
list of common, 69
IIS sim server
KFSensor honeypot, 201–202
IIS virtual SMTP server banner text
vs. Exchange Server SMTP banner text, 83
IIS virtual SMTP servers, 82–83
IIS web emulation script
for a simple emulated IIS 5.0 web page, 176–178
iisemu18.pl script
website address, 180
IM activity and file trading
tools for checking for hacker activity, 317
IM Grabber
for checking for IM services hacker activity, 317
Implementing CIFS, “Introduction”
website address, 77
in-band monitoring
advantages of, 276
vs. out-of-band monitoring, 276
inband monitoring tools
defined, 90
InCtrl5 (PC Magazine) utility
function of, 283
website address, 283
information system resource
honeypot as, 3
InfoWorld
website address for summary article about SIM/SEM, 294
initial sequence number (ISN)
Honeyd creation of, 127
inline IDS
implementation of, 24
input/output routines
support in Honeyd service scripts, 170–171
Installation Directory dialog box
in Cygwin Setup dialog box, 143
installation tips
for installing honeypots, 99–100
installing
Snort, 252
IntegCheck utility
file system integrity checker, 282
integrity checkers (snapshot software), 23
intelligent bridges. See bridges
internal placement
of honeypots, 56–57
Internet Connection Firewall (ICF)
using to filter network traffic on your honeypot, 105–106
Internet Control Message Protocol (ICMP).
See also ICMP behavior;
ICMP fingerprinting
for troubleshooting network connections, 237
Internet Explorer
tools for tracking hacker activity, 316
Internet Protocol (IP)
fields that need inspecting during a forensic investigation, 231–232
packet structure, 231
Internet Protocol version 6 (IPv6). See IPv6 (Internet Protocol version 6)
internet simulation environment, 10–11
Intrusion Inc. tap maker
website address, 44
iOpus Software’s STARR
spying program, 317
IP. See Internet Protocol (IP)
IP addresses
assigning for honeypots, 43
obscuring of by intervening routers, 171
tools for finding hosts without, 43
IP addressing
and network emulation in Honeyd, 128–129
IP Filtering feature
enabling in Honeyd, 139
on all Microsoft Windows NT-based OSs, 106
IP Flags field
in IP packet, 232
IP information
mimicking in Honeyd, 124
IP (Instruction Pointer) register
of particular interest to malicious hackers, 348
IP Security (IPSec)
Windows default encryption communication’s protocol, 284
IP stack emulation
in Honeyd, 123–130
settings in Honeyd, 123–124
IPList utility
for enumerating network interfaces, 283
IPOST
memory variable useful in scripts, 171
IPSRC
memory variable useful in scripts, 171
IPv6 (Internet Protocol version 6)
use of by hackers inside IPv4 traffic, 8
![]() | |||||
| |||||
![]() |