H

skip navigation

honeypots for windows
Index
Honeypots for Windows
by Roger A. Grimes
Apress 2005
progress indicator progress indicatorprogress indicator progress indicator

I

IBM

website address, 294

ICMP. See Internet Control Message Protocol (ICMP)

ICMP behavior

emulation of by Honeyd, 128

ICMP fingerprinting

use of ICMP by hackers for, 237

website address for presentation about, 29

IDA Pro Disassembler and Debugger

classes for using to disassemble malware, 318

for doing detailed code analysis, 318

example disassembling Netlog1.exe instructions, 354

function of, 353–355

logic diagram, 355

website address, 353

Identification field

in IP packet, 232

identification number

for IP packets, 124

IDSs

benefits of using in a honeypot environment, 225–226

flexible alerting mechanisms in, 226

importance of in stopping hackers, 8

vs. sniffers, 223–224

IDSs and sniffers

how they complement each other, 226

where to place them, 226

if argument

in Dd.exe command-line syntax, 307

IIS

components of, 80–81

versions and related operating systems, 81

IIS directory structure

default folder and subfolder locations of an IIS installation, 82

IIS server ports

list of common, 69

IIS sim server

KFSensor honeypot, 201–202

IIS virtual SMTP server banner text

vs. Exchange Server SMTP banner text, 83

IIS virtual SMTP servers, 82–83

IIS web emulation script

for a simple emulated IIS 5.0 web page, 176–178

iisemu18.pl script

website address, 180

IM activity and file trading

tools for checking for hacker activity, 317

IM Grabber

for checking for IM services hacker activity, 317

Implementing CIFS, “Introduction”

website address, 77

in-band monitoring

advantages of, 276

vs. out-of-band monitoring, 276

inband monitoring tools

defined, 90

InCtrl5 (PC Magazine) utility

function of, 283

website address, 283

information system resource

honeypot as, 3

InfoWorld

website address for summary article about SIM/SEM, 294

initial sequence number (ISN)

Honeyd creation of, 127

inline IDS

implementation of, 24

input/output routines

support in Honeyd service scripts, 170–171

Installation Directory dialog box

in Cygwin Setup dialog box, 143

installation tips

for installing honeypots, 99–100

installing

Snort, 252

IntegCheck utility

file system integrity checker, 282

integrity checkers (snapshot software), 23

intelligent bridges. See bridges

internal placement

of honeypots, 56–57

Internet Connection Firewall (ICF)

using to filter network traffic on your honeypot, 105–106

Internet Control Message Protocol (ICMP).

See also ICMP behavior;

ICMP fingerprinting

for troubleshooting network connections, 237

Internet Explorer

tools for tracking hacker activity, 316

Internet Protocol (IP)

fields that need inspecting during a forensic investigation, 231–232

packet structure, 231

Internet Protocol version 6 (IPv6). See IPv6 (Internet Protocol version 6)

internet simulation environment, 10–11

Intrusion Inc. tap maker

website address, 44

iOpus Software’s STARR

spying program, 317

IP. See Internet Protocol (IP)

IP addresses

assigning for honeypots, 43

obscuring of by intervening routers, 171

tools for finding hosts without, 43

IP addressing

and network emulation in Honeyd, 128–129

IP Filtering feature

enabling in Honeyd, 139

on all Microsoft Windows NT-based OSs, 106

IP Flags field

in IP packet, 232

IP information

mimicking in Honeyd, 124

IP (Instruction Pointer) register

of particular interest to malicious hackers, 348

IP Security (IPSec)

Windows default encryption communication’s protocol, 284

IP stack emulation

in Honeyd, 123–130

settings in Honeyd, 123–124

IPList utility

for enumerating network interfaces, 283

IPOST

memory variable useful in scripts, 171

IPSRC

memory variable useful in scripts, 171

IPv6 (Internet Protocol version 6)

use of by hackers inside IPv4 traffic, 8

progress indicator progress indicatorprogress indicator progress indicator


Honeypots for Windows
Honeypots for Windows (Books for Professionals by Professionals)
ISBN: 1590593359
EAN: 2147483647
Year: 2006
Pages: 119

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net