Caller ID (CLID), 298, 340
canonicalization attacks, 519-522, 539-540, 597-598
CAR (Committed Access Rate), 501
Carbonite kernel module, 288
carrier exploitation, 311-313
Carrier Sense Multiple Access/Collision Detection (CSMA/CD), 368
CBAC (Context Based Access Control), 501
CCNSO (Country Code Domain Name Supporting Organization), 19-20, 22-23
CDE (common desktop environment), 239
CDP (Cisco Discovery Protocol), 379-380, 418
CERT (Computer Emergency Response Team), 213, 250, 253, 505
CERT Intruder Detection Checklist, 292
CGI (Common Gateway Interface), 225-226, 543-544
CGI scripts, 225-226, 543-544
Check Point firewalls, 465, 472, 477-479
Check Promiscuous Mode (cpm), 281
CIDR (Classless Inter-Domain Routing) block notation, 57
CIFS (Common Internet File System), 107, 140
CIS (COM Internet Services), 163
Cisco config files, 388-390
Cisco Config Viewer, 388-389, 391
Cisco devices
banners, 362, 364-365
encryption, 390-392
passwords, 389-392
SNMP requests , 387-390
syslog logging, 390
VLANs and, 378
Cisco Discovery Protocol (CDP), 379-380, 418
Cisco finger service, 364-365
Cisco Guard product, 499, 505
Cisco IOS
banner grabbing , 364-365
DoS attacks and, 500-501
enumerating, 364-365
firewalls and, 475, 477
OS identification and, 364
spoofed BGP packets, 400-403
Cisco routers
denial of service attacks and, 501
encryption, 390-392
passwords, 387-392
ports, 360-361, 364-365
restricting packets, 355
spoofing, 379-380
tracerouting and, 355, 357
Cisco Security Agent, 157
Cisco XRemote service, 361, 365
Classless Inter-Domain Routing (CIDR) block notation, 57
cleartext passwords
cracking, 178, 185
dsniff and, 383-386
RIP and, 394
CLID (Caller ID), 298, 340
Client32 connections, 124
clients
connections, 124
DDoS, 495-497
FTP, 80-81
Internet. See Internet clients
JiGLE, 424-425
LDAP, 118
SBM, 133
web, 564-566
WHOIS, 31
cmd.exe shell, 171, 186-187, 193, 199
code. See also web applications
ASP, 538-541
attack countermeasures, 522-534
auditing, 530-531
Authenticode, 575-576
buffer overflows, 512-518
bugs , 524, 526-527, 531
common countermeasures, 523-534
common exploits, 512-522
design flaws, 512-518
development team and, 525
hacking, 511-534
HTML. See HTML code
input validation libraries, 532-533
JSP, 539
managed execution environments, 532
PHP, 543
resources, 533-534
review of, 526-531
"safe for scripting" issue, 576-577
Security Development Lifecycle, 524-532
security liaison and, 525, 530
sensitive data in, 170-171
source code disclosure, 539
SSI, 571-572
testing, 528-530
threat modeling, 525-526, 534
COM Internet Services (CIS), 163
Committed Access Rate (CAR), 501
common desktop environment (CDE), 239
Common Gateway Interface. See CGI
Common Internet File System (CIFS), 107, 140
companies
annual reports , 12
archived information, 13-14
cached information about, 13-14
contact names , 11, 30
current events, 11-12
disgruntled employees , 14
e-mail addresses, 11, 15, 30
employees. See employees
financial information, 12
footprinting and. See footprinting
location details, 10-11
morale , 11-12
phone numbers , 9, 11, 31-32
related organizations, 10
remote access via browser, 9
security policies, 12
VPN access, 9
web sites, 9
Computer Emergency Response Team. See CERT
connections
anonymous, 96-111
client, 124
HTTP, 554-555
HTTPS, 554-555
Internet. See Internet
IPSec, 202-203
laundered, 641
modem, 313
Novell Client32, 124
rogue, 195-196
SSL, 88-90, 556
Context Based Access Control (CBAC), 501
cookies
countermeasures, 580-581
displaying, 565
editing, 553-554
emailing, 565
grabbing, 551-553
hijacking, 580-581
per session, 580
persistent, 580
SYN, 499, 502
WebProxy tool, 553-554
WebSleuth, 551-553
XSS attacks, 564-566
cpm (Check Promiscuous Mode), 281
cracking passwords. See password cracking
cross-frame/domain vulnerabilities, 582-583
cross-site scripting. See XSS
cross-zone exploit, 595-597
Cryptographic Challenges, 339
cryptographic hashes, 646
CSMA/CD (Carrier Sense Multiple Access/Collision Detection), 368
Cuartango, Juan Carlos Garcia, 589
Cult of the Dead Cow, 84, 105, 577
CyberCop Scanner tool, 147