Verfügbarkeit: Virtual honeypots

Virtual honeypots: from botnet tracking to intrusion detection

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Provos, Niels (VerfasserIn), Holz, Thorsten (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Upper Saddle River, NJ [u.a.] Addison-Wesley 2008
Schlagworte:	Computer security Rechnernetz Wurm > Informatik Eindringerkennung
Online-Zugang:	Table of contents only Inhaltsverzeichnis
Beschreibung:	Includes bibliographical references (p. 415-421) and index
Beschreibung:	XXIII, 440 S. Ill.
ISBN:	0321336321 9780321336323

Internformat

MARC


LEADER	00000nam a2200000zc 4500
001	BV023201935
003	DE-604
005	20080314
007	t
008	080306s2008 xxua\|\|\| \|\|\|\| 00\|\|\| eng d
010			\|a 2007020022
020			\|a 0321336321 \|c pbk. : alk. paper \|9 0-321-33632-1
020			\|a 9780321336323 \|9 978-0-321-33632-3
035			\|a (OCoLC)128237865
035			\|a (DE-599)BVBBV023201935
040			\|a DE-604 \|b ger \|e aacr
041	0		\|a eng
044			\|a xxu \|c US
049			\|a DE-29T
050		0	\|a QA76.9.A25
082	0		\|a 005.8
100	1		\|a Provos, Niels \|e Verfasser \|4 aut
245	1	0	\|a Virtual honeypots \|b from botnet tracking to intrusion detection \|c Niels Provos ; Thorsten Holz
264		1	\|a Upper Saddle River, NJ [u.a.] \|b Addison-Wesley \|c 2008
300			\|a XXIII, 440 S. \|b Ill.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
500			\|a Includes bibliographical references (p. 415-421) and index
650		4	\|a Computer security
650	0	7	\|a Rechnernetz \|0 (DE-588)4070085-9 \|2 gnd \|9 rswk-swf
650	0	7	\|a Wurm \|g Informatik \|0 (DE-588)4779907-9 \|2 gnd \|9 rswk-swf
650	0	7	\|a Eindringerkennung \|0 (DE-588)4706627-1 \|2 gnd \|9 rswk-swf
689	0	0	\|a Rechnernetz \|0 (DE-588)4070085-9 \|D s
689	0	1	\|a Wurm \|g Informatik \|0 (DE-588)4779907-9 \|D s
689	0	2	\|a Eindringerkennung \|0 (DE-588)4706627-1 \|D s
689	0		\|5 DE-604
700	1		\|a Holz, Thorsten \|e Verfasser \|4 aut
856	4		\|u http://www.loc.gov/catdir/toc/ecip0718/2007020022.html \|3 Table of contents only
856	4	2	\|m OEBV Datenaustausch \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016388145&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-016388145

Datensatz im Suchindex

_version_	1804137479076315136
adam_text	* * * * * * * * * * PREFACE XTTL ACKNOWLEDGMENTS XXL ABOUT THE AUTHORS XXTTL 1 H O N E Y P O T AND N E T W O R K I N G B A C K G R O U N D 1 * 1.1 BRIEF TCP/IP INTRODUCTION 1* 1.2 HONEYPOT BACKGROUND 7* 1.2.1 HIGH-INTERACTION HONEYPOTS 9* 1.2.2 LOW-INTERACTION HONEYPOTS 10* 1.2.3 PHYSKAL HONEYPOTS 11* 1.2.4 VIRTUAL HONEYPOTS 11* 1.2.5 LEGAL ASPECTS 12* 1.3 TOOLS OF THE TRADE 13* 1.3.1 TCPDUMP 13* 1.3.2 WIRESHARK 15* 1.3.3 NMAP 16* 2 H I G H - I N T E R A C T I O N H O N E Y P O T S 19* 2.1 ADVANTAGES AND DISADVANTAGES 20* 2.2 VMWARE 22* 2.2.1 DIFFERENT VMWARE VERSIONS 25* 2.2.2 VIRTUAL NETWORK WITH VMWARE 26* 2.2.3 SETTING UP A VIRTUAL HIGH-INTERACTION HONEYPOT 29* 2.2.4 CREATING A VIRTUAL HONEYPOT 33* 2.2.5 ADDING ADDITIONAL MONITORING SOFTWARE 37* 2.2.6 CONNECTING THE VIRTUAL HONEYPOT TO THE INTERNET 39* 2.2.7 BUILDING A VIRTUAL HIGH-INTERACTION HONEYNET 40* 2.3 USER-MODE LINUX 41* 2.3.1 OVERVIEW 41* 2.3.2 INSTALLATION AND SETUP 42* V L L VIII C O N T E N T S 2.3.3 R U N T I M E FLAGS A N D C O N F I G U R A T I O N 4 6 * 2 . 3 . 4 M O N I T O R I N G U M L - B A S E D H O N E Y P O T S 5 0 * 2.3.5 C O N N E C T I N G T H E V I R T U A L H O N E Y P O T TO T H E I N T E R N E T 51* 2 . 3 . 6 B U I L D I N G A V I R T U A L H I G H - I N T E R A C T I O N H O N E Y N E T 52* 2.4 A R G O S 52* 2.4.1 O V E R V I E W 53* 2 . 4 . 2 I N S T A L L A T I O N A N D S E T U P F O R ARGOS H O N E Y P O T S 54* 2.5 S A F E G U A R D I N G Y O U R H O N E Y P O T S 62* 2.5.1 H O N E Y W A L L 63* 2 . 6 S U M M A R Y 69* 3 LOW-INTERACTION H O N E Y P O T S 71* 3.1 A D V A N T A G E S A N D D I S A D V A N T A G E S 72* 3.2 D E C E P T I O N T O O L K I T 73* 3.3 L A B R E A 74* 3.3.1 I N S T A L L A T I O N A N D S E T U P 75* 3.3.2 O B S E R V A T I O N S 81* 3.4 TINY H O N E Y P O T 81* 3.4.1 I N S T A L L A T I O N 82* 3.4.2 C A P T U R E LOGS 83* 3.4.3 SESSION LOGS 85* 3.4.4 N E T F I L T E R LOGS 85* 3.4.5 O B S E R V A T I O N S 86* 3.5 G H H - G O O G L E H A C K H O N E Y P O T 87* 3.5.1 G E N E R A L I N S T A L L A T I O N 87* 3.5.2 I N S T A L L I N G T H E T R A N S P A R E N T L I N K 91* 3.5.3 ACCESS L O G G I N G 92* 3 . 6 P H P . H O P - A W E B - B A S E D D E C E P T I O N F R A M E W O R K 94* 3.6.1 I N S T A L L A T I O N 95* 3.6.2 H I P H O P 96* 3.6.3 P H P M Y A D M I N 97* 3.7 S E C U R I N G Y O U R L O W - I N T E R A C T I O N H O N E Y P O T S 98* 3.7.1 C H R O O T J A I L 98* 3.7.2 S Y S T R A C E 101* 3 . 8 S U M M A R Y 103* 4 H O N E Y D - T H E BASICS 105* 4.1 O V E R V I E W 106* 4.1.1 F E A T U R E S 107* 4.1.2 I N S T A L L A T I O N A N D S E T U P 108* IX CONTENTS 4.2 DESIGN OVERVIEW 109* 4.2.1 INTERACTION ONLY VIA THE NETWORK 111* 4.2.2 MULTIPLE IP ADDRESSES 111* 4.2.3 DECEIVING FINGERPRINTING TOOLS 111* 4.3 RECEIVING NETWORK DATA 112* 4.4 RUNTIME FLAGS 114* 4.5 CONFIGURATION 115* 4.5.1 CREATE 117* 4.5.2 SET 117* 4.5.3 ADD 121* 4.5.4 BIND 123* 4.5.5 DELETE 124* 4.5.6 INCLUDE 125* 4.6 EXPERIMENTS WITH HONEYD 125* 4.6.1 EXPERIMENTING WITH HONEYD LOCALLY 125* 4.6.2 INTEGRATING VIRTUAL HONEYPOTS INTO PRODUCTION NETWORKS 128* 4.7 SERVICES 129* 4.8 LOGGING 131* 4.8.1 PACKET-LEVEL LOGGING 131* 4.8.2 SERVICE-LEVEL LOGGING 133* 4.9 SUMMARY 134* 5 HONEYD - ADVANCED TOPICS 135* 5.1 ADVANCED CONFIGURATION 136* 5.1.1 SET 136* 5.1.2 TARPIT 137* 5.1.3 ANNOTATE 138* 5.2 EMULATING SERVICES 139* 5.2.1 SCRIPTING LANGUAGES 139* 5.2.2 SMTP 139* 5.3 SUBSYSTEMS 142* 5.3.1 OPTIMIZING SUBSYSTEMS 145* 5.4 INTERNA! PYTHON SERVICES 146* 5.5 DYNAMIC TEMPLATES 148* 5.6 ROUTING TOPOLOGY 150* 5.7 HONEYDSTATS 154* 5.8 HONEYDCTL 156* 5.9 HONEYCOMB 158* 5.10 PERFORMANCE 160* 5.11 SUMMARY 161* X CANTENTS 6 COLLECTING MALWARE WITH HONEYPOTS 163* 6.1 A PRIMER ON MALICIOUS SOFTWARE 164* 6.2 NEPENTHES - A HONEYPOT SOLUTION TO CALLEET MALWARE 165* 6.2.1 AREHITEETUREOFNEPENTHES 167* 6.2.2 LIMITATIONS 176* 6.2.3 INSTALLATION AND SETUP 177* 6.2.4 CONFIGURATION 179* 6.2.5 COMMAND LINE FLAGS 181* 6.2.6 ASSIGNING MULTIPLE IP ADDRESSES 183* 6.2.7 FLEXIBLE DEPLOYMENT 185* 6.2.8 CAPTURING NEW EXPLOITS 186* 6.2.9 IMPLEMENTING VULNERABILITY MODULES 187* 6.2.10 RESULTS 188* 6.2.11 LESSONS LEARNED 196* 6.3 HONEYTRAP 197* 6.3.1 OVERVIEW 197* 6.3.2 INSTALLATION AND CONFIGURATION 200* 6.3.3 RUNNING HONEYTRAP 203* 6.4 OTHER HONEYPOT SOLUTIONS FOR LEARNING ABOUT MALWARE 204* 6.4.1 MULTIPOT 204* 6.4.2 HONEYBOT 205* 6.4.3 BILLY GOAT 205* 6.4.4 LEARNING ABAUT MALICIOUS NETWORK TRAFFIE 206* 6.5 SUMMARY 207* 7 HYBRID SYSTEMS 209* 7.1 COLLAPSAR 211* 7.2 POTEMKIN 214* 7.3 ROLEPLAYER 220* 7.4 RESEARCH SUMMARY 224* 7.5 BUILDING YOUR OWN HYBRID HONEYPOT SYSTEM 224* 7.5.1 NAT AND HIGH-INTERAETION HONEYPOTS 224* 7.5.2 HONEYD AND HIGH-INTERACTION HONEYPOT 228* 7.6 SUMMARY 230* 8 ELIENT HONEYPOTS 231* 8.1 LEARNING MORE ABOUT CLIENT-SIDE THREATS 232* 8.1.1 A CLOSER LOOK AT MS04-040 233* 8.1.2 OTHER TYPES OF CLIENT-SIDE ATTAEKS 236* 8.1.3 TOWARD CLIENT HONEYPOTS 238* 8.2 LOW-INTERAETION CLIENT HONEYPOTS 241* CONTENTS XL 8.2.1 LEARNING ABOUT MALICIOUS WEBSITES 241* 8.2.2 HONEYC 246* 8.3 HIGH-INTERACTION CLIENT HONEYPOTS 253* 8.3.1 DESIGN OFHIGH-INTERACTION CLIENT HONEYPOTS 254* 8.3.2 HONEYCLIENT 258* 8.3.3 CAPTURE-HPC 260* 8.3.4 HONEYMONKEY 262* 8.4 OTHER APPROACHES 263* 8.4.1 STUDYING SPYWARE ON THE INTERNET 264* 8.4.2 SPYBYE 267* 8.4.3 SITEADVISOR 270* 8.4.4 FURTHER RESEARCH 271* 8.5 SUMMARY 272* 9 DETECTING HONEYPOTS 273* 9.1 DETECTING LOW-INTERACTION HONEYPOTS 274* 9.2 DETECTING HIGH-INTERACTION HONEYPOTS 280* 9.2.1 DETECTING AND DISABLING SEBEK 281* 9.2.2 DETECTING THE HONEYWALL 285* 9.2.3 CIRCUMVENTING HONEYNET LOGGING 286* 9.2.4 VMWARE AND OTHER VIRTUAL MACHINES 289* 9.2.5 QEMU 297* 9.2.6 USER-MODE LINUX 298* 9.3 DETECTING ROOTKITS 302* 9.4 SUMMARY 305* 10 CASE STUDIES 307* 10.1 BLAST-O-MAT: USING NEPENTHES TO DETECT INFECTED CLIENTS 308* 10.1.1 MOTIVATION 309* 10.1.2 NEPENTHES AS PART OF AN INTRUSION DETECTION SYSTEM 311* 10.1.3 MITIGATION OFINFECTED SYSTEMS 312* 10.1.4 A MODERN TROJAN: HAXDOOR 316* 10.1.5 LESSONS LEARNED WITH BLAST-O-MAT 320* 10.1.6 LIGHTWEIGHT IDS BASED ON NEPENTHES 321* 10.1.7 SURFNET IDS 325* 10.2 SEARCH WORMS 327* 10.3 RED HAT 8.0 COMPROMISE 332* 10.3.1 ATTACK SUMMARY 334* 10.3.2 ATTACK TIMELINE 335* 10.3.3 TOOLS INVOLVED 338* 10.3.4 ATTACK EVALUATION 343* XII CONTENTS 10.4 WINDOWS 2000 COMPROMISE 343* 10.4.1 ATTACK SUMMARY 344* 10.4.2 ATTACK TIMELINE 345* 10.4.3 TOOLS INVOLVED 347* 10.4.4 ATTACK EVALUATION 350* 10.5 SUSE 9.1 COMPROMISE 351* 10.5.1 ATTACK SUMMARY 351* 10.5.2 ATTACK TIMELINE 352* 10.5.3 TOOLS INVOLVED 354* 10.5.4 ATTACK EVALUATION 356* 10.6 SUMMARY 357* 11 TRACKING BOTNETS 359* 11.1 BOT AND BOTNET 101 360* 11.1.1 EXAMPLES OFBOTS 362* 11.1.2 SPYWARE IN THE FORM OF BOTS 366* 11.1.3 BOTNET CONTROL STRUCTURE 369* 11.1.4 DDOS ATTACKS CAUSED BY BOTNETS 372* 11.2 TRACKING BOTNETS 373* 11.2.1 OBSERVING BOTNETS 375* 11.3 CASE STUDIES 376* 11.3.1 MOCBOT AND MS06-040 381* 11.3.2 OTHER OBSERVATIONS 384* 11.4 DEFENDING AGAINST BOTS 387* 11.5 SUMMARY 390* 12 ANALYZING MALWARE WITH CWSANDBOX 391* 12.1 CWSANDBOX OVERVIEW 392* 12.2 BEHAVIOR-BASED MALWARE ANALYSIS 394* 12.2.1 CODE ANALYSIS 394* 12.2.2 BEHAVIOR ANALYSIS 395* 12.2.3 API HOOKING 396* 12.2.4 CODE INJECTION 400* 12.3 CWSANDBOX - SYSTEM DESCRIPTION 401* 12.3.1 ARCHITECTURE 402* 12.4 RESULTS 405* 12.4.1 EXAMPLE ANALYSIS REPORT 406* 12.4.2 LARGE-SCALE ANALYSIS 411* 12.5 SUMMARY 413* BIBLIOGRAPHY 415* INDEX 423*
adam_txt	* * * * * * * * * * PREFACE XTTL ACKNOWLEDGMENTS XXL ABOUT THE AUTHORS XXTTL 1 H O N E Y P O T AND N E T W O R K I N G B A C K G R O U N D 1 * 1.1 BRIEF TCP/IP INTRODUCTION 1* 1.2 HONEYPOT BACKGROUND 7* 1.2.1 HIGH-INTERACTION HONEYPOTS 9* 1.2.2 LOW-INTERACTION HONEYPOTS 10* 1.2.3 PHYSKAL HONEYPOTS 11* 1.2.4 VIRTUAL HONEYPOTS 11* 1.2.5 LEGAL ASPECTS 12* 1.3 TOOLS OF THE TRADE 13* 1.3.1 TCPDUMP 13* 1.3.2 WIRESHARK 15* 1.3.3 NMAP 16* 2 H I G H - I N T E R A C T I O N H O N E Y P O T S 19* 2.1 ADVANTAGES AND DISADVANTAGES 20* 2.2 VMWARE 22* 2.2.1 DIFFERENT VMWARE VERSIONS 25* 2.2.2 VIRTUAL NETWORK WITH VMWARE 26* 2.2.3 SETTING UP A VIRTUAL HIGH-INTERACTION HONEYPOT 29* 2.2.4 CREATING A VIRTUAL HONEYPOT 33* 2.2.5 ADDING ADDITIONAL MONITORING SOFTWARE 37* 2.2.6 CONNECTING THE VIRTUAL HONEYPOT TO THE INTERNET 39* 2.2.7 BUILDING A VIRTUAL HIGH-INTERACTION HONEYNET 40* 2.3 USER-MODE LINUX 41* 2.3.1 OVERVIEW 41* 2.3.2 INSTALLATION AND SETUP 42* V L L VIII C O N T E N T S 2.3.3 R U N T I M E FLAGS A N D C O N F I G U R A T I O N 4 6 * 2 . 3 . 4 M O N I T O R I N G U M L - B A S E D H O N E Y P O T S 5 0 * 2.3.5 C O N N E C T I N G T H E V I R T U A L H O N E Y P O T TO T H E I N T E R N E T 51* 2 . 3 . 6 B U I L D I N G A V I R T U A L H I G H - I N T E R A C T I O N H O N E Y N E T 52* 2.4 A R G O S 52* 2.4.1 O V E R V I E W 53* 2 . 4 . 2 I N S T A L L A T I O N A N D S E T U P F O R ARGOS H O N E Y P O T S 54* 2.5 S A F E G U A R D I N G Y O U R H O N E Y P O T S 62* 2.5.1 H O N E Y W A L L 63* 2 . 6 S U M M A R Y 69* 3 LOW-INTERACTION H O N E Y P O T S 71* 3.1 A D V A N T A G E S A N D D I S A D V A N T A G E S 72* 3.2 D E C E P T I O N T O O L K I T 73* 3.3 L A B R E A 74* 3.3.1 I N S T A L L A T I O N A N D S E T U P 75* 3.3.2 O B S E R V A T I O N S 81* 3.4 TINY H O N E Y P O T 81* 3.4.1 I N S T A L L A T I O N 82* 3.4.2 C A P T U R E LOGS 83* 3.4.3 SESSION LOGS 85* 3.4.4 N E T F I L T E R LOGS 85* 3.4.5 O B S E R V A T I O N S 86* 3.5 G H H - G O O G L E H A C K H O N E Y P O T 87* 3.5.1 G E N E R A L I N S T A L L A T I O N 87* 3.5.2 I N S T A L L I N G T H E T R A N S P A R E N T L I N K 91* 3.5.3 ACCESS L O G G I N G 92* 3 . 6 P H P . H O P - A W E B - B A S E D D E C E P T I O N F R A M E W O R K 94* 3.6.1 I N S T A L L A T I O N 95* 3.6.2 H I P H O P 96* 3.6.3 P H P M Y A D M I N 97* 3.7 S E C U R I N G Y O U R L O W - I N T E R A C T I O N H O N E Y P O T S 98* 3.7.1 C H R O O T J A I L 98* 3.7.2 S Y S T R A C E 101* 3 . 8 S U M M A R Y 103* 4 H O N E Y D - T H E BASICS 105* 4.1 O V E R V I E W 106* 4.1.1 F E A T U R E S 107* 4.1.2 I N S T A L L A T I O N A N D S E T U P 108* IX CONTENTS 4.2 DESIGN OVERVIEW 109* 4.2.1 INTERACTION ONLY VIA THE NETWORK 111* 4.2.2 MULTIPLE IP ADDRESSES 111* 4.2.3 DECEIVING FINGERPRINTING TOOLS 111* 4.3 RECEIVING NETWORK DATA 112* 4.4 RUNTIME FLAGS 114* 4.5 CONFIGURATION 115* 4.5.1 CREATE 117* 4.5.2 SET 117* 4.5.3 ADD 121* 4.5.4 BIND 123* 4.5.5 DELETE 124* 4.5.6 INCLUDE 125* 4.6 EXPERIMENTS WITH HONEYD 125* 4.6.1 EXPERIMENTING WITH HONEYD LOCALLY 125* 4.6.2 INTEGRATING VIRTUAL HONEYPOTS INTO PRODUCTION NETWORKS 128* 4.7 SERVICES 129* 4.8 LOGGING 131* 4.8.1 PACKET-LEVEL LOGGING 131* 4.8.2 SERVICE-LEVEL LOGGING 133* 4.9 SUMMARY 134* 5 HONEYD - ADVANCED TOPICS 135* 5.1 ADVANCED CONFIGURATION 136* 5.1.1 SET 136* 5.1.2 TARPIT 137* 5.1.3 ANNOTATE 138* 5.2 EMULATING SERVICES 139* 5.2.1 SCRIPTING LANGUAGES 139* 5.2.2 SMTP 139* 5.3 SUBSYSTEMS 142* 5.3.1 OPTIMIZING SUBSYSTEMS 145* 5.4 INTERNA! PYTHON SERVICES 146* 5.5 DYNAMIC TEMPLATES 148* 5.6 ROUTING TOPOLOGY 150* 5.7 HONEYDSTATS 154* 5.8 HONEYDCTL 156* 5.9 HONEYCOMB 158* 5.10 PERFORMANCE 160* 5.11 SUMMARY 161* X CANTENTS 6 COLLECTING MALWARE WITH HONEYPOTS 163* 6.1 A PRIMER ON MALICIOUS SOFTWARE 164* 6.2 NEPENTHES - A HONEYPOT SOLUTION TO CALLEET MALWARE 165* 6.2.1 AREHITEETUREOFNEPENTHES 167* 6.2.2 LIMITATIONS 176* 6.2.3 INSTALLATION AND SETUP 177* 6.2.4 CONFIGURATION 179* 6.2.5 COMMAND LINE FLAGS 181* 6.2.6 ASSIGNING MULTIPLE IP ADDRESSES 183* 6.2.7 FLEXIBLE DEPLOYMENT 185* 6.2.8 CAPTURING NEW EXPLOITS 186* 6.2.9 IMPLEMENTING VULNERABILITY MODULES 187* 6.2.10 RESULTS 188* 6.2.11 LESSONS LEARNED 196* 6.3 HONEYTRAP 197* 6.3.1 OVERVIEW 197* 6.3.2 INSTALLATION AND CONFIGURATION 200* 6.3.3 RUNNING HONEYTRAP 203* 6.4 OTHER HONEYPOT SOLUTIONS FOR LEARNING ABOUT MALWARE 204* 6.4.1 MULTIPOT 204* 6.4.2 HONEYBOT 205* 6.4.3 BILLY GOAT 205* 6.4.4 LEARNING ABAUT MALICIOUS NETWORK TRAFFIE 206* 6.5 SUMMARY 207* 7 HYBRID SYSTEMS 209* 7.1 COLLAPSAR 211* 7.2 POTEMKIN 214* 7.3 ROLEPLAYER 220* 7.4 RESEARCH SUMMARY 224* 7.5 BUILDING YOUR OWN HYBRID HONEYPOT SYSTEM 224* 7.5.1 NAT AND HIGH-INTERAETION HONEYPOTS 224* 7.5.2 HONEYD AND HIGH-INTERACTION HONEYPOT 228* 7.6 SUMMARY 230* 8 ELIENT HONEYPOTS 231* 8.1 LEARNING MORE ABOUT CLIENT-SIDE THREATS 232* 8.1.1 A CLOSER LOOK AT MS04-040 233* 8.1.2 OTHER TYPES OF CLIENT-SIDE ATTAEKS 236* 8.1.3 TOWARD CLIENT HONEYPOTS 238* 8.2 LOW-INTERAETION CLIENT HONEYPOTS 241* CONTENTS XL 8.2.1 LEARNING ABOUT MALICIOUS WEBSITES 241* 8.2.2 HONEYC 246* 8.3 HIGH-INTERACTION CLIENT HONEYPOTS 253* 8.3.1 DESIGN OFHIGH-INTERACTION CLIENT HONEYPOTS 254* 8.3.2 HONEYCLIENT 258* 8.3.3 CAPTURE-HPC 260* 8.3.4 HONEYMONKEY 262* 8.4 OTHER APPROACHES 263* 8.4.1 STUDYING SPYWARE ON THE INTERNET 264* 8.4.2 SPYBYE 267* 8.4.3 SITEADVISOR 270* 8.4.4 FURTHER RESEARCH 271* 8.5 SUMMARY 272* 9 DETECTING HONEYPOTS 273* 9.1 DETECTING LOW-INTERACTION HONEYPOTS 274* 9.2 DETECTING HIGH-INTERACTION HONEYPOTS 280* 9.2.1 DETECTING AND DISABLING SEBEK 281* 9.2.2 DETECTING THE HONEYWALL 285* 9.2.3 CIRCUMVENTING HONEYNET LOGGING 286* 9.2.4 VMWARE AND OTHER VIRTUAL MACHINES 289* 9.2.5 QEMU 297* 9.2.6 USER-MODE LINUX 298* 9.3 DETECTING ROOTKITS 302* 9.4 SUMMARY 305* 10 CASE STUDIES 307* 10.1 BLAST-O-MAT: USING NEPENTHES TO DETECT INFECTED CLIENTS 308* 10.1.1 MOTIVATION 309* 10.1.2 NEPENTHES AS PART OF AN INTRUSION DETECTION SYSTEM 311* 10.1.3 MITIGATION OFINFECTED SYSTEMS 312* 10.1.4 A MODERN TROJAN: HAXDOOR 316* 10.1.5 LESSONS LEARNED WITH BLAST-O-MAT 320* 10.1.6 LIGHTWEIGHT IDS BASED ON NEPENTHES 321* 10.1.7 SURFNET IDS 325* 10.2 SEARCH WORMS 327* 10.3 RED HAT 8.0 COMPROMISE 332* 10.3.1 ATTACK SUMMARY 334* 10.3.2 ATTACK TIMELINE 335* 10.3.3 TOOLS INVOLVED 338* 10.3.4 ATTACK EVALUATION 343* XII CONTENTS 10.4 WINDOWS 2000 COMPROMISE 343* 10.4.1 ATTACK SUMMARY 344* 10.4.2 ATTACK TIMELINE 345* 10.4.3 TOOLS INVOLVED 347* 10.4.4 ATTACK EVALUATION 350* 10.5 SUSE 9.1 COMPROMISE 351* 10.5.1 ATTACK SUMMARY 351* 10.5.2 ATTACK TIMELINE 352* 10.5.3 TOOLS INVOLVED 354* 10.5.4 ATTACK EVALUATION 356* 10.6 SUMMARY 357* 11 TRACKING BOTNETS 359* 11.1 BOT AND BOTNET 101 360* 11.1.1 EXAMPLES OFBOTS 362* 11.1.2 SPYWARE IN THE FORM OF BOTS 366* 11.1.3 BOTNET CONTROL STRUCTURE 369* 11.1.4 DDOS ATTACKS CAUSED BY BOTNETS 372* 11.2 TRACKING BOTNETS 373* 11.2.1 OBSERVING BOTNETS 375* 11.3 CASE STUDIES 376* 11.3.1 MOCBOT AND MS06-040 381* 11.3.2 OTHER OBSERVATIONS 384* 11.4 DEFENDING AGAINST BOTS 387* 11.5 SUMMARY 390* 12 ANALYZING MALWARE WITH CWSANDBOX 391* 12.1 CWSANDBOX OVERVIEW 392* 12.2 BEHAVIOR-BASED MALWARE ANALYSIS 394* 12.2.1 CODE ANALYSIS 394* 12.2.2 BEHAVIOR ANALYSIS 395* 12.2.3 API HOOKING 396* 12.2.4 CODE INJECTION 400* 12.3 CWSANDBOX - SYSTEM DESCRIPTION 401* 12.3.1 ARCHITECTURE 402* 12.4 RESULTS 405* 12.4.1 EXAMPLE ANALYSIS REPORT 406* 12.4.2 LARGE-SCALE ANALYSIS 411* 12.5 SUMMARY 413* BIBLIOGRAPHY 415* INDEX 423*
any_adam_object	1
any_adam_object_boolean	1
author	Provos, Niels Holz, Thorsten
author_facet	Provos, Niels Holz, Thorsten
author_role	aut aut
author_sort	Provos, Niels
author_variant	n p np t h th
building	Verbundindex
bvnumber	BV023201935
callnumber-first	Q - Science
callnumber-label	QA76
callnumber-raw	QA76.9.A25
callnumber-search	QA76.9.A25
callnumber-sort	QA 276.9 A25
callnumber-subject	QA - Mathematics
ctrlnum	(OCoLC)128237865 (DE-599)BVBBV023201935
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
discipline_str_mv	Informatik
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01805nam a2200457zc 4500</leader><controlfield tag="001">BV023201935</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20080314 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">080306s2008 xxua\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="010" ind1=" " ind2=" "><subfield code="a">2007020022</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0321336321</subfield><subfield code="c">pbk. : alk. paper</subfield><subfield code="9">0-321-33632-1</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780321336323</subfield><subfield code="9">978-0-321-33632-3</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)128237865</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV023201935</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-29T</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Provos, Niels</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Virtual honeypots</subfield><subfield code="b">from botnet tracking to intrusion detection</subfield><subfield code="c">Niels Provos ; Thorsten Holz</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Upper Saddle River, NJ [u.a.]</subfield><subfield code="b">Addison-Wesley</subfield><subfield code="c">2008</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXIII, 440 S.</subfield><subfield code="b">Ill.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references (p. 415-421) and index</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Rechnernetz</subfield><subfield code="0">(DE-588)4070085-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Wurm</subfield><subfield code="g">Informatik</subfield><subfield code="0">(DE-588)4779907-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Eindringerkennung</subfield><subfield code="0">(DE-588)4706627-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Rechnernetz</subfield><subfield code="0">(DE-588)4070085-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Wurm</subfield><subfield code="g">Informatik</subfield><subfield code="0">(DE-588)4779907-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Eindringerkennung</subfield><subfield code="0">(DE-588)4706627-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Holz, Thorsten</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2=" "><subfield code="u">http://www.loc.gov/catdir/toc/ecip0718/2007020022.html</subfield><subfield code="3">Table of contents only</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">OEBV Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016388145&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-016388145</subfield></datafield></record></collection>
id	DE-604.BV023201935
illustrated	Illustrated
index_date	2024-07-02T20:08:28Z
indexdate	2024-07-09T21:12:57Z
institution	BVB
isbn	0321336321 9780321336323
language	English
lccn	2007020022
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-016388145
oclc_num	128237865
open_access_boolean
owner	DE-29T
owner_facet	DE-29T
physical	XXIII, 440 S. Ill.
publishDate	2008
publishDateSearch	2008
publishDateSort	2008
publisher	Addison-Wesley
record_format	marc
spelling	Provos, Niels Verfasser aut Virtual honeypots from botnet tracking to intrusion detection Niels Provos ; Thorsten Holz Upper Saddle River, NJ [u.a.] Addison-Wesley 2008 XXIII, 440 S. Ill. txt rdacontent n rdamedia nc rdacarrier Includes bibliographical references (p. 415-421) and index Computer security Rechnernetz (DE-588)4070085-9 gnd rswk-swf Wurm Informatik (DE-588)4779907-9 gnd rswk-swf Eindringerkennung (DE-588)4706627-1 gnd rswk-swf Rechnernetz (DE-588)4070085-9 s Wurm Informatik (DE-588)4779907-9 s Eindringerkennung (DE-588)4706627-1 s DE-604 Holz, Thorsten Verfasser aut http://www.loc.gov/catdir/toc/ecip0718/2007020022.html Table of contents only OEBV Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016388145&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Provos, Niels Holz, Thorsten Virtual honeypots from botnet tracking to intrusion detection Computer security Rechnernetz (DE-588)4070085-9 gnd Wurm Informatik (DE-588)4779907-9 gnd Eindringerkennung (DE-588)4706627-1 gnd
subject_GND	(DE-588)4070085-9 (DE-588)4779907-9 (DE-588)4706627-1
title	Virtual honeypots from botnet tracking to intrusion detection
title_auth	Virtual honeypots from botnet tracking to intrusion detection
title_exact_search	Virtual honeypots from botnet tracking to intrusion detection
title_exact_search_txtP	Virtual honeypots from botnet tracking to intrusion detection
title_full	Virtual honeypots from botnet tracking to intrusion detection Niels Provos ; Thorsten Holz
title_fullStr	Virtual honeypots from botnet tracking to intrusion detection Niels Provos ; Thorsten Holz
title_full_unstemmed	Virtual honeypots from botnet tracking to intrusion detection Niels Provos ; Thorsten Holz
title_short	Virtual honeypots
title_sort	virtual honeypots from botnet tracking to intrusion detection
title_sub	from botnet tracking to intrusion detection
topic	Computer security Rechnernetz (DE-588)4070085-9 gnd Wurm Informatik (DE-588)4779907-9 gnd Eindringerkennung (DE-588)4706627-1 gnd
topic_facet	Computer security Rechnernetz Wurm Informatik Eindringerkennung
url	http://www.loc.gov/catdir/toc/ecip0718/2007020022.html http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016388145&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT provosniels virtualhoneypotsfrombotnettrackingtointrusiondetection AT holzthorsten virtualhoneypotsfrombotnettrackingtointrusiondetection

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge