Virtual honeypots: from botnet tracking to intrusion detection
Gespeichert in:
Hauptverfasser: | , |
---|---|
Format: | Buch |
Sprache: | English |
Veröffentlicht: |
Upper Saddle River, NJ [u.a.]
Addison-Wesley
2008
|
Schlagworte: | |
Online-Zugang: | Table of contents only Inhaltsverzeichnis |
Beschreibung: | Includes bibliographical references (p. 415-421) and index |
Beschreibung: | XXIII, 440 S. Ill. |
ISBN: | 0321336321 9780321336323 |
Internformat
MARC
LEADER | 00000nam a2200000zc 4500 | ||
---|---|---|---|
001 | BV023201935 | ||
003 | DE-604 | ||
005 | 20080314 | ||
007 | t | ||
008 | 080306s2008 xxua||| |||| 00||| eng d | ||
010 | |a 2007020022 | ||
020 | |a 0321336321 |c pbk. : alk. paper |9 0-321-33632-1 | ||
020 | |a 9780321336323 |9 978-0-321-33632-3 | ||
035 | |a (OCoLC)128237865 | ||
035 | |a (DE-599)BVBBV023201935 | ||
040 | |a DE-604 |b ger |e aacr | ||
041 | 0 | |a eng | |
044 | |a xxu |c US | ||
049 | |a DE-29T | ||
050 | 0 | |a QA76.9.A25 | |
082 | 0 | |a 005.8 | |
100 | 1 | |a Provos, Niels |e Verfasser |4 aut | |
245 | 1 | 0 | |a Virtual honeypots |b from botnet tracking to intrusion detection |c Niels Provos ; Thorsten Holz |
264 | 1 | |a Upper Saddle River, NJ [u.a.] |b Addison-Wesley |c 2008 | |
300 | |a XXIII, 440 S. |b Ill. | ||
336 | |b txt |2 rdacontent | ||
337 | |b n |2 rdamedia | ||
338 | |b nc |2 rdacarrier | ||
500 | |a Includes bibliographical references (p. 415-421) and index | ||
650 | 4 | |a Computer security | |
650 | 0 | 7 | |a Rechnernetz |0 (DE-588)4070085-9 |2 gnd |9 rswk-swf |
650 | 0 | 7 | |a Wurm |g Informatik |0 (DE-588)4779907-9 |2 gnd |9 rswk-swf |
650 | 0 | 7 | |a Eindringerkennung |0 (DE-588)4706627-1 |2 gnd |9 rswk-swf |
689 | 0 | 0 | |a Rechnernetz |0 (DE-588)4070085-9 |D s |
689 | 0 | 1 | |a Wurm |g Informatik |0 (DE-588)4779907-9 |D s |
689 | 0 | 2 | |a Eindringerkennung |0 (DE-588)4706627-1 |D s |
689 | 0 | |5 DE-604 | |
700 | 1 | |a Holz, Thorsten |e Verfasser |4 aut | |
856 | 4 | |u http://www.loc.gov/catdir/toc/ecip0718/2007020022.html |3 Table of contents only | |
856 | 4 | 2 | |m OEBV Datenaustausch |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016388145&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
999 | |a oai:aleph.bib-bvb.de:BVB01-016388145 |
Datensatz im Suchindex
_version_ | 1804137479076315136 |
---|---|
adam_text | * * * * * * * * * * PREFACE XTTL ACKNOWLEDGMENTS XXL ABOUT THE AUTHORS
XXTTL 1 H O N E Y P O T AND N E T W O R K I N G B A C K G R O U
N D 1 * 1.1 BRIEF TCP/IP INTRODUCTION 1* 1.2 HONEYPOT BACKGROUND
7* 1.2.1 HIGH-INTERACTION HONEYPOTS 9* 1.2.2 LOW-INTERACTION HONEYPOTS
10* 1.2.3 PHYSKAL HONEYPOTS 11* 1.2.4 VIRTUAL HONEYPOTS 11* 1.2.5 LEGAL
ASPECTS 12* 1.3 TOOLS OF THE TRADE 13* 1.3.1 TCPDUMP 13* 1.3.2 WIRESHARK
15* 1.3.3 NMAP 16* 2 H I G H - I N T E R A C T I O N H O N E Y P O T
S 19* 2.1 ADVANTAGES AND DISADVANTAGES 20* 2.2 VMWARE 22* 2.2.1
DIFFERENT VMWARE VERSIONS 25* 2.2.2 VIRTUAL NETWORK WITH VMWARE 26*
2.2.3 SETTING UP A VIRTUAL HIGH-INTERACTION HONEYPOT 29* 2.2.4 CREATING
A VIRTUAL HONEYPOT 33* 2.2.5 ADDING ADDITIONAL MONITORING SOFTWARE 37*
2.2.6 CONNECTING THE VIRTUAL HONEYPOT TO THE INTERNET 39* 2.2.7 BUILDING
A VIRTUAL HIGH-INTERACTION HONEYNET 40* 2.3 USER-MODE LINUX 41* 2.3.1
OVERVIEW 41* 2.3.2 INSTALLATION AND SETUP 42* V L L VIII C O N T E N
T S 2.3.3 R U N T I M E FLAGS A N D C O N F I G U R A T I O N
4 6 * 2 . 3 . 4 M O N I T O R I N G U M L - B A S E D H O
N E Y P O T S 5 0 * 2.3.5 C O N N E C T I N G T H E V I R T
U A L H O N E Y P O T TO T H E I N T E R N E T 51* 2 . 3 . 6
B U I L D I N G A V I R T U A L H I G H - I N T E R A C T I
O N H O N E Y N E T 52* 2.4 A R G O S 52* 2.4.1 O V E R V I E W
53* 2 . 4 . 2 I N S T A L L A T I O N A N D S E T U P F O
R ARGOS H O N E Y P O T S 54* 2.5 S A F E G U A R D I N G Y O U
R H O N E Y P O T S 62* 2.5.1 H O N E Y W A L L 63* 2 . 6 S
U M M A R Y 69* 3 LOW-INTERACTION H O N E Y P O T S 71* 3.1 A D
V A N T A G E S A N D D I S A D V A N T A G E S 72* 3.2 D E C E
P T I O N T O O L K I T 73* 3.3 L A B R E A 74* 3.3.1 I N S T A
L L A T I O N A N D S E T U P 75* 3.3.2 O B S E R V A T I O N S
81* 3.4 TINY H O N E Y P O T 81* 3.4.1 I N S T A L L A T I O N
82* 3.4.2 C A P T U R E LOGS 83* 3.4.3 SESSION LOGS 85* 3.4.4 N E T F
I L T E R LOGS 85* 3.4.5 O B S E R V A T I O N S 86* 3.5 G H H
- G O O G L E H A C K H O N E Y P O T 87* 3.5.1 G E N E R A
L I N S T A L L A T I O N 87* 3.5.2 I N S T A L L I N G T H E
T R A N S P A R E N T L I N K 91* 3.5.3 ACCESS L O G G I N G
92* 3 . 6 P H P . H O P - A W E B - B A S E D D E C E P T I
O N F R A M E W O R K 94* 3.6.1 I N S T A L L A T I O N 95*
3.6.2 H I P H O P 96* 3.6.3 P H P M Y A D M I N 97* 3.7 S E C U R
I N G Y O U R L O W - I N T E R A C T I O N H O N E Y P O T S
98* 3.7.1 C H R O O T J A I L 98* 3.7.2 S Y S T R A C E 101* 3
. 8 S U M M A R Y 103* 4 H O N E Y D - T H E BASICS 105*
4.1 O V E R V I E W 106* 4.1.1 F E A T U R E S 107* 4.1.2 I N S T
A L L A T I O N A N D S E T U P 108* IX CONTENTS 4.2 DESIGN
OVERVIEW 109* 4.2.1 INTERACTION ONLY VIA THE NETWORK 111* 4.2.2 MULTIPLE
IP ADDRESSES 111* 4.2.3 DECEIVING FINGERPRINTING TOOLS 111* 4.3
RECEIVING NETWORK DATA 112* 4.4 RUNTIME FLAGS 114* 4.5 CONFIGURATION
115* 4.5.1 CREATE 117* 4.5.2 SET 117* 4.5.3 ADD 121* 4.5.4 BIND 123*
4.5.5 DELETE 124* 4.5.6 INCLUDE 125* 4.6 EXPERIMENTS WITH HONEYD 125*
4.6.1 EXPERIMENTING WITH HONEYD LOCALLY 125* 4.6.2 INTEGRATING VIRTUAL
HONEYPOTS INTO PRODUCTION NETWORKS 128* 4.7 SERVICES 129* 4.8 LOGGING
131* 4.8.1 PACKET-LEVEL LOGGING 131* 4.8.2 SERVICE-LEVEL LOGGING 133*
4.9 SUMMARY 134* 5 HONEYD - ADVANCED TOPICS 135* 5.1 ADVANCED
CONFIGURATION 136* 5.1.1 SET 136* 5.1.2 TARPIT 137* 5.1.3 ANNOTATE 138*
5.2 EMULATING SERVICES 139* 5.2.1 SCRIPTING LANGUAGES 139* 5.2.2 SMTP
139* 5.3 SUBSYSTEMS 142* 5.3.1 OPTIMIZING SUBSYSTEMS 145* 5.4 INTERNA!
PYTHON SERVICES 146* 5.5 DYNAMIC TEMPLATES 148* 5.6 ROUTING TOPOLOGY
150* 5.7 HONEYDSTATS 154* 5.8 HONEYDCTL 156* 5.9 HONEYCOMB 158* 5.10
PERFORMANCE 160* 5.11 SUMMARY 161* X CANTENTS 6 COLLECTING MALWARE WITH
HONEYPOTS 163* 6.1 A PRIMER ON MALICIOUS SOFTWARE 164* 6.2 NEPENTHES - A
HONEYPOT SOLUTION TO CALLEET MALWARE 165* 6.2.1 AREHITEETUREOFNEPENTHES
167* 6.2.2 LIMITATIONS 176* 6.2.3 INSTALLATION AND SETUP 177* 6.2.4
CONFIGURATION 179* 6.2.5 COMMAND LINE FLAGS 181* 6.2.6 ASSIGNING
MULTIPLE IP ADDRESSES 183* 6.2.7 FLEXIBLE DEPLOYMENT 185* 6.2.8
CAPTURING NEW EXPLOITS 186* 6.2.9 IMPLEMENTING VULNERABILITY MODULES
187* 6.2.10 RESULTS 188* 6.2.11 LESSONS LEARNED 196* 6.3 HONEYTRAP 197*
6.3.1 OVERVIEW 197* 6.3.2 INSTALLATION AND CONFIGURATION 200* 6.3.3
RUNNING HONEYTRAP 203* 6.4 OTHER HONEYPOT SOLUTIONS FOR LEARNING ABOUT
MALWARE 204* 6.4.1 MULTIPOT 204* 6.4.2 HONEYBOT 205* 6.4.3 BILLY GOAT
205* 6.4.4 LEARNING ABAUT MALICIOUS NETWORK TRAFFIE 206* 6.5 SUMMARY
207* 7 HYBRID SYSTEMS 209* 7.1 COLLAPSAR 211* 7.2 POTEMKIN 214* 7.3
ROLEPLAYER 220* 7.4 RESEARCH SUMMARY 224* 7.5 BUILDING YOUR OWN HYBRID
HONEYPOT SYSTEM 224* 7.5.1 NAT AND HIGH-INTERAETION HONEYPOTS 224* 7.5.2
HONEYD AND HIGH-INTERACTION HONEYPOT 228* 7.6 SUMMARY 230* 8 ELIENT
HONEYPOTS 231* 8.1 LEARNING MORE ABOUT CLIENT-SIDE THREATS 232* 8.1.1 A
CLOSER LOOK AT MS04-040 233* 8.1.2 OTHER TYPES OF CLIENT-SIDE ATTAEKS
236* 8.1.3 TOWARD CLIENT HONEYPOTS 238* 8.2 LOW-INTERAETION CLIENT
HONEYPOTS 241* CONTENTS XL 8.2.1 LEARNING ABOUT MALICIOUS WEBSITES 241*
8.2.2 HONEYC 246* 8.3 HIGH-INTERACTION CLIENT HONEYPOTS 253* 8.3.1
DESIGN OFHIGH-INTERACTION CLIENT HONEYPOTS 254* 8.3.2 HONEYCLIENT 258*
8.3.3 CAPTURE-HPC 260* 8.3.4 HONEYMONKEY 262* 8.4 OTHER APPROACHES 263*
8.4.1 STUDYING SPYWARE ON THE INTERNET 264* 8.4.2 SPYBYE 267* 8.4.3
SITEADVISOR 270* 8.4.4 FURTHER RESEARCH 271* 8.5 SUMMARY 272* 9
DETECTING HONEYPOTS 273* 9.1 DETECTING LOW-INTERACTION HONEYPOTS 274*
9.2 DETECTING HIGH-INTERACTION HONEYPOTS 280* 9.2.1 DETECTING AND
DISABLING SEBEK 281* 9.2.2 DETECTING THE HONEYWALL 285* 9.2.3
CIRCUMVENTING HONEYNET LOGGING 286* 9.2.4 VMWARE AND OTHER VIRTUAL
MACHINES 289* 9.2.5 QEMU 297* 9.2.6 USER-MODE LINUX 298* 9.3 DETECTING
ROOTKITS 302* 9.4 SUMMARY 305* 10 CASE STUDIES 307* 10.1 BLAST-O-MAT:
USING NEPENTHES TO DETECT INFECTED CLIENTS 308* 10.1.1 MOTIVATION 309*
10.1.2 NEPENTHES AS PART OF AN INTRUSION DETECTION SYSTEM 311* 10.1.3
MITIGATION OFINFECTED SYSTEMS 312* 10.1.4 A MODERN TROJAN: HAXDOOR 316*
10.1.5 LESSONS LEARNED WITH BLAST-O-MAT 320* 10.1.6 LIGHTWEIGHT IDS
BASED ON NEPENTHES 321* 10.1.7 SURFNET IDS 325* 10.2 SEARCH WORMS 327*
10.3 RED HAT 8.0 COMPROMISE 332* 10.3.1 ATTACK SUMMARY 334* 10.3.2
ATTACK TIMELINE 335* 10.3.3 TOOLS INVOLVED 338* 10.3.4 ATTACK EVALUATION
343* XII CONTENTS 10.4 WINDOWS 2000 COMPROMISE 343* 10.4.1 ATTACK
SUMMARY 344* 10.4.2 ATTACK TIMELINE 345* 10.4.3 TOOLS INVOLVED 347*
10.4.4 ATTACK EVALUATION 350* 10.5 SUSE 9.1 COMPROMISE 351* 10.5.1
ATTACK SUMMARY 351* 10.5.2 ATTACK TIMELINE 352* 10.5.3 TOOLS INVOLVED
354* 10.5.4 ATTACK EVALUATION 356* 10.6 SUMMARY 357* 11 TRACKING BOTNETS
359* 11.1 BOT AND BOTNET 101 360* 11.1.1 EXAMPLES OFBOTS 362* 11.1.2
SPYWARE IN THE FORM OF BOTS 366* 11.1.3 BOTNET CONTROL STRUCTURE 369*
11.1.4 DDOS ATTACKS CAUSED BY BOTNETS 372* 11.2 TRACKING BOTNETS 373*
11.2.1 OBSERVING BOTNETS 375* 11.3 CASE STUDIES 376* 11.3.1 MOCBOT AND
MS06-040 381* 11.3.2 OTHER OBSERVATIONS 384* 11.4 DEFENDING AGAINST BOTS
387* 11.5 SUMMARY 390* 12 ANALYZING MALWARE WITH CWSANDBOX 391* 12.1
CWSANDBOX OVERVIEW 392* 12.2 BEHAVIOR-BASED MALWARE ANALYSIS 394* 12.2.1
CODE ANALYSIS 394* 12.2.2 BEHAVIOR ANALYSIS 395* 12.2.3 API HOOKING 396*
12.2.4 CODE INJECTION 400* 12.3 CWSANDBOX - SYSTEM DESCRIPTION 401*
12.3.1 ARCHITECTURE 402* 12.4 RESULTS 405* 12.4.1 EXAMPLE ANALYSIS
REPORT 406* 12.4.2 LARGE-SCALE ANALYSIS 411* 12.5 SUMMARY 413*
BIBLIOGRAPHY 415* INDEX 423*
|
adam_txt |
* * * * * * * * * * PREFACE XTTL ACKNOWLEDGMENTS XXL ABOUT THE AUTHORS
XXTTL 1 H O N E Y P O T AND N E T W O R K I N G B A C K G R O U
N D 1 * 1.1 BRIEF TCP/IP INTRODUCTION 1* 1.2 HONEYPOT BACKGROUND
7* 1.2.1 HIGH-INTERACTION HONEYPOTS 9* 1.2.2 LOW-INTERACTION HONEYPOTS
10* 1.2.3 PHYSKAL HONEYPOTS 11* 1.2.4 VIRTUAL HONEYPOTS 11* 1.2.5 LEGAL
ASPECTS 12* 1.3 TOOLS OF THE TRADE 13* 1.3.1 TCPDUMP 13* 1.3.2 WIRESHARK
15* 1.3.3 NMAP 16* 2 H I G H - I N T E R A C T I O N H O N E Y P O T
S 19* 2.1 ADVANTAGES AND DISADVANTAGES 20* 2.2 VMWARE 22* 2.2.1
DIFFERENT VMWARE VERSIONS 25* 2.2.2 VIRTUAL NETWORK WITH VMWARE 26*
2.2.3 SETTING UP A VIRTUAL HIGH-INTERACTION HONEYPOT 29* 2.2.4 CREATING
A VIRTUAL HONEYPOT 33* 2.2.5 ADDING ADDITIONAL MONITORING SOFTWARE 37*
2.2.6 CONNECTING THE VIRTUAL HONEYPOT TO THE INTERNET 39* 2.2.7 BUILDING
A VIRTUAL HIGH-INTERACTION HONEYNET 40* 2.3 USER-MODE LINUX 41* 2.3.1
OVERVIEW 41* 2.3.2 INSTALLATION AND SETUP 42* V L L VIII C O N T E N
T S 2.3.3 R U N T I M E FLAGS A N D C O N F I G U R A T I O N
4 6 * 2 . 3 . 4 M O N I T O R I N G U M L - B A S E D H O
N E Y P O T S 5 0 * 2.3.5 C O N N E C T I N G T H E V I R T
U A L H O N E Y P O T TO T H E I N T E R N E T 51* 2 . 3 . 6
B U I L D I N G A V I R T U A L H I G H - I N T E R A C T I
O N H O N E Y N E T 52* 2.4 A R G O S 52* 2.4.1 O V E R V I E W
53* 2 . 4 . 2 I N S T A L L A T I O N A N D S E T U P F O
R ARGOS H O N E Y P O T S 54* 2.5 S A F E G U A R D I N G Y O U
R H O N E Y P O T S 62* 2.5.1 H O N E Y W A L L 63* 2 . 6 S
U M M A R Y 69* 3 LOW-INTERACTION H O N E Y P O T S 71* 3.1 A D
V A N T A G E S A N D D I S A D V A N T A G E S 72* 3.2 D E C E
P T I O N T O O L K I T 73* 3.3 L A B R E A 74* 3.3.1 I N S T A
L L A T I O N A N D S E T U P 75* 3.3.2 O B S E R V A T I O N S
81* 3.4 TINY H O N E Y P O T 81* 3.4.1 I N S T A L L A T I O N
82* 3.4.2 C A P T U R E LOGS 83* 3.4.3 SESSION LOGS 85* 3.4.4 N E T F
I L T E R LOGS 85* 3.4.5 O B S E R V A T I O N S 86* 3.5 G H H
- G O O G L E H A C K H O N E Y P O T 87* 3.5.1 G E N E R A
L I N S T A L L A T I O N 87* 3.5.2 I N S T A L L I N G T H E
T R A N S P A R E N T L I N K 91* 3.5.3 ACCESS L O G G I N G
92* 3 . 6 P H P . H O P - A W E B - B A S E D D E C E P T I
O N F R A M E W O R K 94* 3.6.1 I N S T A L L A T I O N 95*
3.6.2 H I P H O P 96* 3.6.3 P H P M Y A D M I N 97* 3.7 S E C U R
I N G Y O U R L O W - I N T E R A C T I O N H O N E Y P O T S
98* 3.7.1 C H R O O T J A I L 98* 3.7.2 S Y S T R A C E 101* 3
. 8 S U M M A R Y 103* 4 H O N E Y D - T H E BASICS 105*
4.1 O V E R V I E W 106* 4.1.1 F E A T U R E S 107* 4.1.2 I N S T
A L L A T I O N A N D S E T U P 108* IX CONTENTS 4.2 DESIGN
OVERVIEW 109* 4.2.1 INTERACTION ONLY VIA THE NETWORK 111* 4.2.2 MULTIPLE
IP ADDRESSES 111* 4.2.3 DECEIVING FINGERPRINTING TOOLS 111* 4.3
RECEIVING NETWORK DATA 112* 4.4 RUNTIME FLAGS 114* 4.5 CONFIGURATION
115* 4.5.1 CREATE 117* 4.5.2 SET 117* 4.5.3 ADD 121* 4.5.4 BIND 123*
4.5.5 DELETE 124* 4.5.6 INCLUDE 125* 4.6 EXPERIMENTS WITH HONEYD 125*
4.6.1 EXPERIMENTING WITH HONEYD LOCALLY 125* 4.6.2 INTEGRATING VIRTUAL
HONEYPOTS INTO PRODUCTION NETWORKS 128* 4.7 SERVICES 129* 4.8 LOGGING
131* 4.8.1 PACKET-LEVEL LOGGING 131* 4.8.2 SERVICE-LEVEL LOGGING 133*
4.9 SUMMARY 134* 5 HONEYD - ADVANCED TOPICS 135* 5.1 ADVANCED
CONFIGURATION 136* 5.1.1 SET 136* 5.1.2 TARPIT 137* 5.1.3 ANNOTATE 138*
5.2 EMULATING SERVICES 139* 5.2.1 SCRIPTING LANGUAGES 139* 5.2.2 SMTP
139* 5.3 SUBSYSTEMS 142* 5.3.1 OPTIMIZING SUBSYSTEMS 145* 5.4 INTERNA!
PYTHON SERVICES 146* 5.5 DYNAMIC TEMPLATES 148* 5.6 ROUTING TOPOLOGY
150* 5.7 HONEYDSTATS 154* 5.8 HONEYDCTL 156* 5.9 HONEYCOMB 158* 5.10
PERFORMANCE 160* 5.11 SUMMARY 161* X CANTENTS 6 COLLECTING MALWARE WITH
HONEYPOTS 163* 6.1 A PRIMER ON MALICIOUS SOFTWARE 164* 6.2 NEPENTHES - A
HONEYPOT SOLUTION TO CALLEET MALWARE 165* 6.2.1 AREHITEETUREOFNEPENTHES
167* 6.2.2 LIMITATIONS 176* 6.2.3 INSTALLATION AND SETUP 177* 6.2.4
CONFIGURATION 179* 6.2.5 COMMAND LINE FLAGS 181* 6.2.6 ASSIGNING
MULTIPLE IP ADDRESSES 183* 6.2.7 FLEXIBLE DEPLOYMENT 185* 6.2.8
CAPTURING NEW EXPLOITS 186* 6.2.9 IMPLEMENTING VULNERABILITY MODULES
187* 6.2.10 RESULTS 188* 6.2.11 LESSONS LEARNED 196* 6.3 HONEYTRAP 197*
6.3.1 OVERVIEW 197* 6.3.2 INSTALLATION AND CONFIGURATION 200* 6.3.3
RUNNING HONEYTRAP 203* 6.4 OTHER HONEYPOT SOLUTIONS FOR LEARNING ABOUT
MALWARE 204* 6.4.1 MULTIPOT 204* 6.4.2 HONEYBOT 205* 6.4.3 BILLY GOAT
205* 6.4.4 LEARNING ABAUT MALICIOUS NETWORK TRAFFIE 206* 6.5 SUMMARY
207* 7 HYBRID SYSTEMS 209* 7.1 COLLAPSAR 211* 7.2 POTEMKIN 214* 7.3
ROLEPLAYER 220* 7.4 RESEARCH SUMMARY 224* 7.5 BUILDING YOUR OWN HYBRID
HONEYPOT SYSTEM 224* 7.5.1 NAT AND HIGH-INTERAETION HONEYPOTS 224* 7.5.2
HONEYD AND HIGH-INTERACTION HONEYPOT 228* 7.6 SUMMARY 230* 8 ELIENT
HONEYPOTS 231* 8.1 LEARNING MORE ABOUT CLIENT-SIDE THREATS 232* 8.1.1 A
CLOSER LOOK AT MS04-040 233* 8.1.2 OTHER TYPES OF CLIENT-SIDE ATTAEKS
236* 8.1.3 TOWARD CLIENT HONEYPOTS 238* 8.2 LOW-INTERAETION CLIENT
HONEYPOTS 241* CONTENTS XL 8.2.1 LEARNING ABOUT MALICIOUS WEBSITES 241*
8.2.2 HONEYC 246* 8.3 HIGH-INTERACTION CLIENT HONEYPOTS 253* 8.3.1
DESIGN OFHIGH-INTERACTION CLIENT HONEYPOTS 254* 8.3.2 HONEYCLIENT 258*
8.3.3 CAPTURE-HPC 260* 8.3.4 HONEYMONKEY 262* 8.4 OTHER APPROACHES 263*
8.4.1 STUDYING SPYWARE ON THE INTERNET 264* 8.4.2 SPYBYE 267* 8.4.3
SITEADVISOR 270* 8.4.4 FURTHER RESEARCH 271* 8.5 SUMMARY 272* 9
DETECTING HONEYPOTS 273* 9.1 DETECTING LOW-INTERACTION HONEYPOTS 274*
9.2 DETECTING HIGH-INTERACTION HONEYPOTS 280* 9.2.1 DETECTING AND
DISABLING SEBEK 281* 9.2.2 DETECTING THE HONEYWALL 285* 9.2.3
CIRCUMVENTING HONEYNET LOGGING 286* 9.2.4 VMWARE AND OTHER VIRTUAL
MACHINES 289* 9.2.5 QEMU 297* 9.2.6 USER-MODE LINUX 298* 9.3 DETECTING
ROOTKITS 302* 9.4 SUMMARY 305* 10 CASE STUDIES 307* 10.1 BLAST-O-MAT:
USING NEPENTHES TO DETECT INFECTED CLIENTS 308* 10.1.1 MOTIVATION 309*
10.1.2 NEPENTHES AS PART OF AN INTRUSION DETECTION SYSTEM 311* 10.1.3
MITIGATION OFINFECTED SYSTEMS 312* 10.1.4 A MODERN TROJAN: HAXDOOR 316*
10.1.5 LESSONS LEARNED WITH BLAST-O-MAT 320* 10.1.6 LIGHTWEIGHT IDS
BASED ON NEPENTHES 321* 10.1.7 SURFNET IDS 325* 10.2 SEARCH WORMS 327*
10.3 RED HAT 8.0 COMPROMISE 332* 10.3.1 ATTACK SUMMARY 334* 10.3.2
ATTACK TIMELINE 335* 10.3.3 TOOLS INVOLVED 338* 10.3.4 ATTACK EVALUATION
343* XII CONTENTS 10.4 WINDOWS 2000 COMPROMISE 343* 10.4.1 ATTACK
SUMMARY 344* 10.4.2 ATTACK TIMELINE 345* 10.4.3 TOOLS INVOLVED 347*
10.4.4 ATTACK EVALUATION 350* 10.5 SUSE 9.1 COMPROMISE 351* 10.5.1
ATTACK SUMMARY 351* 10.5.2 ATTACK TIMELINE 352* 10.5.3 TOOLS INVOLVED
354* 10.5.4 ATTACK EVALUATION 356* 10.6 SUMMARY 357* 11 TRACKING BOTNETS
359* 11.1 BOT AND BOTNET 101 360* 11.1.1 EXAMPLES OFBOTS 362* 11.1.2
SPYWARE IN THE FORM OF BOTS 366* 11.1.3 BOTNET CONTROL STRUCTURE 369*
11.1.4 DDOS ATTACKS CAUSED BY BOTNETS 372* 11.2 TRACKING BOTNETS 373*
11.2.1 OBSERVING BOTNETS 375* 11.3 CASE STUDIES 376* 11.3.1 MOCBOT AND
MS06-040 381* 11.3.2 OTHER OBSERVATIONS 384* 11.4 DEFENDING AGAINST BOTS
387* 11.5 SUMMARY 390* 12 ANALYZING MALWARE WITH CWSANDBOX 391* 12.1
CWSANDBOX OVERVIEW 392* 12.2 BEHAVIOR-BASED MALWARE ANALYSIS 394* 12.2.1
CODE ANALYSIS 394* 12.2.2 BEHAVIOR ANALYSIS 395* 12.2.3 API HOOKING 396*
12.2.4 CODE INJECTION 400* 12.3 CWSANDBOX - SYSTEM DESCRIPTION 401*
12.3.1 ARCHITECTURE 402* 12.4 RESULTS 405* 12.4.1 EXAMPLE ANALYSIS
REPORT 406* 12.4.2 LARGE-SCALE ANALYSIS 411* 12.5 SUMMARY 413*
BIBLIOGRAPHY 415* INDEX 423* |
any_adam_object | 1 |
any_adam_object_boolean | 1 |
author | Provos, Niels Holz, Thorsten |
author_facet | Provos, Niels Holz, Thorsten |
author_role | aut aut |
author_sort | Provos, Niels |
author_variant | n p np t h th |
building | Verbundindex |
bvnumber | BV023201935 |
callnumber-first | Q - Science |
callnumber-label | QA76 |
callnumber-raw | QA76.9.A25 |
callnumber-search | QA76.9.A25 |
callnumber-sort | QA 276.9 A25 |
callnumber-subject | QA - Mathematics |
ctrlnum | (OCoLC)128237865 (DE-599)BVBBV023201935 |
dewey-full | 005.8 |
dewey-hundreds | 000 - Computer science, information, general works |
dewey-ones | 005 - Computer programming, programs, data, security |
dewey-raw | 005.8 |
dewey-search | 005.8 |
dewey-sort | 15.8 |
dewey-tens | 000 - Computer science, information, general works |
discipline | Informatik |
discipline_str_mv | Informatik |
format | Book |
fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01805nam a2200457zc 4500</leader><controlfield tag="001">BV023201935</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20080314 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">080306s2008 xxua||| |||| 00||| eng d</controlfield><datafield tag="010" ind1=" " ind2=" "><subfield code="a">2007020022</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0321336321</subfield><subfield code="c">pbk. : alk. paper</subfield><subfield code="9">0-321-33632-1</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780321336323</subfield><subfield code="9">978-0-321-33632-3</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)128237865</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV023201935</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-29T</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Provos, Niels</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Virtual honeypots</subfield><subfield code="b">from botnet tracking to intrusion detection</subfield><subfield code="c">Niels Provos ; Thorsten Holz</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Upper Saddle River, NJ [u.a.]</subfield><subfield code="b">Addison-Wesley</subfield><subfield code="c">2008</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXIII, 440 S.</subfield><subfield code="b">Ill.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references (p. 415-421) and index</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Rechnernetz</subfield><subfield code="0">(DE-588)4070085-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Wurm</subfield><subfield code="g">Informatik</subfield><subfield code="0">(DE-588)4779907-9</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Eindringerkennung</subfield><subfield code="0">(DE-588)4706627-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Rechnernetz</subfield><subfield code="0">(DE-588)4070085-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Wurm</subfield><subfield code="g">Informatik</subfield><subfield code="0">(DE-588)4779907-9</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Eindringerkennung</subfield><subfield code="0">(DE-588)4706627-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Holz, Thorsten</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2=" "><subfield code="u">http://www.loc.gov/catdir/toc/ecip0718/2007020022.html</subfield><subfield code="3">Table of contents only</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">OEBV Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016388145&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-016388145</subfield></datafield></record></collection> |
id | DE-604.BV023201935 |
illustrated | Illustrated |
index_date | 2024-07-02T20:08:28Z |
indexdate | 2024-07-09T21:12:57Z |
institution | BVB |
isbn | 0321336321 9780321336323 |
language | English |
lccn | 2007020022 |
oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-016388145 |
oclc_num | 128237865 |
open_access_boolean | |
owner | DE-29T |
owner_facet | DE-29T |
physical | XXIII, 440 S. Ill. |
publishDate | 2008 |
publishDateSearch | 2008 |
publishDateSort | 2008 |
publisher | Addison-Wesley |
record_format | marc |
spelling | Provos, Niels Verfasser aut Virtual honeypots from botnet tracking to intrusion detection Niels Provos ; Thorsten Holz Upper Saddle River, NJ [u.a.] Addison-Wesley 2008 XXIII, 440 S. Ill. txt rdacontent n rdamedia nc rdacarrier Includes bibliographical references (p. 415-421) and index Computer security Rechnernetz (DE-588)4070085-9 gnd rswk-swf Wurm Informatik (DE-588)4779907-9 gnd rswk-swf Eindringerkennung (DE-588)4706627-1 gnd rswk-swf Rechnernetz (DE-588)4070085-9 s Wurm Informatik (DE-588)4779907-9 s Eindringerkennung (DE-588)4706627-1 s DE-604 Holz, Thorsten Verfasser aut http://www.loc.gov/catdir/toc/ecip0718/2007020022.html Table of contents only OEBV Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016388145&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis |
spellingShingle | Provos, Niels Holz, Thorsten Virtual honeypots from botnet tracking to intrusion detection Computer security Rechnernetz (DE-588)4070085-9 gnd Wurm Informatik (DE-588)4779907-9 gnd Eindringerkennung (DE-588)4706627-1 gnd |
subject_GND | (DE-588)4070085-9 (DE-588)4779907-9 (DE-588)4706627-1 |
title | Virtual honeypots from botnet tracking to intrusion detection |
title_auth | Virtual honeypots from botnet tracking to intrusion detection |
title_exact_search | Virtual honeypots from botnet tracking to intrusion detection |
title_exact_search_txtP | Virtual honeypots from botnet tracking to intrusion detection |
title_full | Virtual honeypots from botnet tracking to intrusion detection Niels Provos ; Thorsten Holz |
title_fullStr | Virtual honeypots from botnet tracking to intrusion detection Niels Provos ; Thorsten Holz |
title_full_unstemmed | Virtual honeypots from botnet tracking to intrusion detection Niels Provos ; Thorsten Holz |
title_short | Virtual honeypots |
title_sort | virtual honeypots from botnet tracking to intrusion detection |
title_sub | from botnet tracking to intrusion detection |
topic | Computer security Rechnernetz (DE-588)4070085-9 gnd Wurm Informatik (DE-588)4779907-9 gnd Eindringerkennung (DE-588)4706627-1 gnd |
topic_facet | Computer security Rechnernetz Wurm Informatik Eindringerkennung |
url | http://www.loc.gov/catdir/toc/ecip0718/2007020022.html http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=016388145&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |
work_keys_str_mv | AT provosniels virtualhoneypotsfrombotnettrackingtointrusiondetection AT holzthorsten virtualhoneypotsfrombotnettrackingtointrusiondetection |