| |
| |
| |
Reading Log Files | |
| |
| |
TCPdump | |
| |
| |
Snort | |
| |
| |
Syslog | |
| |
| |
Commercial Intrusion Detection Systems | |
| |
| |
Firewalls and Perimeter Defenses | |
| |
| |
Summary | |
| |
| |
| |
Introduction to the Practicals | |
| |
| |
The Network or System Trace | |
| |
| |
Analysis Example | |
| |
| |
Correlations | |
| |
| |
Evidence of Active Targeting | |
| |
| |
Severity | |
| |
| |
Defensive Recommendation | |
| |
| |
Multiple-Choice Question | |
| |
| |
Summary | |
| |
| |
| |
The Most Critical Internet Security Threats (Part 1) | |
| |
| |
BIND Weaknesses | |
| |
| |
Vulnerable Common Gateway Interface Programs | |
| |
| |
Remote Procedure Call Weaknesses | |
| |
| |
Remote Data Services Hole in Microsoft Internet Information Server | |
| |
| |
Sendmail Attacks | |
| |
| |
Summary | |
| |
| |
| |
The Most Critical Internet Security Threats (Part 2) | |
| |
| |
sadmind and mountd Buffer Overflows | |
| |
| |
Improperly Configured File Sharing | |
| |
| |
Passwords | |
| |
| |
IMAP and POP Server Buffer Overflows | |
| |
| |
Default SNMP Community Strings | |
| |
| |
Summary | |
| |
| |
| |
Non-Malicious Traffic | |
| |
| |
Internet Protocol | |
| |
| |
Transmission Control Protocol | |
| |
| |
TCP's Three-Way Handshake | |
| |
| |
Putting It All Together | |
| |
| |
Example of Non-Malicious Traffic | |
| |
| |
Summary | |
| |
| |
| |
Perimeter Logs | |
| |
| |
Cisco Routers | |
| |
| |
Cisco PIX Firewall | |
| |
| |
Check Point Firewall-1 | |
| |
| |
Sidewinder Firewall | |
| |
| |
IP chains | |
| |
| |
Portsentry | |
| |
| |
Summary | |
| |
| |
| |
Reactions and Responses | |
| |
| |
IP Spoofing Stimuli | |
| |
| |
IP Spoofing Responses | |
| |
| |
Third-Party Effects | |
| |
| |
Invalid Application Data | |
| |
| |
Intrusion Detection System Responses to Stimuli | |
| |
| |
Summary | |
| |
| |
| |
Network Mapping | |
| |
| |
Scans for Services | |
| |
| |
Telnet | |
| |
| |
NetBIOS Wildcard Scan | |
| |
| |
Network Map Acquisition--DNS Zone Transfer | |
| |
| |
Stealthy Scanning Techniques | |
| |
| |
Summary | |
| |
| |
| |
Scans That Probe Systems for Information | |
| |
| |
NMAP | |
| |
| |
Netcat | |
| |
| |
Unsolicited Port Access | |
| |
| |
Effective Reconnaissance | |
| |
| |
Summary | |
| |
| |
| |
Denial of Service--Resource Starvation | |
| |
| |
What Is a DoS Attack? | |
| |
| |
The Traces--Good Packets Gone Bad | |
| |
| |
Things That Just Don't Belong | |
| |
| |
SYN Floods | |
| |
| |
Small Footprint DoS | |
| |
| |
Telnet DoS Attack | |
| |
| |
Summary | |
| |
| |
| |
Denial of Service--Bandwidth Consumption | |
| |
| |
Amplification | |
| |
| |
Looping Attacks | |
| |
| |
Spoofed DNS Queries | |
| |
| |
Strange FTP Activity | |
| |
| |
Router Denial-of-Service Attacks | |
| |
| |
Using SNMP for Reconnaissance | |
| |
| |
Summary | |
| |
| |
| |
Trojans | |
| |
| |
Trolling for Trojans | |
| |
| |
Still Trolling for Trojans | |
| |
| |
Deep Throat | |
| |
| |
Loki | |
| |
| |
Summary | |
| |
| |
| |
Exploits | |
| |
| |
ICMP Redirect | |
| |
| |
Web Server Exploit | |
| |
| |
SGI Object Server | |
| |
| |
SNMP | |
| |
| |
Summary | |
| |
| |
| |
Buffer Overflows with Content | |
| |
| |
Fundamentals of Buffer Overflows | |
| |
| |
Examples of Buffer Overflows | |
| |
| |
Detecting Buffer Overflows by Protocol Signatures | |
| |
| |
Detecting Buffer Overflows by Payload Signatures | |
| |
| |
Script Signatures | |
| |
| |
Abnormal Responses | |
| |
| |
Defending Against Buffer Overflows | |
| |
| |
Summary | |
| |
| |
| |
Fragmentation | |
| |
| |
Boink Fragment Attack | |
| |
| |
Teardrop | |
| |
| |
Teardrop 2 | |
| |
| |
evilPing | |
| |
| |
Modified Ping of Death | |
| |
| |
Summary | |
| |
| |
| |
False Positives | |
| |
| |
Traceroute | |
| |
| |
Real Time Streaming Protocol | |
| |
| |
FTP | |
| |
| |
User Errors | |
| |
| |
Legitimate Requests Using Nonstandard Ports | |
| |
| |
Sendmail | |
| |
| |
Summary | |
| |
| |
| |
Out-of-Spec Packets | |
| |
| |
Stimulus and Response Review | |
| |
| |
SYN-FIN Traces | |
| |
| |
Christmas Tree Scans / Demon-Router Syndrome | |
| |
| |
Fragmentation and Out-of-Spec | |
| |
| |
Time Fragments | |
| |
| |
Summary | |
| |
| |
Appendix | |
| |
| |
Index | |