| |
| |
| |
| Reading Log Files | |
| |
| |
| TCPdump | |
| |
| |
| Snort | |
| |
| |
| Syslog | |
| |
| |
| Commercial Intrusion Detection Systems | |
| |
| |
| Firewalls and Perimeter Defenses | |
| |
| |
| Summary | |
| |
| |
| |
| Introduction to the Practicals | |
| |
| |
| The Network or System Trace | |
| |
| |
| Analysis Example | |
| |
| |
| Correlations | |
| |
| |
| Evidence of Active Targeting | |
| |
| |
| Severity | |
| |
| |
| Defensive Recommendation | |
| |
| |
| Multiple-Choice Question | |
| |
| |
| Summary | |
| |
| |
| |
| The Most Critical Internet Security Threats (Part 1) | |
| |
| |
| BIND Weaknesses | |
| |
| |
| Vulnerable Common Gateway Interface Programs | |
| |
| |
| Remote Procedure Call Weaknesses | |
| |
| |
| Remote Data Services Hole in Microsoft Internet Information Server | |
| |
| |
| Sendmail Attacks | |
| |
| |
| Summary | |
| |
| |
| |
| The Most Critical Internet Security Threats (Part 2) | |
| |
| |
| sadmind and mountd Buffer Overflows | |
| |
| |
| Improperly Configured File Sharing | |
| |
| |
| Passwords | |
| |
| |
| IMAP and POP Server Buffer Overflows | |
| |
| |
| Default SNMP Community Strings | |
| |
| |
| Summary | |
| |
| |
| |
| Non-Malicious Traffic | |
| |
| |
| Internet Protocol | |
| |
| |
| Transmission Control Protocol | |
| |
| |
| TCP's Three-Way Handshake | |
| |
| |
| Putting It All Together | |
| |
| |
| Example of Non-Malicious Traffic | |
| |
| |
| Summary | |
| |
| |
| |
| Perimeter Logs | |
| |
| |
| Cisco Routers | |
| |
| |
| Cisco PIX Firewall | |
| |
| |
| Check Point Firewall-1 | |
| |
| |
| Sidewinder Firewall | |
| |
| |
| IP chains | |
| |
| |
| Portsentry | |
| |
| |
| Summary | |
| |
| |
| |
| Reactions and Responses | |
| |
| |
| IP Spoofing Stimuli | |
| |
| |
| IP Spoofing Responses | |
| |
| |
| Third-Party Effects | |
| |
| |
| Invalid Application Data | |
| |
| |
| Intrusion Detection System Responses to Stimuli | |
| |
| |
| Summary | |
| |
| |
| |
| Network Mapping | |
| |
| |
| Scans for Services | |
| |
| |
| Telnet | |
| |
| |
| NetBIOS Wildcard Scan | |
| |
| |
| Network Map Acquisition--DNS Zone Transfer | |
| |
| |
| Stealthy Scanning Techniques | |
| |
| |
| Summary | |
| |
| |
| |
| Scans That Probe Systems for Information | |
| |
| |
| NMAP | |
| |
| |
| Netcat | |
| |
| |
| Unsolicited Port Access | |
| |
| |
| Effective Reconnaissance | |
| |
| |
| Summary | |
| |
| |
| |
| Denial of Service--Resource Starvation | |
| |
| |
| What Is a DoS Attack? | |
| |
| |
| The Traces--Good Packets Gone Bad | |
| |
| |
| Things That Just Don't Belong | |
| |
| |
| SYN Floods | |
| |
| |
| Small Footprint DoS | |
| |
| |
| Telnet DoS Attack | |
| |
| |
| Summary | |
| |
| |
| |
| Denial of Service--Bandwidth Consumption | |
| |
| |
| Amplification | |
| |
| |
| Looping Attacks | |
| |
| |
| Spoofed DNS Queries | |
| |
| |
| Strange FTP Activity | |
| |
| |
| Router Denial-of-Service Attacks | |
| |
| |
| Using SNMP for Reconnaissance | |
| |
| |
| Summary | |
| |
| |
| |
| Trojans | |
| |
| |
| Trolling for Trojans | |
| |
| |
| Still Trolling for Trojans | |
| |
| |
| Deep Throat | |
| |
| |
| Loki | |
| |
| |
| Summary | |
| |
| |
| |
| Exploits | |
| |
| |
| ICMP Redirect | |
| |
| |
| Web Server Exploit | |
| |
| |
| SGI Object Server | |
| |
| |
| SNMP | |
| |
| |
| Summary | |
| |
| |
| |
| Buffer Overflows with Content | |
| |
| |
| Fundamentals of Buffer Overflows | |
| |
| |
| Examples of Buffer Overflows | |
| |
| |
| Detecting Buffer Overflows by Protocol Signatures | |
| |
| |
| Detecting Buffer Overflows by Payload Signatures | |
| |
| |
| Script Signatures | |
| |
| |
| Abnormal Responses | |
| |
| |
| Defending Against Buffer Overflows | |
| |
| |
| Summary | |
| |
| |
| |
| Fragmentation | |
| |
| |
| Boink Fragment Attack | |
| |
| |
| Teardrop | |
| |
| |
| Teardrop 2 | |
| |
| |
| evilPing | |
| |
| |
| Modified Ping of Death | |
| |
| |
| Summary | |
| |
| |
| |
| False Positives | |
| |
| |
| Traceroute | |
| |
| |
| Real Time Streaming Protocol | |
| |
| |
| FTP | |
| |
| |
| User Errors | |
| |
| |
| Legitimate Requests Using Nonstandard Ports | |
| |
| |
| Sendmail | |
| |
| |
| Summary | |
| |
| |
| |
| Out-of-Spec Packets | |
| |
| |
| Stimulus and Response Review | |
| |
| |
| SYN-FIN Traces | |
| |
| |
| Christmas Tree Scans / Demon-Router Syndrome | |
| |
| |
| Fragmentation and Out-of-Spec | |
| |
| |
| Time Fragments | |
| |
| |
| Summary | |
| |
| |
| Appendix | |
| |
| |
| Index | |