Virtual Honeypots: From Botnet Tracking to Intrusion Detection
by
Niels Provos; Thorsten Holz
Publisher:
Addison Wesley Professional
Pub Date:
July 16, 2007
Print ISBN-10:
0-321-33632-1
Print ISBN-13:
978-0-321-33632-3
Pages:
480
Table of Contents
|
Index
Copyright
Praise for Virtual Honeypots
Preface
Acknowledgments
About the Authors
Chapter 1. Honeypot and Networking Background
Section 1.1. Brief TCP/IP Introduction
Section 1.2. Honeypot Background
Section 1.3. Tools of the Trade
Chapter 2. High-Interaction Honeypots
Section 2.1. Advantages and Disadvantages
Section 2.2. VMware
Section 2.3. User-Mode Linux
Section 2.4. Argos
Section 2.5. Safeguarding Your Honeypots
Section 2.6. Summary
Chapter 3. Low-Interaction Honeypots
Section 3.1. Advantages and Disadvantages
Section 3.2. Deception Toolkit
Section 3.3. LaBrea
Section 3.4. Tiny Honeypot
Section 3.5. GHH — Google Hack Honeypot
Section 3.6. PHP.HoP — A Web-Based Deception Framework
Section 3.7. Securing Your Low-Interaction Honeypots
Section 3.8. Summary
Chapter 4. Honeyd — The Basics
Section 4.1. Overview
Section 4.2. Design Overview
Section 4.3. Receiving Network Data
Section 4.4. Runtime Flags
Section 4.5. Configuration
Section 4.6. Experiments with Honeyd
Section 4.7. Services
Section 4.8. Logging
Section 4.9. Summary
Chapter 5. Honeyd — Advanced Topics
Section 5.1. Advanced Configuration
Section 5.2. Emulating Services
Section 5.3. Subsystems
Section 5.4. Internal Python Services
Section 5.5. Dynamic Templates
Section 5.6. Routing Topology
Section 5.7. Honeydstats
Section 5.8. Honeydctl
Section 5.9. Honeycomb
Section 5.10. Performance
Section 5.11. Summary
Chapter 6. Collecting Malware with Honeypots
Section 6.1. A Primer on Malicious Software
Section 6.2. Nepenthes — A Honeypot Solution to Collect Malware
Section 6.3. Honeytrap
Section 6.4. Other Honeypot Solutions for Learning About Malware
Section 6.5. Summary
Chapter 7. Hybrid Systems
Section 7.1. Collapsar
Section 7.2. Potemkin
Section 7.3. RolePlayer
Section 7.4. Research Summary
Section 7.5. Building Your Own Hybrid Honeypot System
Section 7.6. Summary
Chapter 8. Client Honeypots
Section 8.1. Learning More About Client-Side Threats
Section 8.2. Low-Interaction Client Honeypots
Section 8.3. High-Interaction Client Honeypots
Section 8.4. Other Approaches
Section 8.5. Summary
Chapter 9. Detecting Honeypots
Section 9.1. Detecting Low-Interaction Honeypots
Section 9.2. Detecting High-Interaction Honeypots
Section 9.3. Detecting Rootkits
Section 9.4. Summary
Chapter 10. Case Studies
Section 10.1. Blast-o-Mat: Using Nepenthes to Detect Infected Clients
Section 10.2. Search Worms
Section 10.3. Red Hat 8.0 Compromise
Section 10.4. Windows 2000 Compromise
Section 10.5. SUSE 9.1 Compromise
Section 10.6. Summary
Chapter 11. Tracking Botnets
Section 11.1. Bot and Botnet 101
Section 11.2. Tracking Botnets
Section 11.3. Case Studies
Section 11.4. Defending Against Bots
Section 11.5. Summary
Chapter 12. Analyzing Malware with CWSandbox
Section 12.1. CWSandbox Overview
Section 12.2. Behavior-Based Malware Analysis
Section 12.3. CWSandbox — System Description
Section 12.4. Results
Section 12.5. Summary
Bibliography
Index