462
Index
restricting access of, 107
logs
See also
logging
antivirus software, 198–207
event, 184–192
firewall, 192–198
and
law enforcement, 394
ourmon event, 324–329, 340
Lopht Crack password cracker, 43
lost botnet hosts, 330–331
M
MAC addresses
Layer 2 switches and isolation
techniques, 151–152
locking down, 154
Macanan, John, 2
mailing lists, security information,
402–403
malicious operations performed by
botnets, 378–383
Malicious Software Removal Tool
(Microsoft), 5, 22, 25
malware
See also specific program
backdoors, 111
detection, 164–168
getting binary updates, 376–378
man-in-the-middle (MITM) attacks,
43–44, 87
Maxwell, Christopher, 21, 51
membership organizations,
qualifications, 403–404, 415
mesh, botnet environment, 225
messages, sniffing IRC, 329–333
Microsoft
See also specific product
antivirus reward program, 27
File Share system vulnerability, 213
phishing case, 423
Microsoft File Share (CIFS), 150
Milkit, 12
mIRC, bot technology and, 9
Mitglieder Trojan, 51
MITM (man-in-the-middle) attacks,
43–44, 87
money
transfers, ransomware and,
60–61
monitoring
infected hosts, 435
networks, tools for, 140–148
movie piracy, 55
MPAA (Motion Picture Arts
Association) and stolen
intellectual property, 57–58
MS Blaster worm, 21
msdirectx.sys, 103
multihoming, and Command and
Control (C&C) servers, 82
My Doom, 12
MySQL, 169
Mytob bot, 15, 124–128, 131
N
names
channel, and hackers, 297
domain, 81–82
malware, 112
NANOG (North American
Network Operators Group),
401
NAPI architecture, 337
Naraine, Ryan, 2, 22, 26
Nepenthes, 350, 444
NetBEUI, Agobot and, 116
NetBIOS, and botnet scanning, 42
Netflow, network
monitoring with,
146–148
netstat utility, 103
network based intrusion detection
systems (NIDS), 156
network forensics, 180, 215
network infrastructure
network monitoring with SNMP
tools, Netflow, 140–148
tools and techniques, 140–143,
209–210
network shares and botnet infection,
130
network telescope, 177
networks
infrastructure.
See
network
infrastructure
IRC, 288
ngrep tool, 296, 312, 331–332
NIDS (network
based intrusion
detection systems), 156
Norman SandBox, 346
NTSyslog, 192
O
obtaining information from botnets,
346–348
OECD (Organization of
Economically Cooperating
Democracies), 75
Oikarinen, Jarkko, 6
on-demand, on-access scanning, 214
open source vs. commercial products,
174
Operation Cyberslam, 18, 20
operations, malicious, performed by
botnets, 378–383
optimizing the system, 334–338, 342
Organization of Economically
Cooperating
Democracies
(OECD), 75
organizational resources on botnet
threats, 398–403
OS X (Macintosh), antivirus software
for, 215
Osterman, Larry, 153
ourmon tool
anomaly detection principles,
252–254
anomaly detection tools generally,
246–247
architecture of, 227–231
automated packet capture,
314–324, 339–340
case studies of using, 220–227
detecting IRC client botnets,
298–303
e-mail
anomaly detection,
275–278
event logs, 324–329
installing, 231–238, 241
IRC facility, 286
overview of, 218–219, 239–243
RRDTOOL statistics, IRC
reports, 290–298
Web interface, 247–252, 279–280
P
P2P (peer-to-peer)
and Agobot, 116–118
botnets, 86, 452
packet capture, automated (ourmon),
314–324, 339–340
packet size and DoS attacks, 323–324
packet sniffing, 140
Parson, Jeffrey, 21–22
Do'stlaringiz bilan baham: