Page 480 - StudyBook.pdf
P. 480
464 Chapter 7 • Topologies and IDS
4. You’ll now need to open a command prompt by clicking Start,
Run and entering cmd in the Open Dialog box.
5. With a command prompt open, you can now start the program
by typing WinDump from the command line. By default, it will
use the first Ethernet adaptor found. You can display the help
screen by typing windump –h. The example below specifies the
second adaptor.
C:\>windump -i 2
6. You should now see the program running. If there is little traffic
on your network, you can open a second command prompt and
ping a host such as www.yahoo.com. The results should be seen in
the screen you have open that is running WinDump as seen
below.
windump: listening on \Device\eth0_
14:07:02.563213 IP earth.137 > 192.168.123.181.137: UDP, length 50
14:07:04.061618 IP earth.137 > 192.168.123.181.137: UDP, length 50
14:07:05.562375 IP earth.137 > 192.168.123.181.137: UDP, length 50
Honeypots and Honeynets
A honeypot is a computer system that is deliberately exposed to public access—usu-
ally on the Internet—for the express purpose of attracting and distracting attackers.
Likewise, a honeynet is a network set up for the same purpose, where attackers not
only find vulnerable services or servers but also find vulnerable routers, firewalls,
and other network boundary devices, security applications, and so forth. In other
words, these are the technical equivalent of the familiar police “sting” operation.
Although the strategy involved in luring hackers to spend time investigating attrac-
tive network devices or servers can cause its own problems, finding ways to lure
intruders into a system or network improves the odds of being able to identify
those intruders and pursue them more effectively. Figure 7.14 shows a graphical
representation of the honeypot concept in action.
www.syngress.com
