INDEX

A

A record type, 96

AAAA record type, 96

access attacks

backdoors and trojans, 327–331

malware, 325–327

questions, 346–349

references, 349–351

review, 346

rootkits. See rootkits

vulnerabilities, 285

access lists in IP address spoofing, 243

access requirements in incident response, 28

account information

harvesting, 290–296

Linux investigations, 57–59

Windows investigations, 40–43

ACK flag

flood attacks, 269

nmap scans, 136

TCP, 128–129

ack mode in Covert_TCP, 370

ack.rb script, 175

active traffic sniffing, 245–246

ARP cache poisoning, 247–250

defending against, 258–259

DNS poisoning, 250–252

MAC flooding, 246–247

SSL stripping, 256–258

SSL/TLS and SSH attacks, 252–256

switch port stealing, 250

adapters for incident handling, 30

Address ...

Get GCIH GIAC Certified Incident Handler All-in-One Exam Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.