INDEX

A

A record type, 96

AAAA record type, 96

access attacks

backdoors and trojans, 327–331

malware, 325–327

questions, 346–349

references, 349–351

review, 346

rootkits. See rootkits

vulnerabilities, 285

access lists in IP address spoofing, 243

access requirements in incident response, 28

account information

harvesting, 290–296

Linux investigations, 57–59

Windows investigations, 40–43

ACK flag

flood attacks, 269

nmap scans, 136

TCP, 128–129

ack mode in Covert_TCP, 370

ack.rb script, 175

active traffic sniffing, 245–246

ARP cache poisoning, 247–250

defending against, 258–259

DNS poisoning, 250–252

MAC flooding, 246–247

SSL stripping, 256–258

SSL/TLS and SSH attacks, 252–256

switch port stealing, 250

adapters for incident handling, 30

Address ...

Get GCIH GIAC Certified Incident Handler All-in-One Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial