8/8/2019 ID DD URLS

1/14

Intrusion Detection and Computer Forensics URLS **

Computer Forensics

o

The Honeynet Project's Forensic Challengeo Basic Steps in Forensic Analysis of Unix Systems, David Dittrich (Pasos

Bsicos en Anlisis Forense de Sistemas GNU/Linux, Unix, modified,

updated and translated to Spanish by Ervin S. Odishoo)

o Course notes for Black Hat '00 Unix forensics class, Dominique Brezinski

and David Dittricho The Coroner's Toolkit

Dan Farmer & Wietse Venema's class on computer forensic

analysisForensic Computer Analysis: An Introduction -- Reconstructing

past events, By Dan Farmer and Wietse Venema, Dr. Dobb's

Journal, September 2000 What Are MACtimes?: Powerful tools for digital databases, By

Dan Farmer, Dr. Dobb's Journal, October 2000

Strangers In the Night: Finding the purpose of an unknown

program, by Wietse Venema, Dr. Dobb's Journal, November 2000

Computer Forensics Column, Errata

o Brian Carrier's Sleuthkit (formerly TASK, formerly TCT-Utils)

Sleuthkit

Autopsy Browser

o Notes on updating Red Hat Linux 7.1 to support >2GB images with TCT,

TCTUTILS & Autopsy (see alsoLarge File Support in Linux)

o Organizations/conferences International Association of Computer Investigative Specialists

(IACIS)o Digital Timestamping

Stamper digital timestamping service

What is digital timestamping?, RSA Cryptography FAQ section7.11

Time Stamp Protocol, by Byun, Jung-Soo

Time is of the Essense: Electronic documents will only stand up incourt if the who, what, and when they represent are unassailable,

by Charles R. Merrill, CIO.com, March 15, 2000

o Guidelines and standards Digital Evidence in the Courtroom: A Guide for Preparing Digital

Evidence for Courtroom Presentation (PDF), draft standard,

National Institute for Justice [You may comment on this draftdocument by sending comments to natlctr@mail.ucf.edu, or faxing

them to NCFS at 407-823-3162, or mailing them to NCFS, P.O.

Box 162367, Orlando, Florida, 32816 by May 12, 2003.)

http://project.honeynet.org/challenge/http://staff.washington.edu/dittrich/misc/forensics/http://staff.washington.edu/dittrich/misc/forensics/http://www.activalink.net/forensics.phphttp://www.activalink.net/forensics.phphttp://staff.washington.edu/dittrich/talks/blackhat/http://www.porcupine.org/forensics/tct.htmlhttp://www.fish.com/security/forensics.htmlhttp://www.fish.com/security/forensics.htmlhttp://www.ddj.com/articles/2000/0009/0009f/0009f.htmhttp://www.ddj.com/articles/2000/0009/0009f/0009f.htmhttp://www.ddj.com/articles/2000/0010/0010f/0010f.htmhttp://www.ddj.com/articles/2000/0011/0011g/0011g.htmhttp://www.ddj.com/articles/2000/0011/0011g/0011g.htmhttp://www.porcupine.org/forensics/errata.htmlhttp://sleuthkit.sourceforge.net/http://autopsy.sourceforge.net/http://staff.washington.edu/dittrich/misc/largefiles.txthttp://staff.washington.edu/dittrich/misc/largefiles.txthttp://staff.washington.edu/dittrich/misc/largefiles.txthttp://www.suse.de/~aj/linux_lfs.htmlhttp://www.suse.de/~aj/linux_lfs.htmlhttp://www.cops.org/http://www.itconsult.co.uk/stamper.htmhttp://www.rsasecurity.com/rsalabs/faq/7-11.htmlhttp://www.rsasecurity.com/rsalabs/faq/7-11.htmlhttp://www.univ-tln.fr/~byun/timestamp.htmlhttp://www.cio.com/archive/031500_fine.htmlhttp://www.cio.com/archive/031500_fine.htmlhttp://www.ncfs.org/DE_courtroomdraft.pdfhttp://www.ncfs.org/DE_courtroomdraft.pdfhttp://project.honeynet.org/challenge/http://staff.washington.edu/dittrich/misc/forensics/http://www.activalink.net/forensics.phphttp://www.activalink.net/forensics.phphttp://staff.washington.edu/dittrich/talks/blackhat/http://www.porcupine.org/forensics/tct.htmlhttp://www.fish.com/security/forensics.htmlhttp://www.fish.com/security/forensics.htmlhttp://www.ddj.com/articles/2000/0009/0009f/0009f.htmhttp://www.ddj.com/articles/2000/0009/0009f/0009f.htmhttp://www.ddj.com/articles/2000/0010/0010f/0010f.htmhttp://www.ddj.com/articles/2000/0011/0011g/0011g.htmhttp://www.ddj.com/articles/2000/0011/0011g/0011g.htmhttp://www.porcupine.org/forensics/errata.htmlhttp://sleuthkit.sourceforge.net/http://autopsy.sourceforge.net/http://staff.washington.edu/dittrich/misc/largefiles.txthttp://staff.washington.edu/dittrich/misc/largefiles.txthttp://www.suse.de/~aj/linux_lfs.htmlhttp://www.cops.org/http://www.itconsult.co.uk/stamper.htmhttp://www.rsasecurity.com/rsalabs/faq/7-11.htmlhttp://www.univ-tln.fr/~byun/timestamp.htmlhttp://www.cio.com/archive/031500_fine.htmlhttp://www.cio.com/archive/031500_fine.htmlhttp://www.ncfs.org/DE_courtroomdraft.pdfhttp://www.ncfs.org/DE_courtroomdraft.pdf

8/8/2019 ID DD URLS

2/14

Field Guidance on New Authorities (Redacted), enacted in the

2001 Anti-terrorism Legislation ("USA Patriot Act"), issued by the

Department of Justice How the FBI Investigates Computer Crime, CERT Coordination

Center

U.S. Department of Energy Computer Forensic Laboratory's FirstResponder's Manual (PDF)

Searching and Seizing Computers and Obtaining Electronic

Evidence in Criminal Investigations, Computer Crime andIntellectual Property Section, Criminal Division, United States

Department of Justice, January 2001 (PDF Version)

Evidence Examinations -- Computer Examinations, Handbook of

Forensic Services, U.S. Department of Justice, FBI Digital Evidence: Standards and Principles, Forensic Science

Communications, US DoJ, April 2000, Volume 2, Number 2

Recovering and Examining Computer Forensic Evidence, Forensic

Science Communications, US DoJ, October 2000, Volume 2,Number 4

RFC 3227: Guidelines for Evidence Collection and Archiving, byDominique Brezinski and Tom Killalea

An Introduction to the Field Guide for Investigating Computer

Crime, by Timothy E. Wright (Security Focus Incident Handling

focus) Recovering from an Intrusion, by /dev/null

The proposed Filesystem Hierarchy Standard[PDF file]

(Directories/files, their locations, and intended purposes: A goodtopographic map of Unix filesystems.)

o Articles/Journals

Open Source Digital Forensic Tools: The Legal Argument, byBrian Carrier, @stake

Computer forensics specialists in demand as hacking grows, by

Suzanne Monson, Special to The Seattle Times, September 8, 2002 Electronic Data Discovery Primer, by Albert Barsocchini, Law

Technology News, August 28, 2002

Solving the Perfect Computer Crime, by Jay Lyman,

www.NewsFactor.com, February 27, 2002 NT Incident Response Investigations and Analysis, by Harlan

Carvey, Information Security Bulletin, June 2001

A harder day in court for fingerprint, writing experts: US judgelimits testimony of forensic analysts, in a ruling that might alter

how evidence is presented at trial," by Seth Stern, Christian

Science Monitor, January 16, 2002 Cybersleuthing solves the case (and related stories) by Deborah

Radcliff, Computerworld, January 14, 2002

Digital sleuthing uncovers hacking costs, by Robert Lemos,Special to CNET News.com, March 22, 2001

http://www.epic.org/privacy/terrorism/DOJ_guidance.pdfhttp://www.epic.org/privacy/terrorism/DOJ_guidance.pdfhttp://www.cert.org/tech_tips/FBI_investigates_crime.htmlhttp://www.linuxsecurity.com/resource_files/documentation/firstres.pdfhttp://www.linuxsecurity.com/resource_files/documentation/firstres.pdfhttp://www.cybercrime.gov/searchmanual.htmhttp://www.cybercrime.gov/searchmanual.htmhttp://www.cybercrime.gov/searchmanual.pdfhttp://www.fbi.gov/programs/lab/handbook/examscmp.htmhttp://www.fbi.gov/programs/lab/fsc/backissu/april2000/swgde.htmhttp://www.fbi.gov/programs/lab/fsc/backissu/oct2000/computer.htmhttp://www.fbi.gov/programs/lab/fsc/backissu/oct2000/computer.htmftp://ftp.isi.edu/in-notes/rfc3227.txthttp://www.securityfocus.com/frames/?focus=ih&content=/focus/ih/articles/crimeguide1.htmlhttp://www.securityfocus.com/frames/?focus=ih&content=/focus/ih/articles/crimeguide1.htmlhttp://www.nwo.net/null/recovery.htmlhttp://www.nwo.net/null/recovery.htmlhttp://www.pathname.com/fhs/http://www.pathname.com/fhs/http://www.pathname.com/fhs/pub/fhs-2.2.pdfhttp://www.atstake.com/research/reports/index.html#opensource_forensicshttp://www.atstake.com/research/reports/index.html#opensource_forensicshttp://seattletimes.nwsource.com/html/businesstechnology/134531230_forensics08.htmlhttp://seattletimes.nwsource.com/html/businesstechnology/134531230_forensics08.htmlhttp://www.law.com/jsp/article.jsp?id=1029171611801http://www.osopinion.com/perl/story/16502.htmlhttp://www.chi-publishing.com/isb/backissues/ISB_2001/ISB0605/ISB0605HC.pdfhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.computerworld.com/storyba/0,4125,NAV47_STO67299,00.htmlhttp://news.cnet.com/news/0-1005-200-5217277.html?tag=tp_prhttp://www.epic.org/privacy/terrorism/DOJ_guidance.pdfhttp://www.epic.org/privacy/terrorism/DOJ_guidance.pdfhttp://www.cert.org/tech_tips/FBI_investigates_crime.htmlhttp://www.linuxsecurity.com/resource_files/documentation/firstres.pdfhttp://www.linuxsecurity.com/resource_files/documentation/firstres.pdfhttp://www.cybercrime.gov/searchmanual.htmhttp://www.cybercrime.gov/searchmanual.htmhttp://www.cybercrime.gov/searchmanual.pdfhttp://www.fbi.gov/programs/lab/handbook/examscmp.htmhttp://www.fbi.gov/programs/lab/fsc/backissu/april2000/swgde.htmhttp://www.fbi.gov/programs/lab/fsc/backissu/oct2000/computer.htmftp://ftp.isi.edu/in-notes/rfc3227.txthttp://www.securityfocus.com/frames/?focus=ih&content=/focus/ih/articles/crimeguide1.htmlhttp://www.securityfocus.com/frames/?focus=ih&content=/focus/ih/articles/crimeguide1.htmlhttp://www.nwo.net/null/recovery.htmlhttp://www.pathname.com/fhs/http://www.pathname.com/fhs/pub/fhs-2.2.pdfhttp://www.atstake.com/research/reports/index.html#opensource_forensicshttp://seattletimes.nwsource.com/html/businesstechnology/134531230_forensics08.htmlhttp://www.law.com/jsp/article.jsp?id=1029171611801http://www.osopinion.com/perl/story/16502.htmlhttp://www.chi-publishing.com/isb/backissues/ISB_2001/ISB0605/ISB0605HC.pdfhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.computerworld.com/storyba/0,4125,NAV47_STO67299,00.htmlhttp://news.cnet.com/news/0-1005-200-5217277.html?tag=tp_pr

8/8/2019 ID DD URLS

3/14

"Intrusion Detection Systems as Evidence", by Peter Sommer,

Computer Security Research Centre, London School of Economics

& Political Science Advancing Crime Scene Computer Forensic Techniques, by Chet

Hosmer, John Feldman, and Joe Giordano

Recovering and Examining Computer Forensic Evidence, ForensicScience Communications, FBI, October 2000

Analysis: The forensics of Internet security, by Carole Fennely,

SunWorld (via CNN), July 26, 2000 September 2000 Market Survey -- Computer Forensics, by James

Holley, SC Magazine (ranks Linux dd a Best Buy! ;)

Cybercops Need Better Tools -- Law enforcement agencies are

falling behind hackers, says exec of CIA tech incubator, byMatthew Schwartz, Computerworld, July 31, 2000

Crime Seen (Cover story on digital forensics), by Bill Betts,

Information Security Magazine, March, 2000

Disk Shows Love Bug-Like Virus, by Dirk Beveridge, AP, May 162000

Computer Forensics: Investigators Focus on Foiling

Cybercriminals, by Illena Armstrong, SC Magazine (cover story),

April 2000

CD Universe evidence compromised -- Failure to protect

computer data renders it suspect in court, by Mike Brunker andBob Sullivan, MSNBC, June 7, 2000

Crime & Clues -- The Art and Science of Criminal Investigation

FBI Forensic Science Communicationso Reverse engineering

The Honeynet Project's Reverse [engineering] Challenge Fenris, by Michal Zalewski, BINDVIEW

Other open source reverse engineering tools listed by

Michal Zalewski

Using fenris on the Honeynet Project Reverse Challengebinary

Using fenris on burneye protected binaries

LinuxAssembly.org resources

Linux Assembly HOWTO, by Konstantin Boldyshev and Franois-Ren Rideau

Programmer's Tools Decompiler/Dissassembler page

Linux Kernel Internals (especially the "How System Calls AreImplemented on i386 Architecture chapter)

The Decompilation Page at the University of Queensland

IDA Pro Disassembler(commercial product, multi-platform/OS)[older freeware version]

Gnu GDB docs

Norm Matloff's Debugging Tutorial

http://www.bcs.org.uk/lac/ids.htmhttp://www.wetstonetech.com/crime.htmhttp://www.fbi.gov/programs/lab/fsc/current/computer.htmhttp://www.fbi.gov/programs/lab/fsc/current/computer.htmhttp://www.cnn.com/2000/TECH/computing/07/26/detect.intruders.idg/index.htmlhttp://www.cnn.com/2000/TECH/computing/07/26/detect.intruders.idg/index.htmlhttp://www.scmagazine.com/scmagazine/2000_09/survey/survey.htmlhttp://www.pcworld.com/pcwtoday/article/0,1510,17890,00.htmlhttp://www.pcworld.com/pcwtoday/article/0,1510,17890,00.htmlhttp://www.pcworld.com/pcwtoday/article/0,1510,17890,00.htmlhttp://www.infosecuritymag.com/article_archive.htm#march2000http://dailynews.yahoo.com/h/ap/20000516/tc/computer_love_bug_74.htmlhttp://www.scmagazine.com/scmagazine/2000_04/cover/cover.htmlhttp://www.scmagazine.com/scmagazine/2000_04/cover/cover.htmlhttp://www.msnbc.com/news/417406.asphttp://www.msnbc.com/news/417406.asphttp://crimeandclues.com/index.htmhttp://www.fbi.gov/programs/lab/fsc/current/index.htmhttp://www.fbi.gov/programs/lab/fsc/current/index.htmhttp://project.honeynet.org/reverse/http://razor.bindview.com/tools/fenris/http://lcamtuf.coredump.cx/fenris/other.txthttp://lcamtuf.coredump.cx/fenris/reverse.txthttp://lcamtuf.coredump.cx/fenris/reverse.txthttp://lcamtuf.coredump.cx/fenris/be.txthttp://linuxassembly.org/resources.htmlhttp://linuxassembly.org/howto/Assembly-HOWTO.htmlhttp://linuxassembly.org/howto/Assembly-HOWTO.htmlhttp://www.programmerstools.org/decompilers.htmhttp://www.linuxdoc.org/LDP/lki/http://www.linuxdoc.org/LDP/lki/lki-2.html#ss2.11http://www.linuxdoc.org/LDP/lki/lki-2.html#ss2.11http://www.csee.uq.edu.au/csm/decompilation/http://www.datarescue.com/http://www.datarescue.be/downloadfreeware.htmhttp://www.delorie.com/search/search.cgi?db=gnudocs&search=gdbhttp://heather.cs.ucdavis.edu/~matloff/debug.htmlhttp://www.bcs.org.uk/lac/ids.htmhttp://www.wetstonetech.com/crime.htmhttp://www.fbi.gov/programs/lab/fsc/current/computer.htmhttp://www.cnn.com/2000/TECH/computing/07/26/detect.intruders.idg/index.htmlhttp://www.scmagazine.com/scmagazine/2000_09/survey/survey.htmlhttp://www.pcworld.com/pcwtoday/article/0,1510,17890,00.htmlhttp://www.pcworld.com/pcwtoday/article/0,1510,17890,00.htmlhttp://www.infosecuritymag.com/article_archive.htm#march2000http://dailynews.yahoo.com/h/ap/20000516/tc/computer_love_bug_74.htmlhttp://www.scmagazine.com/scmagazine/2000_04/cover/cover.htmlhttp://www.scmagazine.com/scmagazine/2000_04/cover/cover.htmlhttp://www.msnbc.com/news/417406.asphttp://www.msnbc.com/news/417406.asphttp://crimeandclues.com/index.htmhttp://www.fbi.gov/programs/lab/fsc/current/index.htmhttp://project.honeynet.org/reverse/http://razor.bindview.com/tools/fenris/http://lcamtuf.coredump.cx/fenris/other.txthttp://lcamtuf.coredump.cx/fenris/reverse.txthttp://lcamtuf.coredump.cx/fenris/reverse.txthttp://lcamtuf.coredump.cx/fenris/be.txthttp://linuxassembly.org/resources.htmlhttp://linuxassembly.org/howto/Assembly-HOWTO.htmlhttp://www.programmerstools.org/decompilers.htmhttp://www.linuxdoc.org/LDP/lki/http://www.linuxdoc.org/LDP/lki/lki-2.html#ss2.11http://www.linuxdoc.org/LDP/lki/lki-2.html#ss2.11http://www.csee.uq.edu.au/csm/decompilation/http://www.datarescue.com/http://www.datarescue.be/downloadfreeware.htmhttp://www.delorie.com/search/search.cgi?db=gnudocs&search=gdbhttp://heather.cs.ucdavis.edu/~matloff/debug.html

8/8/2019 ID DD URLS

4/14

The Solaris Memory System: Sizing, Tools and Architecture

(PDF)

SE Toolkito Steganography

Steganalysis - Attacks against Steganography and Watermarking -

Countermeasures - , by Neil F. Johnson Defeating Statistical Steganalysis, CITI, University of Michigan

o Forensic analysis tools and related software

Fingerprint databases The Solaris Fingerprint Database

known goods

The NISTNational Software Reference Library (NSRL) File system documentation

Linux Filesystem Usage Info (provides links to

documentation on dozens of file system types supported by

Linux)

Microsoft documentation on FAT structure Disk Structures, by Alex Verstak

Table of parition types, the The Force Operating Systemand Software Design Project (PDF version

ISO 9660 Simplified for DOS/Windows, by Philip J.

Erdelsky File system integrity checking tools

Osiris

AIDE FTimes and HashDig

Time Zone Converter

The FIRE (formerly known as "Biatchux") bootable CD-ROMforensic toolkit chkwtmp (SunOS 4.x)

chklastlog (SunOS 4.x)

NT Objectives was mentioned in a DEFCON talk on forensics.They produce a free toolkit (that lets you do the same thing as find

does for free on Unix!)

NTI Information & Resource Page (Mostly Windows-specificinstructions, but some general forensic guidelines)

Slashdotthread on wiping hard drive contents

Put A Trace On It: A Command You Can ``truss'', SunSolve

Online document Signatures of Macintosh files

o Forensic analysis on related hardware

WiebeTECH (Fire Wire docking devices) Forensic-Computers.com

F.R.E.D.D.I.E.

The Image MASSter Solo 2 Forensic system Daten Airbag (hard drive write protection)

http://www.sun.com/sun-on-net/performance/vmsizing.pdfhttp://www.sun.com/sun-on-net/performance/vmsizing.pdfhttp://www.setoolkit.com/http://www.jjtc.com/Steganalysis/http://www.jjtc.com/Steganalysis/http://www.jjtc.com/Steganalysis/http://www.citi.umich.edu/u/provos/stego/http://sunsolve.sun.com/pub-cgi/show.pl?target=content/content7http://www.knowngoods.com/http://www.nsrl.nist.gov/index.htmlhttp://www.nsrl.nist.gov/index.htmlhttp://www.xenotime.net/linux/linux-fs.htmlhttp://www.microsoft.com/hwdev/download/hardware/FATGEN103.dochttp://members.tripod.com/~averstak/fatdox/00dindex.htmhttp://osdev.neopages.net/docs/partitiontypes.phphttp://osdev.neopages.net/docs/pdf/partitiontypes.pdfhttp://www.alumni.caltech.edu/~pje/iso9660.htmlhttp://osiris.shmoo.com/http://www.cs.tut.fi/~rammer/aide.htmlhttp://ftimes.sourceforge.net/FTimes/HashDig.shtmlhttp://ftimes.sourceforge.net/FTimes/HashDig.shtmlhttp://www.timezoneconverter.com/cgi-bin/tzc.tzchttp://fire.dmzs.com/http://biatchux.sourceforge.net/ftp://ftp.cert.dfn.de/pub/tools/admin/chkwtmp/chkwtmp.tar.Zftp://ftp.cert.dfn.de/pub/tools/admin/chklastlog/chklastlog.tar.Zhttp://www.ntobjectives.com/http://www.ntobjectives.com/forensic.htmhttp://www.forensics-intl.com/info.htmlhttp://slashdot.org/askslashdot/01/02/21/1752256.shtmlhttp://slashdot.org/askslashdot/01/02/21/1752256.shtmlhttp://sunsolve.sun.com/pub-cgi/show.pl?target=content/content10http://sunsolve.sun.com/pub-cgi/show.pl?target=content/content10http://www.macdisk.com/macsigen.php3http://wiebetech.com/http://www.forensic-computers.com/http://www.digitalintel.com/freddie.htmhttp://www.digitalintel.com/freddie.htmhttp://www.ics-iq.com/show_item_186.cfmhttp://www.daten-airbag.de/textvers/index.htmlhttp://www.sun.com/sun-on-net/performance/vmsizing.pdfhttp://www.sun.com/sun-on-net/performance/vmsizing.pdfhttp://www.setoolkit.com/http://www.jjtc.com/Steganalysis/http://www.jjtc.com/Steganalysis/http://www.citi.umich.edu/u/provos/stego/http://sunsolve.sun.com/pub-cgi/show.pl?target=content/content7http://www.knowngoods.com/http://www.nsrl.nist.gov/index.htmlhttp://www.xenotime.net/linux/linux-fs.htmlhttp://www.microsoft.com/hwdev/download/hardware/FATGEN103.dochttp://members.tripod.com/~averstak/fatdox/00dindex.htmhttp://osdev.neopages.net/docs/partitiontypes.phphttp://osdev.neopages.net/docs/pdf/partitiontypes.pdfhttp://www.alumni.caltech.edu/~pje/iso9660.htmlhttp://osiris.shmoo.com/http://www.cs.tut.fi/~rammer/aide.htmlhttp://ftimes.sourceforge.net/FTimes/HashDig.shtmlhttp://ftimes.sourceforge.net/FTimes/HashDig.shtmlhttp://www.timezoneconverter.com/cgi-bin/tzc.tzchttp://fire.dmzs.com/http://biatchux.sourceforge.net/ftp://ftp.cert.dfn.de/pub/tools/admin/chkwtmp/chkwtmp.tar.Zftp://ftp.cert.dfn.de/pub/tools/admin/chklastlog/chklastlog.tar.Zhttp://www.ntobjectives.com/http://www.ntobjectives.com/forensic.htmhttp://www.forensics-intl.com/info.htmlhttp://slashdot.org/askslashdot/01/02/21/1752256.shtmlhttp://sunsolve.sun.com/pub-cgi/show.pl?target=content/content10http://www.macdisk.com/macsigen.php3http://wiebetech.com/http://www.forensic-computers.com/http://www.digitalintel.com/freddie.htmhttp://www.ics-iq.com/show_item_186.cfmhttp://www.daten-airbag.de/textvers/index.html

8/8/2019 ID DD URLS

5/14

Centurion Guard

o Destruction of data

Safe destruction of hard drives (This is good! ;) Zapping data on CDs! (NICE light show!)

o Incident costs, damage estimation, and risk analysis

A Study on Incident Costs and Frequencies, by VirginiaRezmierski , Adriana Carroll

, and Jamie Hine

Security Attribute Evaluation Method: A Cost Benefit Approach,by Shawn Butler, Carnegie Mellon University, International

Conference on Software Engineering 2002 (ICSE 2002)

Proceedings Multi-Attribute Risk Assessment, by Shawn Butler, Carnegie

Mellon University, Proceedings from Symposium on

Requirements Engineering for Information Security (SREIS 2002)

Attack Trees: Modeling security threats, by Bruce Schneier, Dr.

Dobb's Journal, December 1999 Attack Modeling for Information Security and Survivability,

Andrew P. Moore, Robert J. Ellison, Richard C. Linger, TechnicalNote CMU/SEI-2001-TN-001, March 2001

A Quick Tour of Attack Tree Based Risk Analysis Using

Secure/Tree, whitepaper by Amenaza.com, May 2002 Forensic Examination of a RIM (Blackberry) Wireless Device, by

Micheal W. Burnette, June 2002

What is RAID? Linux DTP Hardware RAID HOWTO, by Ram Samudrala, v1.6,

February 20, 2002

Computer/High-Tech Crime and Related Sites Resources for High-Tech Crime Units, Officer.com

Active defense ("Hack back")

o Internet Hack Back: Counter Attacks as Self-Defense or Vigilantism?, by

Vikas Jayawal, William Yurcik, David Doss, Illinois State Universityo Information Warfare Survivability:Is the Best Defense a Good Offense?,

by William Yurcik, Illinois State University

o Internet Attacks: A Policy Framework for Rules of Engagement, by

William Yurcik and David Doss, Illinois State University

o Appropriate Response: More Questions Than Answers, by Chris Loomis,

SecurityFocus INFOCUSo

Computers under attack can hack back, expert says, Mercury News,Auguest 3, 2002

o Can you hack back?, by Deborah Radcliff, NetworkWorld Fusion, June 1,

2000

o Should You Strike Back?, by Deborah Radcliff, Computerworld,

November 13, 2000o Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective

Defenses (book), by Ed Skoudis, Prentice Hall, ISBN 0130332739

http://www.centuriontech.com/centurion_guard.htmlhttp://homepage.cc/harddisk/http://www.netcomuk.co.uk/~wwl/cdzap.htmlhttp://www.usenix.org/publications/login/2000-8/features/incident.htmlhttp://www-2.cs.cmu.edu/~shawnb/SAEM-ICSE2002.pdfhttp://www-2.cs.cmu.edu/~shawnb/SAEM-ICSE2002.pdfhttp://www-2.cs.cmu.edu/~shawnb/SREIS.pdfhttp://www.ddj.com/documents/s=896/ddj9912a/9912a.htmhttp://www.cert.org/archive/pdf/01tn001.pdfhttp://www.amenaza.com/downloads/docs/QuickTour.pdfhttp://www.amenaza.com/downloads/docs/QuickTour.pdfhttp://www.rh-law.com/ediscovery/Blackberry.pdfhttp://www.adaptec.com/pdfs/RAID.pdfhttp://www.ram.org/computing/linux/dpt_raid.htmlhttp://members.aol.com/crimejust/hightech.htmlhttp://www.officer.com/special_ops/c_crimes.htmhttp://www.officer.com/special_ops/c_crimes.htmhttp://www.sosresearch.org/publications/ISTAS02hackback.PDFhttp://www.sosresearch.org/publications/ethics00.PDFhttp://arxiv.org/pdf/cs/0109078http://arxiv.org/pdf/cs/0109078http://www.securityfocus.com/infocus/1516http://www.siliconvalley.com/mld/siliconvalley/3795332.htmhttp://www.siliconvalley.com/mld/siliconvalley/3795332.htmhttp://www.cnn.com/2000/TECH/computing/06/01/hack.back.idg/http://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,53869,00.htmlhttp://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,53869,00.htmlhttp://www.amazon.com/exec/obidos/tg/detail/-/0130332739/ref=lib_dp_TFCV/104-0608421-6515164?v=glance&s=books&vi=reader#reader-linkhttp://www.amazon.com/exec/obidos/tg/detail/-/0130332739/ref=lib_dp_TFCV/104-0608421-6515164?v=glance&s=books&vi=reader#reader-linkhttp://www.centuriontech.com/centurion_guard.htmlhttp://homepage.cc/harddisk/http://www.netcomuk.co.uk/~wwl/cdzap.htmlhttp://www.usenix.org/publications/login/2000-8/features/incident.htmlhttp://www-2.cs.cmu.edu/~shawnb/SAEM-ICSE2002.pdfhttp://www-2.cs.cmu.edu/~shawnb/SREIS.pdfhttp://www.ddj.com/documents/s=896/ddj9912a/9912a.htmhttp://www.cert.org/archive/pdf/01tn001.pdfhttp://www.amenaza.com/downloads/docs/QuickTour.pdfhttp://www.amenaza.com/downloads/docs/QuickTour.pdfhttp://www.rh-law.com/ediscovery/Blackberry.pdfhttp://www.adaptec.com/pdfs/RAID.pdfhttp://www.ram.org/computing/linux/dpt_raid.htmlhttp://members.aol.com/crimejust/hightech.htmlhttp://www.officer.com/special_ops/c_crimes.htmhttp://www.sosresearch.org/publications/ISTAS02hackback.PDFhttp://www.sosresearch.org/publications/ethics00.PDFhttp://arxiv.org/pdf/cs/0109078http://www.securityfocus.com/infocus/1516http://www.siliconvalley.com/mld/siliconvalley/3795332.htmhttp://www.cnn.com/2000/TECH/computing/06/01/hack.back.idg/http://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,53869,00.htmlhttp://www.amazon.com/exec/obidos/tg/detail/-/0130332739/ref=lib_dp_TFCV/104-0608421-6515164?v=glance&s=books&vi=reader#reader-linkhttp://www.amazon.com/exec/obidos/tg/detail/-/0130332739/ref=lib_dp_TFCV/104-0608421-6515164?v=glance&s=books&vi=reader#reader-link

8/8/2019 ID DD URLS

6/14

Cyberwarfare

o Glossary of Information Warfare terms

o The Law of Armed Conflict, Naval War College

o Cyberwarfare, by Steven A. Hildreth, Specialist in National Defense,

Foreign Affairs, Defense, & Trade Division, CRS Report for Congress,

June 19, 2001o Legal and Practical Constraints on Information Warfare, by Maj Karl

Kuschner, Air and Space Power Chronicles

o Why the Dogs of Cyberwar Stay Leashed: The United States could try out

its much-hyped "cyberwarfare" capabilities in Iraq... but it would probably

be illegal., by Mark Rasch, SecurityFocus, March 24, 2003

o Unleashing the dogs of cyber-war on Iraq!, by Brian McWilliams,

Salon.com, March 6, 2003

o CYBER ATTACK: IS THE GOVERNMENT SAFE?, Testimony from

hearing before the Committee on Governmental Affairs, United StatesSenate, March 2, 2000

o The Challenge of Information Warfare (Chinese views on InformationWarfare)

o Unrestricted Warfare

o DoDCCRP publications

o The First Networked War, Ground Zero, Issue 11

o Semantic Hacking, Dartmouth ISTS

o Information Warfare

o Bibliography of Information Warfare and Infrastructure Vulnerability

Documents

o Institute for the Advanced Study of Information Warfare (IASIW)

o Should U.S. pledge not to make first cyberstrike?, by Stephen M. Ryan,

GCN, August 3, 1998 (see also a Letter's to the Editor response fromFrank J. Stech)

o DOD preps office for cyberdefense, by Daniel Verton, Federal Computer

Week, July 13, 1998

o Cyberthreat: Protecting U.S. Information Networks, USIA Electronic

Journal, Vol. 3, No. 4, November 1998o Information Operations, Deterrence, and the Use of Force, by Roger W.

Barnett, Naval War College, 1998

Unix Administration and System Security

o Unix Administration Courses/Tools

Network and System Administration Resources, by Mark Burgess,

University College Oslo CIS 410/510, Introduction to System Administration, by Steve

VanDevender, University of Oregon

A Perl Tutorial: Super-Basics SPAM - I didn't like it on my breakfast plate as a kid, I don't like it

in my inbox now!

SpamCop

http://www.psycom.net/iwar.2.htmlhttp://www.nwc.navy.mil/library/3Publications/NWCLibraryPublications/LibNotes/liblawconf.htmhttp://www.fas.org/irp/crs/RL30735.pdfhttp://www.airpower.maxwell.af.mil/airchronicles/cc/kuschner.htmlhttp://www.securityfocus.com/columnists/149http://www.securityfocus.com/columnists/149http://www.securityfocus.com/columnists/149http://www.securityfocus.com/columnists/149http://www.salon.com/tech/feature/2003/03/06/iraq_geeks/index.htmlhttp://www.aliceinwonderland.com/library/cyberwar/cyberattack_safe.htmlhttp://www.fas.org/irp/world/china/docs/iw_mg_wang.htmhttp://www.dodccrp.org/IS/is_metrics/docs/Unrestricted_Warfare.dochttp://www.dodccrp.org/publicat.htmhttp://www.chretiens-et-juifs.org/article.php?voir%5B%5D=781&voir%5B%5D=2804#_Toc531499135http://www.ists.dartmouth.edu/IRIA/projects/d_semantic.htmhttp://www.ists.dartmouth.edu/IRIA/projects/d_semantic.htmhttp://www.au.af.mil/au/aul/bibs/infowar/inforprb.htmhttp://www.aracnet.com/~kea/info_war.htmlhttp://www.aracnet.com/~kea/info_war.htmlhttp://www.psycom.net/iwar.1.htmlhttp://www.gcn.com/archives/gcn/1998/august3/32b.htmhttp://www.gcn.com/archives/gcn/1998/September28/28a.htmhttp://www.fcw.com/fcw/articles/1998/FCW_071398_719.asphttp://www.fcw.com/fcw/articles/1998/FCW_071398_719.asphttp://usinfo.state.gov/journals/itps/1198/ijpe/toc.htmhttp://www.nwc.navy.mil/press/review/1998/spring/art1-sp8.htmhttp://www.iu.hio.no/SystemAdmin/http://www.cs.uoregon.edu/classes/cis410sysadminhttp://virtual.park.uga.edu/humcomp/perl/superbasic.htmlhttp://spamcop.net/http://www.psycom.net/iwar.2.htmlhttp://www.nwc.navy.mil/library/3Publications/NWCLibraryPublications/LibNotes/liblawconf.htmhttp://www.fas.org/irp/crs/RL30735.pdfhttp://www.airpower.maxwell.af.mil/airchronicles/cc/kuschner.htmlhttp://www.securityfocus.com/columnists/149http://www.securityfocus.com/columnists/149http://www.securityfocus.com/columnists/149http://www.salon.com/tech/feature/2003/03/06/iraq_geeks/index.htmlhttp://www.aliceinwonderland.com/library/cyberwar/cyberattack_safe.htmlhttp://www.fas.org/irp/world/china/docs/iw_mg_wang.htmhttp://www.dodccrp.org/IS/is_metrics/docs/Unrestricted_Warfare.dochttp://www.dodccrp.org/publicat.htmhttp://www.chretiens-et-juifs.org/article.php?voir%5B%5D=781&voir%5B%5D=2804#_Toc531499135http://www.ists.dartmouth.edu/IRIA/projects/d_semantic.htmhttp://www.au.af.mil/au/aul/bibs/infowar/inforprb.htmhttp://www.aracnet.com/~kea/info_war.htmlhttp://www.aracnet.com/~kea/info_war.htmlhttp://www.psycom.net/iwar.1.htmlhttp://www.gcn.com/archives/gcn/1998/august3/32b.htmhttp://www.gcn.com/archives/gcn/1998/September28/28a.htmhttp://www.fcw.com/fcw/articles/1998/FCW_071398_719.asphttp://usinfo.state.gov/journals/itps/1198/ijpe/toc.htmhttp://www.nwc.navy.mil/press/review/1998/spring/art1-sp8.htmhttp://www.iu.hio.no/SystemAdmin/http://www.cs.uoregon.edu/classes/cis410sysadminhttp://virtual.park.uga.edu/humcomp/perl/superbasic.htmlhttp://spamcop.net/

8/8/2019 ID DD URLS

7/14

The Internet Mail Relay Services Survey Projectcan test to

see if your server can be abused and has instructions on

how to prevent third party relaying of spam Why the UW is rejecting third-party relaying of email

How UW administrators canmake sendmail reject

relaying Anti-Spam Provisions in Sendmail 8.8

TheNational Fraud Information Center(NFIC)

FBI Internet Fraud Complaint Center FTC Names Its Dirty Dozen: 12 Scams Most Likely to

Arrive Via Bulk Email

Stop Junk Email

Fight Spam on the Internet! CAUCE - Coalition Against Unsolicited Commercial Email

SunWorld On-Line emagazine

Useless Use of 'cat' Awardo

Linux Kernel The National Security Agency (NSA) Secure Enhanced Linux

project Linux Headquarters

Journal File Systems, by Juan I. Santos Florido

LinuxPlanet - Tutorials - How to Compile the Linux Kernel Linux kernel capabilities FAQ

Upgrading the Linux Kernel on Red Hat Linux systems (RPM

style upgrade, not from source code)

IEEE 1394 (FireWire) for Linux Large File Support in Linux

Wacky uses for RAID, /dev/ram, and ramfs, by Mark Nielsen Linux BRIDGE-STP-HOWTO: About The Linux Modular Bridge

And STP, by Uwe Bhme

Linux Router Project (Documents)

Linux FreeS/WAN project Linux Administrators Security Guide (LASG)by Kurt Seifried

Bastille Linux Project (Red Hat Linux hardening script)

Securing Linux, Part 1: Elementary security for your Linux box ,

LinuxWorld article Linux Partition HOWTO at LinuxPlanet.com

EXT3 File System mini-HOWTO

Linux Filesystems HOWTOo CIAC-2318_IRC_On_Your_Dime.pdf

o TrustedBSD Project (Orange book B1 enhancements to FreeBSD)

o The Solaris Security FAQ at www.SunWorld.com

o The K Desktop Environment

o Governmental activity on cybercrime, information assurance.

Standing Guard Over Cyberspace: A new U.S. program trainsstudents in computer security, in exchange for government service,

http://www.imrss.org/http://www.imrss.org/http://staff.washington.edu/dittrich/misc/spam/email.blocking.txthttp://staff.washington.edu/dittrich/misc/spam/email.blocking.txthttp://staff.washington.edu/dittrich/misc/spam/relay.rejection.txthttp://staff.washington.edu/dittrich/misc/spam/relay.rejection.txthttp://www.sendmail.org/antispam.htmlhttp://www.fraud.org/http://www.fraud.org/http://www.fbi.gov/hq/cid/fc/ifcc/ifcc.htmhttp://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htmhttp://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htmhttp://www.mcs.com/~jcr/junkemail.htmlhttp://spam.abuse.net/spam/http://www.cauce.org/http://www.sun.com/sunworldonline/http://www.sektorn.mooo.com/era/unix/award.htmlhttp://www.nsa.gov/selinux/http://www.nsa.gov/selinux/http://www.nsa.gov/selinux/http://www.linuxhq.com/http://www.linuxgazette.com/issue55/florido.htmlhttp://www.linuxplanet.com/linuxplanet/tutorials/202/1/ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/capfaq-0.2.txthttp://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.htmlhttp://www.linux1394.org/http://www.suse.de/~aj/linux_lfs.htmlhttp://www.linuxfocus.org/English/July2001/article210.shtmlhttp://www.linuxfocus.org/English/July2001/article210.shtmlhttp://www.ibiblio.org/mdw/HOWTO/BRIDGE-STP-HOWTO/http://www.ibiblio.org/mdw/HOWTO/BRIDGE-STP-HOWTO/http://www.linuxrouter.org/http://lrp.c0wz.com/http://www.xs4all.nl/~freeswan/https://www.seifried.org/lasg/http://www.bastille-linux.org/http://linuxworld.com/linuxworld/lw-1999-05/lw-05-ramparts.htmlhttp://linuxworld.com/linuxworld/lw-1999-05/lw-05-ramparts.htmlhttp://www.linuxplanet.com/linuxplanet/tutorials/3174/1/http://www.symonds.net/~rajesh/howto/ext3/http://www.linuxdoc.org/HOWTO/Filesystems-HOWTO.htmlhttp://ciac.llnl.gov/ciac/documents/CIAC-2318_IRC_On_Your_Dime.pdfhttp://www.trustedbsd.org/http://www.sunworld.com/sunworldonline/common/security-faq.htmlhttp://www.kde.org/http://www.cis.utulsa.edu/InTheNews/StandingGuardOverCyberspace.asphttp://www.cis.utulsa.edu/InTheNews/StandingGuardOverCyberspace.asphttp://www.imrss.org/http://staff.washington.edu/dittrich/misc/spam/email.blocking.txthttp://staff.washington.edu/dittrich/misc/spam/relay.rejection.txthttp://staff.washington.edu/dittrich/misc/spam/relay.rejection.txthttp://www.sendmail.org/antispam.htmlhttp://www.fraud.org/http://www.fbi.gov/hq/cid/fc/ifcc/ifcc.htmhttp://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htmhttp://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htmhttp://www.mcs.com/~jcr/junkemail.htmlhttp://spam.abuse.net/spam/http://www.cauce.org/http://www.sun.com/sunworldonline/http://www.sektorn.mooo.com/era/unix/award.htmlhttp://www.nsa.gov/selinux/http://www.nsa.gov/selinux/http://www.linuxhq.com/http://www.linuxgazette.com/issue55/florido.htmlhttp://www.linuxplanet.com/linuxplanet/tutorials/202/1/ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/capfaq-0.2.txthttp://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.htmlhttp://www.linux1394.org/http://www.suse.de/~aj/linux_lfs.htmlhttp://www.linuxfocus.org/English/July2001/article210.shtmlhttp://www.ibiblio.org/mdw/HOWTO/BRIDGE-STP-HOWTO/http://www.ibiblio.org/mdw/HOWTO/BRIDGE-STP-HOWTO/http://www.linuxrouter.org/http://lrp.c0wz.com/http://www.xs4all.nl/~freeswan/https://www.seifried.org/lasg/http://www.bastille-linux.org/http://linuxworld.com/linuxworld/lw-1999-05/lw-05-ramparts.htmlhttp://www.linuxplanet.com/linuxplanet/tutorials/3174/1/http://www.symonds.net/~rajesh/howto/ext3/http://www.linuxdoc.org/HOWTO/Filesystems-HOWTO.htmlhttp://ciac.llnl.gov/ciac/documents/CIAC-2318_IRC_On_Your_Dime.pdfhttp://www.trustedbsd.org/http://www.sunworld.com/sunworldonline/common/security-faq.htmlhttp://www.kde.org/http://www.cis.utulsa.edu/InTheNews/StandingGuardOverCyberspace.asphttp://www.cis.utulsa.edu/InTheNews/StandingGuardOverCyberspace.asp

8/8/2019 ID DD URLS

8/14

by David Kushner, IEEE Spectrum (republished by the Center for

Information Security)

Information Assurance Support Environment (IASE) Policy andGuidance

US Department of Justice Computer Crime and Intellectual

Property Section (CCIPS) Computer Intrusion Cases S. 1993 - Government Information Security Act of 1999

ASSURING SECURITY AND TRUST IN CYBERSPACE, White

House Chief of Staff John Podesta, July 17, 2000 FBI Carnivore Sucks E-Mail Millions (from cryptome.org)

ACLU and Corn-Revere Target FBI Carnivore (from

cryptome.org)

Activities of the Governmental Affairs Committee on GovernmentInformation Security, 1995-1999

Kevin Mitnik testimony to U.S. Senate, March 2, 2000

o General Accounting Office (GAO) reports/testimony

GAO-01-323 -- CRITICAL INFRASTRUCTURE PROTECTION:Significant Challenges in Developing National Capabilities, April

25, 2001 GAO/T-AIMD-00-229 -- CRITICAL INFRASTRUCTURE

PROTECTION: Comments on the Proposed Cyber Security

Information Act of 2000, June 22, 2000 GAO/T-AIMD-181 -- CRITICAL INFRASTRUCTURE

PROTECTION: "ILOVEYOU" Computer Virus Highlights Need

for Improved Alert and Coordination Capabilities, May 18, 2000

GAO/T-AIMD-171 -- INFORMATION SECURITY:"ILOVEYOU" Computer Virus Emphasizes Critical Need for

Agency and Governmentwide Improvements, May 10, 2000 GAO/T-AIMD-00-7 -- CRITICAL INFRASTRUCTURE

PROTECTION: Fundamental Improvements Needed to Assure

Security of Federal Operations, October 6, 1999

GAO/T-AIMD-99-223 -- INFORMATION SECURITY: RecentAttacks on Federal Web Sites Underscore Need for Stronger

Information Security Management, June 24, 1999

GAO/AIMD-99-47 -- INFORMATION SECURITY: Many NASA

Mission-Critical Systems Face Serious Risk, May 1999 GAO/AIMD-98-145 -- COMPUTER SECURITY: Pervasive,

Serious Weaknesses Jeopardize State Department Operations, May

1998 GAO/AIMD-98-155 -- AIR TRAFFIC CONTROL: Weak

Computer Security Practices Jeopardize Flight Safety, May 1998

GAO/T-AIMD-98-170 -- INFORMATION SECURITY: SeriousWeaknesses Put State Department and FAA Operations at Risk,

May 1998

GAO/AIMD-98-68 -- EXECUTIVE GUIDE: Information SecurityManagement -- Learning From Leading Organizations, May 1998

http://iase.disa.mil/policy.htmlhttp://iase.disa.mil/policy.htmlhttp://www.cybercrime.gov/cccases.htmlhttp://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_bills&docid=f:s1993is.txt.pdfhttp://www.whitehouse.gov/library/hot_releases/July_17_2000.htmlhttp://cryptome.org/fbi-sucks.htmhttp://cryptome.org/fbi-sucks2.htmhttp://www.senate.gov/~gov_affairs/cyber_activities.htmhttp://www.senate.gov/~gov_affairs/cyber_activities.htmhttp://www.senate.gov/~gov_affairs/cyber_activities.htmhttp://www.2600.com/news/2000/0302-test.htmlhttp://www.gao.gov/http://www.gao.gov/cgi-bin/getrpt?gao-01-323http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-229http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-181http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-171http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-7http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-99-223http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-99-47http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-145http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-155http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-98-170http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-68http://iase.disa.mil/policy.htmlhttp://iase.disa.mil/policy.htmlhttp://www.cybercrime.gov/cccases.htmlhttp://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_bills&docid=f:s1993is.txt.pdfhttp://www.whitehouse.gov/library/hot_releases/July_17_2000.htmlhttp://cryptome.org/fbi-sucks.htmhttp://cryptome.org/fbi-sucks2.htmhttp://www.senate.gov/~gov_affairs/cyber_activities.htmhttp://www.senate.gov/~gov_affairs/cyber_activities.htmhttp://www.2600.com/news/2000/0302-test.htmlhttp://www.gao.gov/http://www.gao.gov/cgi-bin/getrpt?gao-01-323http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-229http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-181http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-171http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-7http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-99-223http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-99-47http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-145http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-155http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-98-170http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-68

8/8/2019 ID DD URLS

9/14

GAO/HR-97-1 -- HIGH RISK SERIES: An Overview, February

1997

GAO/HR-97-9 -- HIGH RISK SERIES: Information Managementand Technology, February 1997

o NIST Computer Security Special Publications

The Inevitability of Failure: The Flawed Assumption of Security inModern Computing Environments (.pdf)Peter A. Loscocco,

Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S.

Jeff Turner, John F. Farrell, National Security Agency

o http://www.alw.nih.gov/Security/security-docs.html

o You can't think of any ways to make money off security holes?

DigiCrime, Inc. has! ;)

o Back issues of SunWorld Online's Security column

o INFO SECURITY NEWS magazine

Miscellaneous Security related pages

o www.infosec-technologies.com

o SecWiz Security Guideso Bill Wall's list of hacker incidents

o An Analysis Of Security Incidents On The Internet: 1989 - 1995 , by John

D. Howard, April 7, 1997

o The BlackHat Briefings and DEFCON

o The OpenBSD Project produces a very secure (out of the box) version of

Unix

o Kerberos: The Network Authentication Protocol

o Security Tools

SSH

New features in Secure Shell Version 2.2

dsniff and SSH: Reports of My Demise are GreatlyExaggerated, by Richard E. Silverman

dsniff Nessus (vulnerability auditing tool)

Ramenfind (Identification and cleanup tool for the Linux "Ramen"

worm.) ftp://ftp.psy.uq.oz.au/pub/Crypto (DES and SSL) Improved whois client

Domain Name Whois (dnw)

Sam Spade Tools (online tools) Trinux

immunix.org nmap RFC 1470: Tools for Monitoring and Debugging TCP/IP Internets

and Interconnected Devices

Cryptographic File System (CFS)

o Archives/News

The Computer Security History Project Home Page[GREAT

collection of unpublished seminal papers in computer security]

http://www.gao.gov/cgi-bin/getrpt?GAO/HR-97-1http://www.gao.gov/cgi-bin/getrpt?GAO/HR-97-9http://csrc.nist.gov/nistpubs/http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdfhttp://www.alw.nih.gov/Security/security-docs.htmlhttp://www.digicrime.com/http://www.sun.com/sunworldonline/common/swol-backissues-columns.html#securityhttp://www.sun.com/sunworldonline/common/swol-backissues-columns.html#securityhttp://www.infosecnews.com/http://www.infosec-technologies.com/http://www.secwiz.com/http://www.geocities.com/SiliconValley/Lab/7378/hacker.htmhttp://www.cert.org/research/JHThesis/Start.htmlhttp://www.blackhat.com/http://www.defcon.org/http://www.openbsd.org/http://web.mit.edu/kerberos/www/http://www.ssh.com/products/ssh/administrator/New_Features_in_SSH_Secure_Shell_Version_2_2.htmlhttp://sysadmin.oreilly.com/news/silverman_1200.htmlhttp://sysadmin.oreilly.com/news/silverman_1200.htmlhttp://www.monkey.org/~dugsong/dsniff/http://www.nessus.org/http://www.ists.dartmouth.edu/IRIA/knowledge_base/tools/ramenfind.htmlftp://ftp.psy.uq.oz.au/pub/Cryptohttp://www.linux.it/~md/software/http://mjhb.marina-del-rey.ca.us/dnw/http://www.samspade.org/t/refer.cgi?m=1&a=http://www.trinux.org/http://immunix.org/http://www.insecure.org/nmap/index.htmlhttp://andrew2.andrew.cmu.edu/rfc/rfc1470.htmlhttp://andrew2.andrew.cmu.edu/rfc/rfc1470.htmlhttp://andrew2.andrew.cmu.edu/rfc/rfc1470.htmlhttp://www.fokus.gmd.de/linux/FAQ/asc/security/Cryptographic-File-Systemhttp://seclab.cs.ucdavis.edu/projects/history/http://seclab.cs.ucdavis.edu/projects/history/http://www.gao.gov/cgi-bin/getrpt?GAO/HR-97-1http://www.gao.gov/cgi-bin/getrpt?GAO/HR-97-9http://csrc.nist.gov/nistpubs/http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdfhttp://www.alw.nih.gov/Security/security-docs.htmlhttp://www.digicrime.com/http://www.sun.com/sunworldonline/common/swol-backissues-columns.html#securityhttp://www.infosecnews.com/http://www.infosec-technologies.com/http://www.secwiz.com/http://www.geocities.com/SiliconValley/Lab/7378/hacker.htmhttp://www.cert.org/research/JHThesis/Start.htmlhttp://www.blackhat.com/http://www.defcon.org/http://www.openbsd.org/http://web.mit.edu/kerberos/www/http://www.ssh.com/products/ssh/administrator/New_Features_in_SSH_Secure_Shell_Version_2_2.htmlhttp://sysadmin.oreilly.com/news/silverman_1200.htmlhttp://sysadmin.oreilly.com/news/silverman_1200.htmlhttp://www.monkey.org/~dugsong/dsniff/http://www.nessus.org/http://www.ists.dartmouth.edu/IRIA/knowledge_base/tools/ramenfind.htmlftp://ftp.psy.uq.oz.au/pub/Cryptohttp://www.linux.it/~md/software/http://mjhb.marina-del-rey.ca.us/dnw/http://www.samspade.org/t/refer.cgi?m=1&a=http://www.trinux.org/http://immunix.org/http://www.insecure.org/nmap/index.htmlhttp://andrew2.andrew.cmu.edu/rfc/rfc1470.htmlhttp://andrew2.andrew.cmu.edu/rfc/rfc1470.htmlhttp://www.fokus.gmd.de/linux/FAQ/asc/security/Cryptographic-File-Systemhttp://seclab.cs.ucdavis.edu/projects/history/

8/8/2019 ID DD URLS

10/14

attrition.org

Neophapsis archives

LinuxSecurity.com Vampi'salt.hackers.malicious graveyard (alternate link)

o TCP/IP vulnerabilities, exploits, coding, etc.

Playing redir games with ARP and ICMP A Short Overview of IP spoofing: PART I

An Advanced 4.3 BSD Interprocess Communication Tutorial

The Raw IP Network Programming FAQ

o Network monitoring/Intrusion Detection Systems (IDS)

Leading non-commercial IDSs

Snort (a free, lightweight IDS) www.snort.org

I have a set of scripts for managing snort logs and

rules, and a Red Hat Linux rc script to start/stop

snort, that you might find useful -- See the

README.snort-stufffile for more info. Network Flight Recorder (NFR)

Implementing a Generalized Tool for Network

Monitoring

Shadow

SHADOW Indications Technical Analysis --

Coordinated Attacks and Probes (nwsc.navy.mil)

Bro

Bro: A System for Detecting Network Intruders in

Real-Time Insertion, Evasion, and Denial of Service: Eluding Network

Intrusion Detection Thomas Ptacek and Tim Newsham(PostScript) [PDF] Intrusion Detection Systems (IDS) FAQ

The Honeynet Project

Challenges Research topics

Whitepapers (the "Know your Enemy" series)

Tools Speaking

Trojan Horses - Known Port Numbers

Symovits Consulting Trojan Port list

Robert Graham's FAQs on IDS, Sniffers, and Firewalls Interpreting Network Traffic: A Network Intrusion Detector's Look

at Suspicious Events (PDF)by Richard Bejtlich

The BSD Packet Filter: A New Architecture for User-level Packet

Capture, Steven McCanne and Van Jackobson, Lawrence Berkeley

Laboratory (The underlying packet capture facility used by many

IDSs)

http://www.attrition.org/http://archives.neohapsis.com/http://www.linuxsecurity.com/http://ahmgraveyard.50megs.com/http://ahmgraveyard.50megs.com/http://www.bigfoot.com/~vfangshttp://staff.washington.edu/dittrich/papers/arp_fun.txthttp://staff.washington.edu/dittrich/papers/IP-spoof-1.txthttp://staff.washington.edu/dittrich/papers/ipc_tutorial.pshttp://www.whitefang.com/rin/http://www.whitefang.com/rin/http://www.snort.org/http://staff.washington.edu/dittrich/misc/snort-stuff.tarhttp://staff.washington.edu/dittrich/misc/README.snort-stuffhttp://staff.washington.edu/dittrich/papers/netmonitor.pshttp://staff.washington.edu/dittrich/papers/netmonitor.pshttp://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txthttp://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txthttp://staff.washington.edu/dittrich/papers/bro-usenix98-revised.pshttp://staff.washington.edu/dittrich/papers/bro-usenix98-revised.pshttp://www.securityfocus.com/data/library/ids.pshttp://www.securityfocus.com/data/library/ids.pshttp://www.securityfocus.com/data/library/ids.pdfhttp://www.ticm.com/kb/faq/idsfaq.htmlhttp://project.honeynet.org/http://project.honeynet.org/misc/chall.htmlhttp://project.honeynet.org/research/http://project.honeynet.org/papers/http://project.honeynet.org/tools/http://project.honeynet.org/presentations/http://www.xploiter.com/security/trojanport.htmlhttp://www.simovits.com/nyheter9902.htmlhttp://www.robertgraham.com/pubs/http://home.satx.rr.com/bejtlich/nid_3pe_v101.pdfhttp://home.satx.rr.com/bejtlich/nid_3pe_v101.pdfhttp://home.satx.rr.com/bejtlich/nid_3pe_v101.pdfhttp://home.satx.rr.com/bejtlich/nid_3pe_v101.pdfhttp://staff.washington.edu/dittrich/papers/bpf-usenix93.pshttp://staff.washington.edu/dittrich/papers/bpf-usenix93.pshttp://www.attrition.org/http://archives.neohapsis.com/http://www.linuxsecurity.com/http://ahmgraveyard.50megs.com/http://www.bigfoot.com/~vfangshttp://staff.washington.edu/dittrich/papers/arp_fun.txthttp://staff.washington.edu/dittrich/papers/IP-spoof-1.txthttp://staff.washington.edu/dittrich/papers/ipc_tutorial.pshttp://www.whitefang.com/rin/http://www.snort.org/http://staff.washington.edu/dittrich/misc/snort-stuff.tarhttp://staff.washington.edu/dittrich/misc/README.snort-stuffhttp://staff.washington.edu/dittrich/papers/netmonitor.pshttp://staff.washington.edu/dittrich/papers/netmonitor.pshttp://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txthttp://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txthttp://staff.washington.edu/dittrich/papers/bro-usenix98-revised.pshttp://staff.washington.edu/dittrich/papers/bro-usenix98-revised.pshttp://www.securityfocus.com/data/library/ids.pshttp://www.securityfocus.com/data/library/ids.pshttp://www.securityfocus.com/data/library/ids.pdfhttp://www.ticm.com/kb/faq/idsfaq.htmlhttp://project.honeynet.org/http://project.honeynet.org/misc/chall.htmlhttp://project.honeynet.org/research/http://project.honeynet.org/papers/http://project.honeynet.org/tools/http://project.honeynet.org/presentations/http://www.xploiter.com/security/trojanport.htmlhttp://www.simovits.com/nyheter9902.htmlhttp://www.robertgraham.com/pubs/http://home.satx.rr.com/bejtlich/nid_3pe_v101.pdfhttp://home.satx.rr.com/bejtlich/nid_3pe_v101.pdfhttp://staff.washington.edu/dittrich/papers/bpf-usenix93.pshttp://staff.washington.edu/dittrich/papers/bpf-usenix93.ps

8/8/2019 ID DD URLS

11/14

Intrusion Detection Systems and A ViewTo Its ForensicApplications University of Melbourne (PostScript)

TrinityOS The Cooperative Intrusion Detection Evaluation and Response

(CIDER) Project

A Framework for Cooperative Intrusion Detection (.pdf), JesseMcConnell, Deborah Frincke, Don Tobin, Jamie Marconi, Dean

Polla, University of Idaho

The Autonomous Agents for Intrusion Detection Group

o Public domain packet capture/analysis tools

[Note: Basic packet capture can be done by reading the network device

directly, but saving packets for future use, and use by other tools, requires

a standard library. Libpcap is that standard, and tcpdump is the mostcommon basic tool for packet capture.]

libpcap/tcpdump ngrep

tcptrace tcpslice

tcpdstat (part of theWIDE Project tcpd tools package) [Here ismy

own modified version(MD5 hash), ported to Linux and with moreprotocols.]

CoralReef

dsniff Ethereal Snort

sniffito Firewalls

NDC Logical Firewall prototype (based on Gibraltar, Linux based

bootable CD-ROM firewall)

OpenBSD Filtering Bridge Firewall OpenBSD Packet Filterdocumentation at benzedrine.cx

OpenBSD bridge without IPs using IPF Tutorial, by Doug

Hogan and Bryan Hinton, DaemonNews IP Filter resources

Real Stateful TCP Packet Filtering in IP Filterby Guido

Van Rooij

OpenBSD FAQ section6.0 Networking OpenBSD FAQ section13.0 Using IPSec (IP Security

Protocol)

OpenBSD man pages: BRIDGE(4),BRCONFIG(8),HOSTNAME.IF(5),IPF(5), IPF(8), IPFSTAT(8)

Free Software Firewall Guide - IPF HOWTO

MINI-FAQ: OpenBSD 2.4 IPSEC VPN Configuration,Steve McQuade, v1.07 - March 2, 1999

http://www.securityfocus.com/data/library/idsforensics.pshttp://www.securityfocus.com/data/library/idsforensics.pshttp://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wrihttp://www.nswc.navy.mil/ISSEC/CID/http://www.nswc.navy.mil/ISSEC/CID/http://csrc.nist.gov/nissc/1998/proceedings/paperF6.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF6.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF6.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF6.pdfhttp://www.cs.purdue.edu/coast/projects/autonomous-agents.htmlhttp://www.tcpdump.org/http://www.packetfactory.net/projects/ngrep/http://jarok.cs.ohiou.edu/software/tcptrace/tcptrace.htmlftp://ftp.ee.lbl.gov/tcpslice.tar.gzftp://tracer.csl.sony.co.jp/pub/mawi/tools/tcpd-tools.tar.gzhttp://www.csl.sony.co.jp/person/kjc/papers/freenix2000/draft.htmlhttp://www.csl.sony.co.jp/person/kjc/papers/freenix2000/draft.htmlhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw.tarhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw.tarhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw.tarhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw.tarhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw-tar-md5sum.txthttp://www.caida.org/tools/measurement/coralreef/http://www.monkey.org/~dugsong/dsniff/http://www.ethereal.com/http://www.snort.org/http://sniffit.rug.ac.be/sniffit/sniffit.htmlhttp://staff.washington.edu/corey/fw/http://gibraltar.vianova.at/http://www.benzedrine.cx/pf.htmlhttp://www.daemonnews.org/200103/ipf_bridge.htmlhttp://www.obfuscation.org/ipf/http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gzhttp://www.openbsd.com/faq/faq6.htmlhttp://www.openbsd.com/faq/faq6.htmlhttp://www.openbsd.com/faq/faq13.htmlhttp://www.openbsd.com/faq/faq13.htmlhttp://www.openbsd.com/faq/faq13.htmlhttp://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4&apropos=0&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4&apropos=0&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=brconfig&sektion=8&apropos=0&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=hostname.if&sektion=5&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=5&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=5&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=8&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipfstat&sektion=8&manpath=OpenBSD+Currenthttp://guides.gnusecurity.org/firewall/ipf/howto-fun.htmlhttp://www.codetalker.com/greenbox/docs/vpn-24-minifaq.htmlhttp://www.securityfocus.com/data/library/idsforensics.pshttp://www.securityfocus.com/data/library/idsforensics.pshttp://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wrihttp://www.nswc.navy.mil/ISSEC/CID/http://www.nswc.navy.mil/ISSEC/CID/http://csrc.nist.gov/nissc/1998/proceedings/paperF6.pdfhttp://www.cs.purdue.edu/coast/projects/autonomous-agents.htmlhttp://www.tcpdump.org/http://www.packetfactory.net/projects/ngrep/http://jarok.cs.ohiou.edu/software/tcptrace/tcptrace.htmlftp://ftp.ee.lbl.gov/tcpslice.tar.gzftp://tracer.csl.sony.co.jp/pub/mawi/tools/tcpd-tools.tar.gzhttp://www.csl.sony.co.jp/person/kjc/papers/freenix2000/draft.htmlhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw.tarhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw.tarhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw-tar-md5sum.txthttp://www.caida.org/tools/measurement/coralreef/http://www.monkey.org/~dugsong/dsniff/http://www.ethereal.com/http://www.snort.org/http://sniffit.rug.ac.be/sniffit/sniffit.htmlhttp://staff.washington.edu/corey/fw/http://gibraltar.vianova.at/http://www.benzedrine.cx/pf.htmlhttp://www.daemonnews.org/200103/ipf_bridge.htmlhttp://www.obfuscation.org/ipf/http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gzhttp://www.openbsd.com/faq/faq6.htmlhttp://www.openbsd.com/faq/faq13.htmlhttp://www.openbsd.com/faq/faq13.htmlhttp://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4&apropos=0&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=brconfig&sektion=8&apropos=0&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=hostname.if&sektion=5&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=5&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=8&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipfstat&sektion=8&manpath=OpenBSD+Currenthttp://guides.gnusecurity.org/firewall/ipf/howto-fun.htmlhttp://www.codetalker.com/greenbox/docs/vpn-24-minifaq.html

8/8/2019 ID DD URLS

12/14

TheNetBSD/i386 Firewall Project

Linux LAN & Firewall FAQ

Linux firewall facilities for kernel-level packet screeningby X/OS Internet Firewalls Frequently Asked Questions

The TAMU Security Package: An Ongoing Response to Internet

Intruders in an Academic Environment Network (In)Security Through IP Packet Filtering, Brent Chapman

(SeeNIST 800-10)

o Virtual Private Networks (VPNs)/Crypto tunnels

Routing and Subnetting 101, by James T. Dennis, Linux Gazette

How to setup IPSec interoperable for Linux, OpenBSD and

PGPNet, by Hans-Jrg Hxer

CIPE - Crypto IP Encapsulation VPS 2.0: Secure, Open Source VPN for Linux

The VPN HOWTO

"Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol

(PPTP)" by B. Schneier and P. Mudgeo Security Policy/Incident Response

RFPolicy 2.0by Rain Forest Puppy Best Practices RFCs

RFC1173, Responsibilities of Host and Network Managers

-- A Summary of the "Oral Tradition" of the Internet RFC2196, Site Security Handbook

RFC2350, Expectations for Computer Security Incident

Response RFC2504, Users' Security Handbook

(SeeNIST 800-18)

(SeeNIST 800-14) (SeeNIST 800-12) (SeeNIST 800-xx)

Harvard University's Information Security Handbook

Handbook for Computer Security Incident Response Teams(CSIRTs), Moira J. West-Brown, Don Stikvort, and Klaus-Peter

Kossakowski

Forming an Incident Response Team, Danny Smith

o Network Security

Ethernet Codes master page

The Ehternet FAQ

A Study of BGP Misconfiguration, by

An Analysis of Using Reflectors for Distributed Denial-of-Service

Attacks, by Vern Paxson, June 2001 RFC 2267 -- Network Ingress Filtering: Defeating Denial of

Service Attacks which employ IP Source Address Spoofing, by

Paul Fergussen and Daniel Senie

http://www.dubbele.com/http://linux-firewall-tools.com/linuxhttp://www.xos.nl/linux/ipfwadm/paper/http://www.interhack.net/pubs/fwfaq/http://drawbridge.tamu.edu/tamu-security.pdfhttp://drawbridge.tamu.edu/tamu-security.pdfhttp://drawbridge.tamu.edu/tamu-security.pdfftp://ftp.greatcircle.com/pub/firewalls/pkt_filtering.ps.Zhttp://www.washington.edu/People/dad/#nist-800-10http://www.linuxgazette.com/issue36/tag/a.htmlhttp://www.rommel.stw.uni-erlangen.de/~hshoexer/ipsec-howto/HOWTO.htmlhttp://www.rommel.stw.uni-erlangen.de/~hshoexer/ipsec-howto/HOWTO.htmlhttp://sites.inka.de/~W1011/devel/cipe.htmlhttp://www.strongcrypto.com/http://metalab.unc.edu/LDP/HOWTO/mini/VPN.htmlhttp://www.counterpane.com/pptp.htmlhttp://www.counterpane.com/pptp.htmlhttp://www.wiretrip.net/rfp/policy.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc1173.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc2196.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc2350.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc2504.htmlhttp://www.washington.edu/People/dad/#nist-800-18http://www.washington.edu/People/dad/#nist-800-14http://www.washington.edu/People/dad/#nist-800-12http://www.washington.edu/People/dad/#nist-800-xxhttp://all.net/books/document/harvard.htmlhttp://www.sei.cmu.edu/publications/documents/98.reports/98hb001/98hb001abstract.htmlhttp://www.sei.cmu.edu/publications/documents/98.reports/98hb001/98hb001abstract.htmlhttp://www.auscert.org.au/Information/Auscert_info/Papers/Forming_an_Incident_Response_Team.htmlhttp://www.auscert.org.au/Information/Auscert_info/Papers/Forming_an_Incident_Response_Team.htmlhttp://map-ne.com/Ethernet/http://www.ethermanage.com/ethernet/enet-faqs/ethernet-faq.htmlhttp://www.ethermanage.com/ethernet/enet-faqs/ethernet-faq.htmlhttp://www.cs.washington.edu/homes/ratul/bgp/index.htmlhttp://www.icir.org/vern/papers/reflectors.CCR.01/reflectors.htmlhttp://www.icir.org/vern/papers/reflectors.CCR.01/reflectors.htmlftp://ftp.isi.edu/in-notes/rfc2267.txtftp://ftp.isi.edu/in-notes/rfc2267.txtftp://ftp.isi.edu/in-notes/rfc2267.txthttp://www.dubbele.com/http://linux-firewall-tools.com/linuxhttp://www.xos.nl/linux/ipfwadm/paper/http://www.interhack.net/pubs/fwfaq/http://drawbridge.tamu.edu/tamu-security.pdfhttp://drawbridge.tamu.edu/tamu-security.pdfftp://ftp.greatcircle.com/pub/firewalls/pkt_filtering.ps.Zhttp://www.washington.edu/People/dad/#nist-800-10http://www.linuxgazette.com/issue36/tag/a.htmlhttp://www.rommel.stw.uni-erlangen.de/~hshoexer/ipsec-howto/HOWTO.htmlhttp://www.rommel.stw.uni-erlangen.de/~hshoexer/ipsec-howto/HOWTO.htmlhttp://sites.inka.de/~W1011/devel/cipe.htmlhttp://www.strongcrypto.com/http://metalab.unc.edu/LDP/HOWTO/mini/VPN.htmlhttp://www.counterpane.com/pptp.htmlhttp://www.counterpane.com/pptp.htmlhttp://www.wiretrip.net/rfp/policy.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc1173.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc2196.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc2350.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc2504.htmlhttp://www.washington.edu/People/dad/#nist-800-18http://www.washington.edu/People/dad/#nist-800-14http://www.washington.edu/People/dad/#nist-800-12http://www.washington.edu/People/dad/#nist-800-xxhttp://all.net/books/document/harvard.htmlhttp://www.sei.cmu.edu/publications/documents/98.reports/98hb001/98hb001abstract.htmlhttp://www.sei.cmu.edu/publications/documents/98.reports/98hb001/98hb001abstract.htmlhttp://www.auscert.org.au/Information/Auscert_info/Papers/Forming_an_Incident_Response_Team.htmlhttp://map-ne.com/Ethernet/http://www.ethermanage.com/ethernet/enet-faqs/ethernet-faq.htmlhttp://www.cs.washington.edu/homes/ratul/bgp/index.htmlhttp://www.icir.org/vern/papers/reflectors.CCR.01/reflectors.htmlhttp://www.icir.org/vern/papers/reflectors.CCR.01/reflectors.htmlftp://ftp.isi.edu/in-notes/rfc2267.txtftp://ftp.isi.edu/in-notes/rfc2267.txt

8/8/2019 ID DD URLS

13/14

RFC 2644 -- Changing the Default for Directed Broadcasts in

Routers, by Daniel Senie

"Essential IOS" - Features Every ISP Should Consider, CiscoSystems Inc.

Distributed Denial of Service (DDoS) News Flash, Cisco Systems

Inc. Characterizing and Tracing Packet Floods Using Cisco Routers,

Cisco Systems Inc.

Policing and Shaping Overview, Cisco whitepaper on rate limiting Denial of Service (DoS) Attack Resources, by Paul Ferguson

Notes from Lockheed Martin conference on DDoS vendor

solutions, December 20, 2001

See also my Distributed Denial of Service (DDoS) Attacks/toolspage.

o Secure Email

Gnu Privacy Guard (GPG)

Integrating Pine with PGP/GPG Topal: GPG and Pine integration

MIT's PGP Freeware site PGPi's PGP Tools, shells, and plugins page

pgpenvelope(Pine & PGP/GPG integration tool)

o Wireless Security

www.infosec-technologies.com ( Outstanding Book on Wireless

Security)

WildPackets' AiroPeek802.11b wireless protocol analyzer An Introduction to Lucent's WaveLAN Wireless Cards, by Rob

Flickenger

wmwave (dockable GTK application to show wireless signalstrength) Wireless Security, by Jim Reavis, Network World Fusion

AirLink Communications CDPD protocol analyzer

o Secure Programming

How to Write Secure Code, by the Shmoo Group

Writing Secure SUID Programsby Matt Bishop

Secure Programming for Linux and Unix HOWTO, by David A.Wheeler

Designing secure software -- SunWorld, April 1998

Security Code Review Guidelinesby Adam Shostack

Writing More Secure CGI Scripts, by Les Cottrell Software Vulnerability Analysis

Windows 9X/NT/2000 Administration and Security

o Remapping Ctrl and Caps Lock in Windows! (I *hate* keyboards that

have it wrong!)

o The UWICK Contents - Summer Quarter 2000 (Contains

BetterTelnet/Kerberos for Mac, and TeraTerm/SSH for Windows)

ftp://ftp.isi.edu/in-notes/rfc2644.txtftp://ftp.isi.edu/in-notes/rfc2644.txthttp://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.ziphttp://www.cisco.com/warp/public/707/newsflash.htmlhttp://www.cisco.com/warp/public/707/newsflash.htmlhttp://www.cisco.com/warp/public/707/22.htmlhttp://www.cisco.com/warp/public/707/22.htmlhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart4/qcpolts.htmhttp://www.denialinfo.com/http://staff.washington.edu/dittrich/misc/ddos/lockheed.txthttp://staff.washington.edu/dittrich/misc/ddos/lockheed.txthttp://staff.washington.edu/dittrich/misc/ddos/http://www.gnupg.org/http://www.lothlann.freeserve.co.uk/pjb/topal/README.htmlhttp://web.mit.edu/network/pgp.htmlhttp://web.mit.edu/network/pgp.htmlhttp://www.pgpi.org/products/tools/http://pgpenvelope.sourceforge.net/http://pgpenvelope.sourceforge.net/http://www.infosec-technologies.com/http://www.wildpackets.com/products/airopeekhttp://www.oreillynet.com/lpt/a/442http://www.schuermann.org/~dockapps/http://www.nwfusion.com/newsletters/sec/1220sec1.htmlhttp://www.airlink.com/info/ana_mkt.htmlhttp://www.shmoo.com/securecode/http://nob.cs.ucdavis.edu/~bishop/secprog/index.htmlhttp://www.linuxdoc.org/HOWTO/Secure-Programs-HOWTO/http://www.linuxdoc.org/HOWTO/Secure-Programs-HOWTO/http://packetstormsecurity.nl/programming-tutorials/design.secure.software.htmlhttp://packetstorm.widexs.nl/programming-tutorials/code.review.htmlhttp://www.slac.stanford.edu/slac/www/resource/how-to-use/cgi-rexx/cgi-security.htmlhttp://staff.washington.edu/dittrich/papers/krsul-phd-thesis.pshttp://www.annoyances.org/exec/forum/winxp/r1017256194http://www.annoyances.org/exec/forum/winxp/r1017256194http://www.washington.edu/computing/software/uwick/contents.htmlftp://ftp.isi.edu/in-notes/rfc2644.txtftp://ftp.isi.edu/in-notes/rfc2644.txthttp://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.ziphttp://www.cisco.com/warp/public/707/newsflash.htmlhttp://www.cisco.com/warp/public/707/22.htmlhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart4/qcpolts.htmhttp://www.denialinfo.com/http://staff.washington.edu/dittrich/misc/ddos/lockheed.txthttp://staff.washington.edu/dittrich/misc/ddos/lockheed.txthttp://staff.washington.edu/dittrich/misc/ddos/http://www.gnupg.org/http://www.lothlann.freeserve.co.uk/pjb/topal/README.htmlhttp://web.mit.edu/network/pgp.htmlhttp://www.pgpi.org/products/tools/http://pgpenvelope.sourceforge.net/http://www.infosec-technologies.com/http://www.wildpackets.com/products/airopeekhttp://www.oreillynet.com/lpt/a/442http://www.schuermann.org/~dockapps/http://www.nwfusion.com/newsletters/sec/1220sec1.htmlhttp://www.airlink.com/info/ana_mkt.htmlhttp://www.shmoo.com/securecode/http://nob.cs.ucdavis.edu/~bishop/secprog/index.htmlhttp://www.linuxdoc.org/HOWTO/Secure-Programs-HOWTO/http://packetstormsecurity.nl/programming-tutorials/design.secure.software.htmlhttp://packetstorm.widexs.nl/programming-tutorials/code.review.htmlhttp://www.slac.stanford.edu/slac/www/resource/how-to-use/cgi-rexx/cgi-security.htmlhttp://staff.washington.edu/dittrich/papers/krsul-phd-thesis.pshttp://www.annoyances.org/exec/forum/winxp/r1017256194http://www.annoyances.org/exec/forum/winxp/r1017256194http://www.washington.edu/computing/software/uwick/contents.html

8/8/2019 ID DD URLS

14/14

o Secure FTP transfers via Secure Shell Tunnelling (Using Teraterm for

Windows and WS_FTP as an example)

o Secure Routine Windows to UNIX Web updating using tunnelling via

Teraterm and Rsync

o Installing ssh and rsync on a Windows machine

o TTSSH: An SSH Extension to Teratermo Windows NT Utilitiesby Gordon Chaffee (includes Windows 95/NT

ssh/scp port)

o NT Systems and Services, Stanford University

o A *REAL* NT Rootkit, patching the NT Kernel, Phrack Magazine, Issue

55, Article 5

o NT Objectives was mentioned in a DEFCON talk on forensics. They

produce a free toolkit (that let's you do the same thing as find does for free

on Unix!)

o NetBus

o Back Orifice

o Microsoft Security Advisoro NSA Guidelines for Securing Windows NT Networks (see also other

Trusted Information Systems research and papers)

o Just what is SMB?, by Richard Sharpe

o "Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP)"

by B. Schneier and P. Mudge [Microsoft's response]

o The new Unix alters NT's orbit - NC World - April 1998

o NT Security - Frequently Asked Questions

o Known NT exploits

o NTBugTraq email list

Mac and Mac Security

o Mac OS X 10.1/X.2 noteso Mac OS X Hints

o Freshmeat OS X section

o Macintosh Security Site

Javao Reliable Software Technology'sThe Java Security Hotlist

o A list ofSchools teaching Javafrom a recent JavaWorldarticle

o A proposed Java Coding Standard by Doug Lea

o My JavaOne Conference trip report

o Sun'sJavaWorld emagazine

o JavaWorld's Java Jumps page

o Brewing Java: A Tutorial

** With sincere thanks and full attribution to Professor David Dittrich , University ofWashington, Seattle Washington for the original unedited list an outstanding Job!

http://www.ccp14.ac.uk/ccp14admin/security/secure_tunnelling_ftp.htmhttp://www.ccp14.ac.uk/ccp14admin/security/secure_tunnelling_ftp.htmhttp://www.ccp14.ac.uk/ccp14admin/security/secure_routine_web_update_rsync.htmlhttp://www.ccp14.ac.uk/ccp14admin/security/secure_routine_web_update_rsync.htmlhttp://www.ccp14.ac.uk/ccp14admin/security/secure_routine_web_update_rsync.htmlhttp://optics.ph.unimelb.edu.au/help/rsync/http://www.zip.com.au/~roca/ttsshdoc.htmlhttp://bmrc.berkeley.edu/people/chaffee/winntutil.htmlhttp://www-nt.stanford.edu/http://www.phrack.com/search.phtml?view&article=p55-5http://www.ntobjectives.com/http://www.ntobjectives.com/prod03.htmhttp://www.netbus.com/http://www.cultdeadcow.com/tools/http://www.microsoft.com/security/http://www.trustedsystems.com/NSAGuide.htmhttp://www.trustedsystems.com/Research.htmhttp://samba.anu.edu.au/cifs/docs/what-is-smb.htmlhttp://www.counterpane.com/pptp.htmlhttp://www.microsoft.com/communications/pptpfinal.htmhttp://www.ncworldmag.com/ncw-04-1998/ncw-04-nextten.html?rhhttp://www.it.kth.se/~rom/ntsec.htmlhttp://www.emf.net/~ddonahue/NThacks/ntexploits.htmhttp://www.ntbugtraq.com/http://peter.nyc.ny.us/docs/macosx.htmlhttp://www.macosxhints.com/http://osx.freshmeat.net/http://www.securemac.com/http://www.rstcorp.com/javasecurity/links.htmlhttp://www.rstcorp.com/javasecurity/links.htmlhttp://www.javaworld.com/javaworld/jw-01-1997/jw-01-education.html#LISThttp://www.javaworld.com/javaworld/jw-01-1997/jw-01-education.html#LISThttp://www.javaworld.com/http://www.javaworld.com/http://g.oswego.edu/dl/html/javaCodingStd.htmlhttp://staff.washington.edu/dittrich/misc/javaone/http://www.javaworld.com/http://www.javaworld.com/http://www.javaworld.com/javaworld/common/jw-jumps.htmlhttp://sunsite.unc.edu/javafaq/javatutorial.htmlhttp://www.ccp14.ac.uk/ccp14admin/security/secure_tunnelling_ftp.htmhttp://www.ccp14.ac.uk/ccp14admin/security/secure_tunnelling_ftp.htmhttp://www.ccp14.ac.uk/ccp14admin/security/secure_routine_web_update_rsync.htmlhttp://www.ccp14.ac.uk/ccp14admin/security/secure_routine_web_update_rsync.htmlhttp://optics.ph.unimelb.edu.au/help/rsync/http://www.zip.com.au/~roca/ttsshdoc.htmlhttp://bmrc.berkeley.edu/people/chaffee/winntutil.htmlhttp://www-nt.stanford.edu/http://www.phrack.com/search.phtml?view&article=p55-5http://www.ntobjectives.com/http://www.ntobjectives.com/prod03.htmhttp://www.netbus.com/http://www.cultdeadcow.com/tools/http://www.microsoft.com/security/http://www.trustedsystems.com/NSAGuide.htmhttp://www.trustedsystems.com/Research.htmhttp://samba.anu.edu.au/cifs/docs/what-is-smb.htmlhttp://www.counterpane.com/pptp.htmlhttp://www.microsoft.com/communications/pptpfinal.htmhttp://www.ncworldmag.com/ncw-04-1998/ncw-04-nextten.html?rhhttp://www.it.kth.se/~rom/ntsec.htmlhttp://www.emf.net/~ddonahue/NThacks/ntexploits.htmhttp://www.ntbugtraq.com/http://peter.nyc.ny.us/docs/macosx.htmlhttp://www.macosxhints.com/http://osx.freshmeat.net/http://www.securemac.com/http://www.rstcorp.com/javasecurity/links.htmlhttp://www.javaworld.com/javaworld/jw-01-1997/jw-01-education.html#LISThttp://www.javaworld.com/http://g.oswego.edu/dl/html/javaCodingStd.htmlhttp://staff.washington.edu/dittrich/misc/javaone/http://www.javaworld.com/http://www.javaworld.com/javaworld/common/jw-jumps.htmlhttp://sunsite.unc.edu/javafaq/javatutorial.html