Download - ID DD URLS
-
8/8/2019 ID DD URLS
1/14
Intrusion Detection and Computer Forensics URLS **
Computer Forensics
o
The Honeynet Project's Forensic Challengeo Basic Steps in Forensic Analysis of Unix Systems, David Dittrich (Pasos
Bsicos en Anlisis Forense de Sistemas GNU/Linux, Unix, modified,
updated and translated to Spanish by Ervin S. Odishoo)
o Course notes for Black Hat '00 Unix forensics class, Dominique Brezinski
and David Dittricho The Coroner's Toolkit
Dan Farmer & Wietse Venema's class on computer forensic
analysisForensic Computer Analysis: An Introduction -- Reconstructing
past events, By Dan Farmer and Wietse Venema, Dr. Dobb's
Journal, September 2000 What Are MACtimes?: Powerful tools for digital databases, By
Dan Farmer, Dr. Dobb's Journal, October 2000
Strangers In the Night: Finding the purpose of an unknown
program, by Wietse Venema, Dr. Dobb's Journal, November 2000
Computer Forensics Column, Errata
o Brian Carrier's Sleuthkit (formerly TASK, formerly TCT-Utils)
Sleuthkit
Autopsy Browser
o Notes on updating Red Hat Linux 7.1 to support >2GB images with TCT,
TCTUTILS & Autopsy (see alsoLarge File Support in Linux)
o Organizations/conferences International Association of Computer Investigative Specialists
(IACIS)o Digital Timestamping
Stamper digital timestamping service
What is digital timestamping?, RSA Cryptography FAQ section7.11
Time Stamp Protocol, by Byun, Jung-Soo
Time is of the Essense: Electronic documents will only stand up incourt if the who, what, and when they represent are unassailable,
by Charles R. Merrill, CIO.com, March 15, 2000
o Guidelines and standards Digital Evidence in the Courtroom: A Guide for Preparing Digital
Evidence for Courtroom Presentation (PDF), draft standard,
National Institute for Justice [You may comment on this draftdocument by sending comments to [email protected], or faxing
them to NCFS at 407-823-3162, or mailing them to NCFS, P.O.
Box 162367, Orlando, Florida, 32816 by May 12, 2003.)
http://project.honeynet.org/challenge/http://staff.washington.edu/dittrich/misc/forensics/http://staff.washington.edu/dittrich/misc/forensics/http://www.activalink.net/forensics.phphttp://www.activalink.net/forensics.phphttp://staff.washington.edu/dittrich/talks/blackhat/http://www.porcupine.org/forensics/tct.htmlhttp://www.fish.com/security/forensics.htmlhttp://www.fish.com/security/forensics.htmlhttp://www.ddj.com/articles/2000/0009/0009f/0009f.htmhttp://www.ddj.com/articles/2000/0009/0009f/0009f.htmhttp://www.ddj.com/articles/2000/0010/0010f/0010f.htmhttp://www.ddj.com/articles/2000/0011/0011g/0011g.htmhttp://www.ddj.com/articles/2000/0011/0011g/0011g.htmhttp://www.porcupine.org/forensics/errata.htmlhttp://sleuthkit.sourceforge.net/http://autopsy.sourceforge.net/http://staff.washington.edu/dittrich/misc/largefiles.txthttp://staff.washington.edu/dittrich/misc/largefiles.txthttp://staff.washington.edu/dittrich/misc/largefiles.txthttp://www.suse.de/~aj/linux_lfs.htmlhttp://www.suse.de/~aj/linux_lfs.htmlhttp://www.cops.org/http://www.itconsult.co.uk/stamper.htmhttp://www.rsasecurity.com/rsalabs/faq/7-11.htmlhttp://www.rsasecurity.com/rsalabs/faq/7-11.htmlhttp://www.univ-tln.fr/~byun/timestamp.htmlhttp://www.cio.com/archive/031500_fine.htmlhttp://www.cio.com/archive/031500_fine.htmlhttp://www.ncfs.org/DE_courtroomdraft.pdfhttp://www.ncfs.org/DE_courtroomdraft.pdfhttp://project.honeynet.org/challenge/http://staff.washington.edu/dittrich/misc/forensics/http://www.activalink.net/forensics.phphttp://www.activalink.net/forensics.phphttp://staff.washington.edu/dittrich/talks/blackhat/http://www.porcupine.org/forensics/tct.htmlhttp://www.fish.com/security/forensics.htmlhttp://www.fish.com/security/forensics.htmlhttp://www.ddj.com/articles/2000/0009/0009f/0009f.htmhttp://www.ddj.com/articles/2000/0009/0009f/0009f.htmhttp://www.ddj.com/articles/2000/0010/0010f/0010f.htmhttp://www.ddj.com/articles/2000/0011/0011g/0011g.htmhttp://www.ddj.com/articles/2000/0011/0011g/0011g.htmhttp://www.porcupine.org/forensics/errata.htmlhttp://sleuthkit.sourceforge.net/http://autopsy.sourceforge.net/http://staff.washington.edu/dittrich/misc/largefiles.txthttp://staff.washington.edu/dittrich/misc/largefiles.txthttp://www.suse.de/~aj/linux_lfs.htmlhttp://www.cops.org/http://www.itconsult.co.uk/stamper.htmhttp://www.rsasecurity.com/rsalabs/faq/7-11.htmlhttp://www.univ-tln.fr/~byun/timestamp.htmlhttp://www.cio.com/archive/031500_fine.htmlhttp://www.cio.com/archive/031500_fine.htmlhttp://www.ncfs.org/DE_courtroomdraft.pdfhttp://www.ncfs.org/DE_courtroomdraft.pdf -
8/8/2019 ID DD URLS
2/14
Field Guidance on New Authorities (Redacted), enacted in the
2001 Anti-terrorism Legislation ("USA Patriot Act"), issued by the
Department of Justice How the FBI Investigates Computer Crime, CERT Coordination
Center
U.S. Department of Energy Computer Forensic Laboratory's FirstResponder's Manual (PDF)
Searching and Seizing Computers and Obtaining Electronic
Evidence in Criminal Investigations, Computer Crime andIntellectual Property Section, Criminal Division, United States
Department of Justice, January 2001 (PDF Version)
Evidence Examinations -- Computer Examinations, Handbook of
Forensic Services, U.S. Department of Justice, FBI Digital Evidence: Standards and Principles, Forensic Science
Communications, US DoJ, April 2000, Volume 2, Number 2
Recovering and Examining Computer Forensic Evidence, Forensic
Science Communications, US DoJ, October 2000, Volume 2,Number 4
RFC 3227: Guidelines for Evidence Collection and Archiving, byDominique Brezinski and Tom Killalea
An Introduction to the Field Guide for Investigating Computer
Crime, by Timothy E. Wright (Security Focus Incident Handling
focus) Recovering from an Intrusion, by /dev/null
The proposed Filesystem Hierarchy Standard[PDF file]
(Directories/files, their locations, and intended purposes: A goodtopographic map of Unix filesystems.)
o Articles/Journals
Open Source Digital Forensic Tools: The Legal Argument, byBrian Carrier, @stake
Computer forensics specialists in demand as hacking grows, by
Suzanne Monson, Special to The Seattle Times, September 8, 2002 Electronic Data Discovery Primer, by Albert Barsocchini, Law
Technology News, August 28, 2002
Solving the Perfect Computer Crime, by Jay Lyman,
www.NewsFactor.com, February 27, 2002 NT Incident Response Investigations and Analysis, by Harlan
Carvey, Information Security Bulletin, June 2001
A harder day in court for fingerprint, writing experts: US judgelimits testimony of forensic analysts, in a ruling that might alter
how evidence is presented at trial," by Seth Stern, Christian
Science Monitor, January 16, 2002 Cybersleuthing solves the case (and related stories) by Deborah
Radcliff, Computerworld, January 14, 2002
Digital sleuthing uncovers hacking costs, by Robert Lemos,Special to CNET News.com, March 22, 2001
http://www.epic.org/privacy/terrorism/DOJ_guidance.pdfhttp://www.epic.org/privacy/terrorism/DOJ_guidance.pdfhttp://www.cert.org/tech_tips/FBI_investigates_crime.htmlhttp://www.linuxsecurity.com/resource_files/documentation/firstres.pdfhttp://www.linuxsecurity.com/resource_files/documentation/firstres.pdfhttp://www.cybercrime.gov/searchmanual.htmhttp://www.cybercrime.gov/searchmanual.htmhttp://www.cybercrime.gov/searchmanual.pdfhttp://www.fbi.gov/programs/lab/handbook/examscmp.htmhttp://www.fbi.gov/programs/lab/fsc/backissu/april2000/swgde.htmhttp://www.fbi.gov/programs/lab/fsc/backissu/oct2000/computer.htmhttp://www.fbi.gov/programs/lab/fsc/backissu/oct2000/computer.htmftp://ftp.isi.edu/in-notes/rfc3227.txthttp://www.securityfocus.com/frames/?focus=ih&content=/focus/ih/articles/crimeguide1.htmlhttp://www.securityfocus.com/frames/?focus=ih&content=/focus/ih/articles/crimeguide1.htmlhttp://www.nwo.net/null/recovery.htmlhttp://www.nwo.net/null/recovery.htmlhttp://www.pathname.com/fhs/http://www.pathname.com/fhs/http://www.pathname.com/fhs/pub/fhs-2.2.pdfhttp://www.atstake.com/research/reports/index.html#opensource_forensicshttp://www.atstake.com/research/reports/index.html#opensource_forensicshttp://seattletimes.nwsource.com/html/businesstechnology/134531230_forensics08.htmlhttp://seattletimes.nwsource.com/html/businesstechnology/134531230_forensics08.htmlhttp://www.law.com/jsp/article.jsp?id=1029171611801http://www.osopinion.com/perl/story/16502.htmlhttp://www.chi-publishing.com/isb/backissues/ISB_2001/ISB0605/ISB0605HC.pdfhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.computerworld.com/storyba/0,4125,NAV47_STO67299,00.htmlhttp://news.cnet.com/news/0-1005-200-5217277.html?tag=tp_prhttp://www.epic.org/privacy/terrorism/DOJ_guidance.pdfhttp://www.epic.org/privacy/terrorism/DOJ_guidance.pdfhttp://www.cert.org/tech_tips/FBI_investigates_crime.htmlhttp://www.linuxsecurity.com/resource_files/documentation/firstres.pdfhttp://www.linuxsecurity.com/resource_files/documentation/firstres.pdfhttp://www.cybercrime.gov/searchmanual.htmhttp://www.cybercrime.gov/searchmanual.htmhttp://www.cybercrime.gov/searchmanual.pdfhttp://www.fbi.gov/programs/lab/handbook/examscmp.htmhttp://www.fbi.gov/programs/lab/fsc/backissu/april2000/swgde.htmhttp://www.fbi.gov/programs/lab/fsc/backissu/oct2000/computer.htmftp://ftp.isi.edu/in-notes/rfc3227.txthttp://www.securityfocus.com/frames/?focus=ih&content=/focus/ih/articles/crimeguide1.htmlhttp://www.securityfocus.com/frames/?focus=ih&content=/focus/ih/articles/crimeguide1.htmlhttp://www.nwo.net/null/recovery.htmlhttp://www.pathname.com/fhs/http://www.pathname.com/fhs/pub/fhs-2.2.pdfhttp://www.atstake.com/research/reports/index.html#opensource_forensicshttp://seattletimes.nwsource.com/html/businesstechnology/134531230_forensics08.htmlhttp://www.law.com/jsp/article.jsp?id=1029171611801http://www.osopinion.com/perl/story/16502.htmlhttp://www.chi-publishing.com/isb/backissues/ISB_2001/ISB0605/ISB0605HC.pdfhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.csmonitor.com/2002/0116/p2s2-usju.htmlhttp://www.computerworld.com/storyba/0,4125,NAV47_STO67299,00.htmlhttp://news.cnet.com/news/0-1005-200-5217277.html?tag=tp_pr -
8/8/2019 ID DD URLS
3/14
"Intrusion Detection Systems as Evidence", by Peter Sommer,
Computer Security Research Centre, London School of Economics
& Political Science Advancing Crime Scene Computer Forensic Techniques, by Chet
Hosmer, John Feldman, and Joe Giordano
Recovering and Examining Computer Forensic Evidence, ForensicScience Communications, FBI, October 2000
Analysis: The forensics of Internet security, by Carole Fennely,
SunWorld (via CNN), July 26, 2000 September 2000 Market Survey -- Computer Forensics, by James
Holley, SC Magazine (ranks Linux dd a Best Buy! ;)
Cybercops Need Better Tools -- Law enforcement agencies are
falling behind hackers, says exec of CIA tech incubator, byMatthew Schwartz, Computerworld, July 31, 2000
Crime Seen (Cover story on digital forensics), by Bill Betts,
Information Security Magazine, March, 2000
Disk Shows Love Bug-Like Virus, by Dirk Beveridge, AP, May 162000
Computer Forensics: Investigators Focus on Foiling
Cybercriminals, by Illena Armstrong, SC Magazine (cover story),
April 2000
CD Universe evidence compromised -- Failure to protect
computer data renders it suspect in court, by Mike Brunker andBob Sullivan, MSNBC, June 7, 2000
Crime & Clues -- The Art and Science of Criminal Investigation
FBI Forensic Science Communicationso Reverse engineering
The Honeynet Project's Reverse [engineering] Challenge Fenris, by Michal Zalewski, BINDVIEW
Other open source reverse engineering tools listed by
Michal Zalewski
Using fenris on the Honeynet Project Reverse Challengebinary
Using fenris on burneye protected binaries
LinuxAssembly.org resources
Linux Assembly HOWTO, by Konstantin Boldyshev and Franois-Ren Rideau
Programmer's Tools Decompiler/Dissassembler page
Linux Kernel Internals (especially the "How System Calls AreImplemented on i386 Architecture chapter)
The Decompilation Page at the University of Queensland
IDA Pro Disassembler(commercial product, multi-platform/OS)[older freeware version]
Gnu GDB docs
Norm Matloff's Debugging Tutorial
http://www.bcs.org.uk/lac/ids.htmhttp://www.wetstonetech.com/crime.htmhttp://www.fbi.gov/programs/lab/fsc/current/computer.htmhttp://www.fbi.gov/programs/lab/fsc/current/computer.htmhttp://www.cnn.com/2000/TECH/computing/07/26/detect.intruders.idg/index.htmlhttp://www.cnn.com/2000/TECH/computing/07/26/detect.intruders.idg/index.htmlhttp://www.scmagazine.com/scmagazine/2000_09/survey/survey.htmlhttp://www.pcworld.com/pcwtoday/article/0,1510,17890,00.htmlhttp://www.pcworld.com/pcwtoday/article/0,1510,17890,00.htmlhttp://www.pcworld.com/pcwtoday/article/0,1510,17890,00.htmlhttp://www.infosecuritymag.com/article_archive.htm#march2000http://dailynews.yahoo.com/h/ap/20000516/tc/computer_love_bug_74.htmlhttp://www.scmagazine.com/scmagazine/2000_04/cover/cover.htmlhttp://www.scmagazine.com/scmagazine/2000_04/cover/cover.htmlhttp://www.msnbc.com/news/417406.asphttp://www.msnbc.com/news/417406.asphttp://crimeandclues.com/index.htmhttp://www.fbi.gov/programs/lab/fsc/current/index.htmhttp://www.fbi.gov/programs/lab/fsc/current/index.htmhttp://project.honeynet.org/reverse/http://razor.bindview.com/tools/fenris/http://lcamtuf.coredump.cx/fenris/other.txthttp://lcamtuf.coredump.cx/fenris/reverse.txthttp://lcamtuf.coredump.cx/fenris/reverse.txthttp://lcamtuf.coredump.cx/fenris/be.txthttp://linuxassembly.org/resources.htmlhttp://linuxassembly.org/howto/Assembly-HOWTO.htmlhttp://linuxassembly.org/howto/Assembly-HOWTO.htmlhttp://www.programmerstools.org/decompilers.htmhttp://www.linuxdoc.org/LDP/lki/http://www.linuxdoc.org/LDP/lki/lki-2.html#ss2.11http://www.linuxdoc.org/LDP/lki/lki-2.html#ss2.11http://www.csee.uq.edu.au/csm/decompilation/http://www.datarescue.com/http://www.datarescue.be/downloadfreeware.htmhttp://www.delorie.com/search/search.cgi?db=gnudocs&search=gdbhttp://heather.cs.ucdavis.edu/~matloff/debug.htmlhttp://www.bcs.org.uk/lac/ids.htmhttp://www.wetstonetech.com/crime.htmhttp://www.fbi.gov/programs/lab/fsc/current/computer.htmhttp://www.cnn.com/2000/TECH/computing/07/26/detect.intruders.idg/index.htmlhttp://www.scmagazine.com/scmagazine/2000_09/survey/survey.htmlhttp://www.pcworld.com/pcwtoday/article/0,1510,17890,00.htmlhttp://www.pcworld.com/pcwtoday/article/0,1510,17890,00.htmlhttp://www.infosecuritymag.com/article_archive.htm#march2000http://dailynews.yahoo.com/h/ap/20000516/tc/computer_love_bug_74.htmlhttp://www.scmagazine.com/scmagazine/2000_04/cover/cover.htmlhttp://www.scmagazine.com/scmagazine/2000_04/cover/cover.htmlhttp://www.msnbc.com/news/417406.asphttp://www.msnbc.com/news/417406.asphttp://crimeandclues.com/index.htmhttp://www.fbi.gov/programs/lab/fsc/current/index.htmhttp://project.honeynet.org/reverse/http://razor.bindview.com/tools/fenris/http://lcamtuf.coredump.cx/fenris/other.txthttp://lcamtuf.coredump.cx/fenris/reverse.txthttp://lcamtuf.coredump.cx/fenris/reverse.txthttp://lcamtuf.coredump.cx/fenris/be.txthttp://linuxassembly.org/resources.htmlhttp://linuxassembly.org/howto/Assembly-HOWTO.htmlhttp://www.programmerstools.org/decompilers.htmhttp://www.linuxdoc.org/LDP/lki/http://www.linuxdoc.org/LDP/lki/lki-2.html#ss2.11http://www.linuxdoc.org/LDP/lki/lki-2.html#ss2.11http://www.csee.uq.edu.au/csm/decompilation/http://www.datarescue.com/http://www.datarescue.be/downloadfreeware.htmhttp://www.delorie.com/search/search.cgi?db=gnudocs&search=gdbhttp://heather.cs.ucdavis.edu/~matloff/debug.html -
8/8/2019 ID DD URLS
4/14
The Solaris Memory System: Sizing, Tools and Architecture
(PDF)
SE Toolkito Steganography
Steganalysis - Attacks against Steganography and Watermarking -
Countermeasures - , by Neil F. Johnson Defeating Statistical Steganalysis, CITI, University of Michigan
o Forensic analysis tools and related software
Fingerprint databases The Solaris Fingerprint Database
known goods
The NISTNational Software Reference Library (NSRL) File system documentation
Linux Filesystem Usage Info (provides links to
documentation on dozens of file system types supported by
Linux)
Microsoft documentation on FAT structure Disk Structures, by Alex Verstak
Table of parition types, the The Force Operating Systemand Software Design Project (PDF version
ISO 9660 Simplified for DOS/Windows, by Philip J.
Erdelsky File system integrity checking tools
Osiris
AIDE FTimes and HashDig
Time Zone Converter
The FIRE (formerly known as "Biatchux") bootable CD-ROMforensic toolkit chkwtmp (SunOS 4.x)
chklastlog (SunOS 4.x)
NT Objectives was mentioned in a DEFCON talk on forensics.They produce a free toolkit (that lets you do the same thing as find
does for free on Unix!)
NTI Information & Resource Page (Mostly Windows-specificinstructions, but some general forensic guidelines)
Slashdotthread on wiping hard drive contents
Put A Trace On It: A Command You Can ``truss'', SunSolve
Online document Signatures of Macintosh files
o Forensic analysis on related hardware
WiebeTECH (Fire Wire docking devices) Forensic-Computers.com
F.R.E.D.D.I.E.
The Image MASSter Solo 2 Forensic system Daten Airbag (hard drive write protection)
http://www.sun.com/sun-on-net/performance/vmsizing.pdfhttp://www.sun.com/sun-on-net/performance/vmsizing.pdfhttp://www.setoolkit.com/http://www.jjtc.com/Steganalysis/http://www.jjtc.com/Steganalysis/http://www.jjtc.com/Steganalysis/http://www.citi.umich.edu/u/provos/stego/http://sunsolve.sun.com/pub-cgi/show.pl?target=content/content7http://www.knowngoods.com/http://www.nsrl.nist.gov/index.htmlhttp://www.nsrl.nist.gov/index.htmlhttp://www.xenotime.net/linux/linux-fs.htmlhttp://www.microsoft.com/hwdev/download/hardware/FATGEN103.dochttp://members.tripod.com/~averstak/fatdox/00dindex.htmhttp://osdev.neopages.net/docs/partitiontypes.phphttp://osdev.neopages.net/docs/pdf/partitiontypes.pdfhttp://www.alumni.caltech.edu/~pje/iso9660.htmlhttp://osiris.shmoo.com/http://www.cs.tut.fi/~rammer/aide.htmlhttp://ftimes.sourceforge.net/FTimes/HashDig.shtmlhttp://ftimes.sourceforge.net/FTimes/HashDig.shtmlhttp://www.timezoneconverter.com/cgi-bin/tzc.tzchttp://fire.dmzs.com/http://biatchux.sourceforge.net/ftp://ftp.cert.dfn.de/pub/tools/admin/chkwtmp/chkwtmp.tar.Zftp://ftp.cert.dfn.de/pub/tools/admin/chklastlog/chklastlog.tar.Zhttp://www.ntobjectives.com/http://www.ntobjectives.com/forensic.htmhttp://www.forensics-intl.com/info.htmlhttp://slashdot.org/askslashdot/01/02/21/1752256.shtmlhttp://slashdot.org/askslashdot/01/02/21/1752256.shtmlhttp://sunsolve.sun.com/pub-cgi/show.pl?target=content/content10http://sunsolve.sun.com/pub-cgi/show.pl?target=content/content10http://www.macdisk.com/macsigen.php3http://wiebetech.com/http://www.forensic-computers.com/http://www.digitalintel.com/freddie.htmhttp://www.digitalintel.com/freddie.htmhttp://www.ics-iq.com/show_item_186.cfmhttp://www.daten-airbag.de/textvers/index.htmlhttp://www.sun.com/sun-on-net/performance/vmsizing.pdfhttp://www.sun.com/sun-on-net/performance/vmsizing.pdfhttp://www.setoolkit.com/http://www.jjtc.com/Steganalysis/http://www.jjtc.com/Steganalysis/http://www.citi.umich.edu/u/provos/stego/http://sunsolve.sun.com/pub-cgi/show.pl?target=content/content7http://www.knowngoods.com/http://www.nsrl.nist.gov/index.htmlhttp://www.xenotime.net/linux/linux-fs.htmlhttp://www.microsoft.com/hwdev/download/hardware/FATGEN103.dochttp://members.tripod.com/~averstak/fatdox/00dindex.htmhttp://osdev.neopages.net/docs/partitiontypes.phphttp://osdev.neopages.net/docs/pdf/partitiontypes.pdfhttp://www.alumni.caltech.edu/~pje/iso9660.htmlhttp://osiris.shmoo.com/http://www.cs.tut.fi/~rammer/aide.htmlhttp://ftimes.sourceforge.net/FTimes/HashDig.shtmlhttp://ftimes.sourceforge.net/FTimes/HashDig.shtmlhttp://www.timezoneconverter.com/cgi-bin/tzc.tzchttp://fire.dmzs.com/http://biatchux.sourceforge.net/ftp://ftp.cert.dfn.de/pub/tools/admin/chkwtmp/chkwtmp.tar.Zftp://ftp.cert.dfn.de/pub/tools/admin/chklastlog/chklastlog.tar.Zhttp://www.ntobjectives.com/http://www.ntobjectives.com/forensic.htmhttp://www.forensics-intl.com/info.htmlhttp://slashdot.org/askslashdot/01/02/21/1752256.shtmlhttp://sunsolve.sun.com/pub-cgi/show.pl?target=content/content10http://www.macdisk.com/macsigen.php3http://wiebetech.com/http://www.forensic-computers.com/http://www.digitalintel.com/freddie.htmhttp://www.ics-iq.com/show_item_186.cfmhttp://www.daten-airbag.de/textvers/index.html -
8/8/2019 ID DD URLS
5/14
Centurion Guard
o Destruction of data
Safe destruction of hard drives (This is good! ;) Zapping data on CDs! (NICE light show!)
o Incident costs, damage estimation, and risk analysis
A Study on Incident Costs and Frequencies, by VirginiaRezmierski , Adriana Carroll
, and Jamie Hine
Security Attribute Evaluation Method: A Cost Benefit Approach,by Shawn Butler, Carnegie Mellon University, International
Conference on Software Engineering 2002 (ICSE 2002)
Proceedings Multi-Attribute Risk Assessment, by Shawn Butler, Carnegie
Mellon University, Proceedings from Symposium on
Requirements Engineering for Information Security (SREIS 2002)
Attack Trees: Modeling security threats, by Bruce Schneier, Dr.
Dobb's Journal, December 1999 Attack Modeling for Information Security and Survivability,
Andrew P. Moore, Robert J. Ellison, Richard C. Linger, TechnicalNote CMU/SEI-2001-TN-001, March 2001
A Quick Tour of Attack Tree Based Risk Analysis Using
Secure/Tree, whitepaper by Amenaza.com, May 2002 Forensic Examination of a RIM (Blackberry) Wireless Device, by
Micheal W. Burnette, June 2002
What is RAID? Linux DTP Hardware RAID HOWTO, by Ram Samudrala, v1.6,
February 20, 2002
Computer/High-Tech Crime and Related Sites Resources for High-Tech Crime Units, Officer.com
Active defense ("Hack back")
o Internet Hack Back: Counter Attacks as Self-Defense or Vigilantism?, by
Vikas Jayawal, William Yurcik, David Doss, Illinois State Universityo Information Warfare Survivability:Is the Best Defense a Good Offense?,
by William Yurcik, Illinois State University
o Internet Attacks: A Policy Framework for Rules of Engagement, by
William Yurcik and David Doss, Illinois State University
o Appropriate Response: More Questions Than Answers, by Chris Loomis,
SecurityFocus INFOCUSo
Computers under attack can hack back, expert says, Mercury News,Auguest 3, 2002
o Can you hack back?, by Deborah Radcliff, NetworkWorld Fusion, June 1,
2000
o Should You Strike Back?, by Deborah Radcliff, Computerworld,
November 13, 2000o Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective
Defenses (book), by Ed Skoudis, Prentice Hall, ISBN 0130332739
http://www.centuriontech.com/centurion_guard.htmlhttp://homepage.cc/harddisk/http://www.netcomuk.co.uk/~wwl/cdzap.htmlhttp://www.usenix.org/publications/login/2000-8/features/incident.htmlhttp://www-2.cs.cmu.edu/~shawnb/SAEM-ICSE2002.pdfhttp://www-2.cs.cmu.edu/~shawnb/SAEM-ICSE2002.pdfhttp://www-2.cs.cmu.edu/~shawnb/SREIS.pdfhttp://www.ddj.com/documents/s=896/ddj9912a/9912a.htmhttp://www.cert.org/archive/pdf/01tn001.pdfhttp://www.amenaza.com/downloads/docs/QuickTour.pdfhttp://www.amenaza.com/downloads/docs/QuickTour.pdfhttp://www.rh-law.com/ediscovery/Blackberry.pdfhttp://www.adaptec.com/pdfs/RAID.pdfhttp://www.ram.org/computing/linux/dpt_raid.htmlhttp://members.aol.com/crimejust/hightech.htmlhttp://www.officer.com/special_ops/c_crimes.htmhttp://www.officer.com/special_ops/c_crimes.htmhttp://www.sosresearch.org/publications/ISTAS02hackback.PDFhttp://www.sosresearch.org/publications/ethics00.PDFhttp://arxiv.org/pdf/cs/0109078http://arxiv.org/pdf/cs/0109078http://www.securityfocus.com/infocus/1516http://www.siliconvalley.com/mld/siliconvalley/3795332.htmhttp://www.siliconvalley.com/mld/siliconvalley/3795332.htmhttp://www.cnn.com/2000/TECH/computing/06/01/hack.back.idg/http://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,53869,00.htmlhttp://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,53869,00.htmlhttp://www.amazon.com/exec/obidos/tg/detail/-/0130332739/ref=lib_dp_TFCV/104-0608421-6515164?v=glance&s=books&vi=reader#reader-linkhttp://www.amazon.com/exec/obidos/tg/detail/-/0130332739/ref=lib_dp_TFCV/104-0608421-6515164?v=glance&s=books&vi=reader#reader-linkhttp://www.centuriontech.com/centurion_guard.htmlhttp://homepage.cc/harddisk/http://www.netcomuk.co.uk/~wwl/cdzap.htmlhttp://www.usenix.org/publications/login/2000-8/features/incident.htmlhttp://www-2.cs.cmu.edu/~shawnb/SAEM-ICSE2002.pdfhttp://www-2.cs.cmu.edu/~shawnb/SREIS.pdfhttp://www.ddj.com/documents/s=896/ddj9912a/9912a.htmhttp://www.cert.org/archive/pdf/01tn001.pdfhttp://www.amenaza.com/downloads/docs/QuickTour.pdfhttp://www.amenaza.com/downloads/docs/QuickTour.pdfhttp://www.rh-law.com/ediscovery/Blackberry.pdfhttp://www.adaptec.com/pdfs/RAID.pdfhttp://www.ram.org/computing/linux/dpt_raid.htmlhttp://members.aol.com/crimejust/hightech.htmlhttp://www.officer.com/special_ops/c_crimes.htmhttp://www.sosresearch.org/publications/ISTAS02hackback.PDFhttp://www.sosresearch.org/publications/ethics00.PDFhttp://arxiv.org/pdf/cs/0109078http://www.securityfocus.com/infocus/1516http://www.siliconvalley.com/mld/siliconvalley/3795332.htmhttp://www.cnn.com/2000/TECH/computing/06/01/hack.back.idg/http://www.computerworld.com/governmenttopics/government/legalissues/story/0,10801,53869,00.htmlhttp://www.amazon.com/exec/obidos/tg/detail/-/0130332739/ref=lib_dp_TFCV/104-0608421-6515164?v=glance&s=books&vi=reader#reader-linkhttp://www.amazon.com/exec/obidos/tg/detail/-/0130332739/ref=lib_dp_TFCV/104-0608421-6515164?v=glance&s=books&vi=reader#reader-link -
8/8/2019 ID DD URLS
6/14
Cyberwarfare
o Glossary of Information Warfare terms
o The Law of Armed Conflict, Naval War College
o Cyberwarfare, by Steven A. Hildreth, Specialist in National Defense,
Foreign Affairs, Defense, & Trade Division, CRS Report for Congress,
June 19, 2001o Legal and Practical Constraints on Information Warfare, by Maj Karl
Kuschner, Air and Space Power Chronicles
o Why the Dogs of Cyberwar Stay Leashed: The United States could try out
its much-hyped "cyberwarfare" capabilities in Iraq... but it would probably
be illegal., by Mark Rasch, SecurityFocus, March 24, 2003
o Unleashing the dogs of cyber-war on Iraq!, by Brian McWilliams,
Salon.com, March 6, 2003
o CYBER ATTACK: IS THE GOVERNMENT SAFE?, Testimony from
hearing before the Committee on Governmental Affairs, United StatesSenate, March 2, 2000
o The Challenge of Information Warfare (Chinese views on InformationWarfare)
o Unrestricted Warfare
o DoDCCRP publications
o The First Networked War, Ground Zero, Issue 11
o Semantic Hacking, Dartmouth ISTS
o Information Warfare
o Bibliography of Information Warfare and Infrastructure Vulnerability
Documents
o Institute for the Advanced Study of Information Warfare (IASIW)
o Should U.S. pledge not to make first cyberstrike?, by Stephen M. Ryan,
GCN, August 3, 1998 (see also a Letter's to the Editor response fromFrank J. Stech)
o DOD preps office for cyberdefense, by Daniel Verton, Federal Computer
Week, July 13, 1998
o Cyberthreat: Protecting U.S. Information Networks, USIA Electronic
Journal, Vol. 3, No. 4, November 1998o Information Operations, Deterrence, and the Use of Force, by Roger W.
Barnett, Naval War College, 1998
Unix Administration and System Security
o Unix Administration Courses/Tools
Network and System Administration Resources, by Mark Burgess,
University College Oslo CIS 410/510, Introduction to System Administration, by Steve
VanDevender, University of Oregon
A Perl Tutorial: Super-Basics SPAM - I didn't like it on my breakfast plate as a kid, I don't like it
in my inbox now!
SpamCop
http://www.psycom.net/iwar.2.htmlhttp://www.nwc.navy.mil/library/3Publications/NWCLibraryPublications/LibNotes/liblawconf.htmhttp://www.fas.org/irp/crs/RL30735.pdfhttp://www.airpower.maxwell.af.mil/airchronicles/cc/kuschner.htmlhttp://www.securityfocus.com/columnists/149http://www.securityfocus.com/columnists/149http://www.securityfocus.com/columnists/149http://www.securityfocus.com/columnists/149http://www.salon.com/tech/feature/2003/03/06/iraq_geeks/index.htmlhttp://www.aliceinwonderland.com/library/cyberwar/cyberattack_safe.htmlhttp://www.fas.org/irp/world/china/docs/iw_mg_wang.htmhttp://www.dodccrp.org/IS/is_metrics/docs/Unrestricted_Warfare.dochttp://www.dodccrp.org/publicat.htmhttp://www.chretiens-et-juifs.org/article.php?voir%5B%5D=781&voir%5B%5D=2804#_Toc531499135http://www.ists.dartmouth.edu/IRIA/projects/d_semantic.htmhttp://www.ists.dartmouth.edu/IRIA/projects/d_semantic.htmhttp://www.au.af.mil/au/aul/bibs/infowar/inforprb.htmhttp://www.aracnet.com/~kea/info_war.htmlhttp://www.aracnet.com/~kea/info_war.htmlhttp://www.psycom.net/iwar.1.htmlhttp://www.gcn.com/archives/gcn/1998/august3/32b.htmhttp://www.gcn.com/archives/gcn/1998/September28/28a.htmhttp://www.fcw.com/fcw/articles/1998/FCW_071398_719.asphttp://www.fcw.com/fcw/articles/1998/FCW_071398_719.asphttp://usinfo.state.gov/journals/itps/1198/ijpe/toc.htmhttp://www.nwc.navy.mil/press/review/1998/spring/art1-sp8.htmhttp://www.iu.hio.no/SystemAdmin/http://www.cs.uoregon.edu/classes/cis410sysadminhttp://virtual.park.uga.edu/humcomp/perl/superbasic.htmlhttp://spamcop.net/http://www.psycom.net/iwar.2.htmlhttp://www.nwc.navy.mil/library/3Publications/NWCLibraryPublications/LibNotes/liblawconf.htmhttp://www.fas.org/irp/crs/RL30735.pdfhttp://www.airpower.maxwell.af.mil/airchronicles/cc/kuschner.htmlhttp://www.securityfocus.com/columnists/149http://www.securityfocus.com/columnists/149http://www.securityfocus.com/columnists/149http://www.salon.com/tech/feature/2003/03/06/iraq_geeks/index.htmlhttp://www.aliceinwonderland.com/library/cyberwar/cyberattack_safe.htmlhttp://www.fas.org/irp/world/china/docs/iw_mg_wang.htmhttp://www.dodccrp.org/IS/is_metrics/docs/Unrestricted_Warfare.dochttp://www.dodccrp.org/publicat.htmhttp://www.chretiens-et-juifs.org/article.php?voir%5B%5D=781&voir%5B%5D=2804#_Toc531499135http://www.ists.dartmouth.edu/IRIA/projects/d_semantic.htmhttp://www.au.af.mil/au/aul/bibs/infowar/inforprb.htmhttp://www.aracnet.com/~kea/info_war.htmlhttp://www.aracnet.com/~kea/info_war.htmlhttp://www.psycom.net/iwar.1.htmlhttp://www.gcn.com/archives/gcn/1998/august3/32b.htmhttp://www.gcn.com/archives/gcn/1998/September28/28a.htmhttp://www.fcw.com/fcw/articles/1998/FCW_071398_719.asphttp://usinfo.state.gov/journals/itps/1198/ijpe/toc.htmhttp://www.nwc.navy.mil/press/review/1998/spring/art1-sp8.htmhttp://www.iu.hio.no/SystemAdmin/http://www.cs.uoregon.edu/classes/cis410sysadminhttp://virtual.park.uga.edu/humcomp/perl/superbasic.htmlhttp://spamcop.net/ -
8/8/2019 ID DD URLS
7/14
The Internet Mail Relay Services Survey Projectcan test to
see if your server can be abused and has instructions on
how to prevent third party relaying of spam Why the UW is rejecting third-party relaying of email
How UW administrators canmake sendmail reject
relaying Anti-Spam Provisions in Sendmail 8.8
TheNational Fraud Information Center(NFIC)
FBI Internet Fraud Complaint Center FTC Names Its Dirty Dozen: 12 Scams Most Likely to
Arrive Via Bulk Email
Stop Junk Email
Fight Spam on the Internet! CAUCE - Coalition Against Unsolicited Commercial Email
SunWorld On-Line emagazine
Useless Use of 'cat' Awardo
Linux Kernel The National Security Agency (NSA) Secure Enhanced Linux
project Linux Headquarters
Journal File Systems, by Juan I. Santos Florido
LinuxPlanet - Tutorials - How to Compile the Linux Kernel Linux kernel capabilities FAQ
Upgrading the Linux Kernel on Red Hat Linux systems (RPM
style upgrade, not from source code)
IEEE 1394 (FireWire) for Linux Large File Support in Linux
Wacky uses for RAID, /dev/ram, and ramfs, by Mark Nielsen Linux BRIDGE-STP-HOWTO: About The Linux Modular Bridge
And STP, by Uwe Bhme
Linux Router Project (Documents)
Linux FreeS/WAN project Linux Administrators Security Guide (LASG)by Kurt Seifried
Bastille Linux Project (Red Hat Linux hardening script)
Securing Linux, Part 1: Elementary security for your Linux box ,
LinuxWorld article Linux Partition HOWTO at LinuxPlanet.com
EXT3 File System mini-HOWTO
Linux Filesystems HOWTOo CIAC-2318_IRC_On_Your_Dime.pdf
o TrustedBSD Project (Orange book B1 enhancements to FreeBSD)
o The Solaris Security FAQ at www.SunWorld.com
o The K Desktop Environment
o Governmental activity on cybercrime, information assurance.
Standing Guard Over Cyberspace: A new U.S. program trainsstudents in computer security, in exchange for government service,
http://www.imrss.org/http://www.imrss.org/http://staff.washington.edu/dittrich/misc/spam/email.blocking.txthttp://staff.washington.edu/dittrich/misc/spam/email.blocking.txthttp://staff.washington.edu/dittrich/misc/spam/relay.rejection.txthttp://staff.washington.edu/dittrich/misc/spam/relay.rejection.txthttp://www.sendmail.org/antispam.htmlhttp://www.fraud.org/http://www.fraud.org/http://www.fbi.gov/hq/cid/fc/ifcc/ifcc.htmhttp://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htmhttp://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htmhttp://www.mcs.com/~jcr/junkemail.htmlhttp://spam.abuse.net/spam/http://www.cauce.org/http://www.sun.com/sunworldonline/http://www.sektorn.mooo.com/era/unix/award.htmlhttp://www.nsa.gov/selinux/http://www.nsa.gov/selinux/http://www.nsa.gov/selinux/http://www.linuxhq.com/http://www.linuxgazette.com/issue55/florido.htmlhttp://www.linuxplanet.com/linuxplanet/tutorials/202/1/ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/capfaq-0.2.txthttp://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.htmlhttp://www.linux1394.org/http://www.suse.de/~aj/linux_lfs.htmlhttp://www.linuxfocus.org/English/July2001/article210.shtmlhttp://www.linuxfocus.org/English/July2001/article210.shtmlhttp://www.ibiblio.org/mdw/HOWTO/BRIDGE-STP-HOWTO/http://www.ibiblio.org/mdw/HOWTO/BRIDGE-STP-HOWTO/http://www.linuxrouter.org/http://lrp.c0wz.com/http://www.xs4all.nl/~freeswan/https://www.seifried.org/lasg/http://www.bastille-linux.org/http://linuxworld.com/linuxworld/lw-1999-05/lw-05-ramparts.htmlhttp://linuxworld.com/linuxworld/lw-1999-05/lw-05-ramparts.htmlhttp://www.linuxplanet.com/linuxplanet/tutorials/3174/1/http://www.symonds.net/~rajesh/howto/ext3/http://www.linuxdoc.org/HOWTO/Filesystems-HOWTO.htmlhttp://ciac.llnl.gov/ciac/documents/CIAC-2318_IRC_On_Your_Dime.pdfhttp://www.trustedbsd.org/http://www.sunworld.com/sunworldonline/common/security-faq.htmlhttp://www.kde.org/http://www.cis.utulsa.edu/InTheNews/StandingGuardOverCyberspace.asphttp://www.cis.utulsa.edu/InTheNews/StandingGuardOverCyberspace.asphttp://www.imrss.org/http://staff.washington.edu/dittrich/misc/spam/email.blocking.txthttp://staff.washington.edu/dittrich/misc/spam/relay.rejection.txthttp://staff.washington.edu/dittrich/misc/spam/relay.rejection.txthttp://www.sendmail.org/antispam.htmlhttp://www.fraud.org/http://www.fbi.gov/hq/cid/fc/ifcc/ifcc.htmhttp://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htmhttp://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htmhttp://www.mcs.com/~jcr/junkemail.htmlhttp://spam.abuse.net/spam/http://www.cauce.org/http://www.sun.com/sunworldonline/http://www.sektorn.mooo.com/era/unix/award.htmlhttp://www.nsa.gov/selinux/http://www.nsa.gov/selinux/http://www.linuxhq.com/http://www.linuxgazette.com/issue55/florido.htmlhttp://www.linuxplanet.com/linuxplanet/tutorials/202/1/ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/capfaq-0.2.txthttp://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.htmlhttp://www.linux1394.org/http://www.suse.de/~aj/linux_lfs.htmlhttp://www.linuxfocus.org/English/July2001/article210.shtmlhttp://www.ibiblio.org/mdw/HOWTO/BRIDGE-STP-HOWTO/http://www.ibiblio.org/mdw/HOWTO/BRIDGE-STP-HOWTO/http://www.linuxrouter.org/http://lrp.c0wz.com/http://www.xs4all.nl/~freeswan/https://www.seifried.org/lasg/http://www.bastille-linux.org/http://linuxworld.com/linuxworld/lw-1999-05/lw-05-ramparts.htmlhttp://www.linuxplanet.com/linuxplanet/tutorials/3174/1/http://www.symonds.net/~rajesh/howto/ext3/http://www.linuxdoc.org/HOWTO/Filesystems-HOWTO.htmlhttp://ciac.llnl.gov/ciac/documents/CIAC-2318_IRC_On_Your_Dime.pdfhttp://www.trustedbsd.org/http://www.sunworld.com/sunworldonline/common/security-faq.htmlhttp://www.kde.org/http://www.cis.utulsa.edu/InTheNews/StandingGuardOverCyberspace.asphttp://www.cis.utulsa.edu/InTheNews/StandingGuardOverCyberspace.asp -
8/8/2019 ID DD URLS
8/14
by David Kushner, IEEE Spectrum (republished by the Center for
Information Security)
Information Assurance Support Environment (IASE) Policy andGuidance
US Department of Justice Computer Crime and Intellectual
Property Section (CCIPS) Computer Intrusion Cases S. 1993 - Government Information Security Act of 1999
ASSURING SECURITY AND TRUST IN CYBERSPACE, White
House Chief of Staff John Podesta, July 17, 2000 FBI Carnivore Sucks E-Mail Millions (from cryptome.org)
ACLU and Corn-Revere Target FBI Carnivore (from
cryptome.org)
Activities of the Governmental Affairs Committee on GovernmentInformation Security, 1995-1999
Kevin Mitnik testimony to U.S. Senate, March 2, 2000
o General Accounting Office (GAO) reports/testimony
GAO-01-323 -- CRITICAL INFRASTRUCTURE PROTECTION:Significant Challenges in Developing National Capabilities, April
25, 2001 GAO/T-AIMD-00-229 -- CRITICAL INFRASTRUCTURE
PROTECTION: Comments on the Proposed Cyber Security
Information Act of 2000, June 22, 2000 GAO/T-AIMD-181 -- CRITICAL INFRASTRUCTURE
PROTECTION: "ILOVEYOU" Computer Virus Highlights Need
for Improved Alert and Coordination Capabilities, May 18, 2000
GAO/T-AIMD-171 -- INFORMATION SECURITY:"ILOVEYOU" Computer Virus Emphasizes Critical Need for
Agency and Governmentwide Improvements, May 10, 2000 GAO/T-AIMD-00-7 -- CRITICAL INFRASTRUCTURE
PROTECTION: Fundamental Improvements Needed to Assure
Security of Federal Operations, October 6, 1999
GAO/T-AIMD-99-223 -- INFORMATION SECURITY: RecentAttacks on Federal Web Sites Underscore Need for Stronger
Information Security Management, June 24, 1999
GAO/AIMD-99-47 -- INFORMATION SECURITY: Many NASA
Mission-Critical Systems Face Serious Risk, May 1999 GAO/AIMD-98-145 -- COMPUTER SECURITY: Pervasive,
Serious Weaknesses Jeopardize State Department Operations, May
1998 GAO/AIMD-98-155 -- AIR TRAFFIC CONTROL: Weak
Computer Security Practices Jeopardize Flight Safety, May 1998
GAO/T-AIMD-98-170 -- INFORMATION SECURITY: SeriousWeaknesses Put State Department and FAA Operations at Risk,
May 1998
GAO/AIMD-98-68 -- EXECUTIVE GUIDE: Information SecurityManagement -- Learning From Leading Organizations, May 1998
http://iase.disa.mil/policy.htmlhttp://iase.disa.mil/policy.htmlhttp://www.cybercrime.gov/cccases.htmlhttp://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_bills&docid=f:s1993is.txt.pdfhttp://www.whitehouse.gov/library/hot_releases/July_17_2000.htmlhttp://cryptome.org/fbi-sucks.htmhttp://cryptome.org/fbi-sucks2.htmhttp://www.senate.gov/~gov_affairs/cyber_activities.htmhttp://www.senate.gov/~gov_affairs/cyber_activities.htmhttp://www.senate.gov/~gov_affairs/cyber_activities.htmhttp://www.2600.com/news/2000/0302-test.htmlhttp://www.gao.gov/http://www.gao.gov/cgi-bin/getrpt?gao-01-323http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-229http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-181http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-171http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-7http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-99-223http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-99-47http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-145http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-155http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-98-170http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-68http://iase.disa.mil/policy.htmlhttp://iase.disa.mil/policy.htmlhttp://www.cybercrime.gov/cccases.htmlhttp://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=106_cong_bills&docid=f:s1993is.txt.pdfhttp://www.whitehouse.gov/library/hot_releases/July_17_2000.htmlhttp://cryptome.org/fbi-sucks.htmhttp://cryptome.org/fbi-sucks2.htmhttp://www.senate.gov/~gov_affairs/cyber_activities.htmhttp://www.senate.gov/~gov_affairs/cyber_activities.htmhttp://www.2600.com/news/2000/0302-test.htmlhttp://www.gao.gov/http://www.gao.gov/cgi-bin/getrpt?gao-01-323http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-229http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-181http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-171http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-00-7http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-99-223http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-99-47http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-145http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-155http://www.gao.gov/cgi-bin/getrpt?GAO/T-AIMD-98-170http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-68 -
8/8/2019 ID DD URLS
9/14
GAO/HR-97-1 -- HIGH RISK SERIES: An Overview, February
1997
GAO/HR-97-9 -- HIGH RISK SERIES: Information Managementand Technology, February 1997
o NIST Computer Security Special Publications
The Inevitability of Failure: The Flawed Assumption of Security inModern Computing Environments (.pdf)Peter A. Loscocco,
Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S.
Jeff Turner, John F. Farrell, National Security Agency
o http://www.alw.nih.gov/Security/security-docs.html
o You can't think of any ways to make money off security holes?
DigiCrime, Inc. has! ;)
o Back issues of SunWorld Online's Security column
o INFO SECURITY NEWS magazine
Miscellaneous Security related pages
o www.infosec-technologies.com
o SecWiz Security Guideso Bill Wall's list of hacker incidents
o An Analysis Of Security Incidents On The Internet: 1989 - 1995 , by John
D. Howard, April 7, 1997
o The BlackHat Briefings and DEFCON
o The OpenBSD Project produces a very secure (out of the box) version of
Unix
o Kerberos: The Network Authentication Protocol
o Security Tools
SSH
New features in Secure Shell Version 2.2
dsniff and SSH: Reports of My Demise are GreatlyExaggerated, by Richard E. Silverman
dsniff Nessus (vulnerability auditing tool)
Ramenfind (Identification and cleanup tool for the Linux "Ramen"
worm.) ftp://ftp.psy.uq.oz.au/pub/Crypto (DES and SSL) Improved whois client
Domain Name Whois (dnw)
Sam Spade Tools (online tools) Trinux
immunix.org nmap RFC 1470: Tools for Monitoring and Debugging TCP/IP Internets
and Interconnected Devices
Cryptographic File System (CFS)
o Archives/News
The Computer Security History Project Home Page[GREAT
collection of unpublished seminal papers in computer security]
http://www.gao.gov/cgi-bin/getrpt?GAO/HR-97-1http://www.gao.gov/cgi-bin/getrpt?GAO/HR-97-9http://csrc.nist.gov/nistpubs/http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdfhttp://www.alw.nih.gov/Security/security-docs.htmlhttp://www.digicrime.com/http://www.sun.com/sunworldonline/common/swol-backissues-columns.html#securityhttp://www.sun.com/sunworldonline/common/swol-backissues-columns.html#securityhttp://www.infosecnews.com/http://www.infosec-technologies.com/http://www.secwiz.com/http://www.geocities.com/SiliconValley/Lab/7378/hacker.htmhttp://www.cert.org/research/JHThesis/Start.htmlhttp://www.blackhat.com/http://www.defcon.org/http://www.openbsd.org/http://web.mit.edu/kerberos/www/http://www.ssh.com/products/ssh/administrator/New_Features_in_SSH_Secure_Shell_Version_2_2.htmlhttp://sysadmin.oreilly.com/news/silverman_1200.htmlhttp://sysadmin.oreilly.com/news/silverman_1200.htmlhttp://www.monkey.org/~dugsong/dsniff/http://www.nessus.org/http://www.ists.dartmouth.edu/IRIA/knowledge_base/tools/ramenfind.htmlftp://ftp.psy.uq.oz.au/pub/Cryptohttp://www.linux.it/~md/software/http://mjhb.marina-del-rey.ca.us/dnw/http://www.samspade.org/t/refer.cgi?m=1&a=http://www.trinux.org/http://immunix.org/http://www.insecure.org/nmap/index.htmlhttp://andrew2.andrew.cmu.edu/rfc/rfc1470.htmlhttp://andrew2.andrew.cmu.edu/rfc/rfc1470.htmlhttp://andrew2.andrew.cmu.edu/rfc/rfc1470.htmlhttp://www.fokus.gmd.de/linux/FAQ/asc/security/Cryptographic-File-Systemhttp://seclab.cs.ucdavis.edu/projects/history/http://seclab.cs.ucdavis.edu/projects/history/http://www.gao.gov/cgi-bin/getrpt?GAO/HR-97-1http://www.gao.gov/cgi-bin/getrpt?GAO/HR-97-9http://csrc.nist.gov/nistpubs/http://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF1.pdfhttp://www.alw.nih.gov/Security/security-docs.htmlhttp://www.digicrime.com/http://www.sun.com/sunworldonline/common/swol-backissues-columns.html#securityhttp://www.infosecnews.com/http://www.infosec-technologies.com/http://www.secwiz.com/http://www.geocities.com/SiliconValley/Lab/7378/hacker.htmhttp://www.cert.org/research/JHThesis/Start.htmlhttp://www.blackhat.com/http://www.defcon.org/http://www.openbsd.org/http://web.mit.edu/kerberos/www/http://www.ssh.com/products/ssh/administrator/New_Features_in_SSH_Secure_Shell_Version_2_2.htmlhttp://sysadmin.oreilly.com/news/silverman_1200.htmlhttp://sysadmin.oreilly.com/news/silverman_1200.htmlhttp://www.monkey.org/~dugsong/dsniff/http://www.nessus.org/http://www.ists.dartmouth.edu/IRIA/knowledge_base/tools/ramenfind.htmlftp://ftp.psy.uq.oz.au/pub/Cryptohttp://www.linux.it/~md/software/http://mjhb.marina-del-rey.ca.us/dnw/http://www.samspade.org/t/refer.cgi?m=1&a=http://www.trinux.org/http://immunix.org/http://www.insecure.org/nmap/index.htmlhttp://andrew2.andrew.cmu.edu/rfc/rfc1470.htmlhttp://andrew2.andrew.cmu.edu/rfc/rfc1470.htmlhttp://www.fokus.gmd.de/linux/FAQ/asc/security/Cryptographic-File-Systemhttp://seclab.cs.ucdavis.edu/projects/history/ -
8/8/2019 ID DD URLS
10/14
attrition.org
Neophapsis archives
LinuxSecurity.com Vampi'salt.hackers.malicious graveyard (alternate link)
o TCP/IP vulnerabilities, exploits, coding, etc.
Playing redir games with ARP and ICMP A Short Overview of IP spoofing: PART I
An Advanced 4.3 BSD Interprocess Communication Tutorial
The Raw IP Network Programming FAQ
o Network monitoring/Intrusion Detection Systems (IDS)
Leading non-commercial IDSs
Snort (a free, lightweight IDS) www.snort.org
I have a set of scripts for managing snort logs and
rules, and a Red Hat Linux rc script to start/stop
snort, that you might find useful -- See the
README.snort-stufffile for more info. Network Flight Recorder (NFR)
Implementing a Generalized Tool for Network
Monitoring
Shadow
SHADOW Indications Technical Analysis --
Coordinated Attacks and Probes (nwsc.navy.mil)
Bro
Bro: A System for Detecting Network Intruders in
Real-Time Insertion, Evasion, and Denial of Service: Eluding Network
Intrusion Detection Thomas Ptacek and Tim Newsham(PostScript) [PDF] Intrusion Detection Systems (IDS) FAQ
The Honeynet Project
Challenges Research topics
Whitepapers (the "Know your Enemy" series)
Tools Speaking
Trojan Horses - Known Port Numbers
Symovits Consulting Trojan Port list
Robert Graham's FAQs on IDS, Sniffers, and Firewalls Interpreting Network Traffic: A Network Intrusion Detector's Look
at Suspicious Events (PDF)by Richard Bejtlich
The BSD Packet Filter: A New Architecture for User-level Packet
Capture, Steven McCanne and Van Jackobson, Lawrence Berkeley
Laboratory (The underlying packet capture facility used by many
IDSs)
http://www.attrition.org/http://archives.neohapsis.com/http://www.linuxsecurity.com/http://ahmgraveyard.50megs.com/http://ahmgraveyard.50megs.com/http://www.bigfoot.com/~vfangshttp://staff.washington.edu/dittrich/papers/arp_fun.txthttp://staff.washington.edu/dittrich/papers/IP-spoof-1.txthttp://staff.washington.edu/dittrich/papers/ipc_tutorial.pshttp://www.whitefang.com/rin/http://www.whitefang.com/rin/http://www.snort.org/http://staff.washington.edu/dittrich/misc/snort-stuff.tarhttp://staff.washington.edu/dittrich/misc/README.snort-stuffhttp://staff.washington.edu/dittrich/papers/netmonitor.pshttp://staff.washington.edu/dittrich/papers/netmonitor.pshttp://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txthttp://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txthttp://staff.washington.edu/dittrich/papers/bro-usenix98-revised.pshttp://staff.washington.edu/dittrich/papers/bro-usenix98-revised.pshttp://www.securityfocus.com/data/library/ids.pshttp://www.securityfocus.com/data/library/ids.pshttp://www.securityfocus.com/data/library/ids.pdfhttp://www.ticm.com/kb/faq/idsfaq.htmlhttp://project.honeynet.org/http://project.honeynet.org/misc/chall.htmlhttp://project.honeynet.org/research/http://project.honeynet.org/papers/http://project.honeynet.org/tools/http://project.honeynet.org/presentations/http://www.xploiter.com/security/trojanport.htmlhttp://www.simovits.com/nyheter9902.htmlhttp://www.robertgraham.com/pubs/http://home.satx.rr.com/bejtlich/nid_3pe_v101.pdfhttp://home.satx.rr.com/bejtlich/nid_3pe_v101.pdfhttp://home.satx.rr.com/bejtlich/nid_3pe_v101.pdfhttp://home.satx.rr.com/bejtlich/nid_3pe_v101.pdfhttp://staff.washington.edu/dittrich/papers/bpf-usenix93.pshttp://staff.washington.edu/dittrich/papers/bpf-usenix93.pshttp://www.attrition.org/http://archives.neohapsis.com/http://www.linuxsecurity.com/http://ahmgraveyard.50megs.com/http://www.bigfoot.com/~vfangshttp://staff.washington.edu/dittrich/papers/arp_fun.txthttp://staff.washington.edu/dittrich/papers/IP-spoof-1.txthttp://staff.washington.edu/dittrich/papers/ipc_tutorial.pshttp://www.whitefang.com/rin/http://www.snort.org/http://staff.washington.edu/dittrich/misc/snort-stuff.tarhttp://staff.washington.edu/dittrich/misc/README.snort-stuffhttp://staff.washington.edu/dittrich/papers/netmonitor.pshttp://staff.washington.edu/dittrich/papers/netmonitor.pshttp://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txthttp://www.nswc.navy.mil/ISSEC/CID/co-ordinated_analysis.txthttp://staff.washington.edu/dittrich/papers/bro-usenix98-revised.pshttp://staff.washington.edu/dittrich/papers/bro-usenix98-revised.pshttp://www.securityfocus.com/data/library/ids.pshttp://www.securityfocus.com/data/library/ids.pshttp://www.securityfocus.com/data/library/ids.pdfhttp://www.ticm.com/kb/faq/idsfaq.htmlhttp://project.honeynet.org/http://project.honeynet.org/misc/chall.htmlhttp://project.honeynet.org/research/http://project.honeynet.org/papers/http://project.honeynet.org/tools/http://project.honeynet.org/presentations/http://www.xploiter.com/security/trojanport.htmlhttp://www.simovits.com/nyheter9902.htmlhttp://www.robertgraham.com/pubs/http://home.satx.rr.com/bejtlich/nid_3pe_v101.pdfhttp://home.satx.rr.com/bejtlich/nid_3pe_v101.pdfhttp://staff.washington.edu/dittrich/papers/bpf-usenix93.pshttp://staff.washington.edu/dittrich/papers/bpf-usenix93.ps -
8/8/2019 ID DD URLS
11/14
Intrusion Detection Systems and A ViewTo Its ForensicApplications University of Melbourne (PostScript)
TrinityOS The Cooperative Intrusion Detection Evaluation and Response
(CIDER) Project
A Framework for Cooperative Intrusion Detection (.pdf), JesseMcConnell, Deborah Frincke, Don Tobin, Jamie Marconi, Dean
Polla, University of Idaho
The Autonomous Agents for Intrusion Detection Group
o Public domain packet capture/analysis tools
[Note: Basic packet capture can be done by reading the network device
directly, but saving packets for future use, and use by other tools, requires
a standard library. Libpcap is that standard, and tcpdump is the mostcommon basic tool for packet capture.]
libpcap/tcpdump ngrep
tcptrace tcpslice
tcpdstat (part of theWIDE Project tcpd tools package) [Here ismy
own modified version(MD5 hash), ported to Linux and with moreprotocols.]
CoralReef
dsniff Ethereal Snort
sniffito Firewalls
NDC Logical Firewall prototype (based on Gibraltar, Linux based
bootable CD-ROM firewall)
OpenBSD Filtering Bridge Firewall OpenBSD Packet Filterdocumentation at benzedrine.cx
OpenBSD bridge without IPs using IPF Tutorial, by Doug
Hogan and Bryan Hinton, DaemonNews IP Filter resources
Real Stateful TCP Packet Filtering in IP Filterby Guido
Van Rooij
OpenBSD FAQ section6.0 Networking OpenBSD FAQ section13.0 Using IPSec (IP Security
Protocol)
OpenBSD man pages: BRIDGE(4),BRCONFIG(8),HOSTNAME.IF(5),IPF(5), IPF(8), IPFSTAT(8)
Free Software Firewall Guide - IPF HOWTO
MINI-FAQ: OpenBSD 2.4 IPSEC VPN Configuration,Steve McQuade, v1.07 - March 2, 1999
http://www.securityfocus.com/data/library/idsforensics.pshttp://www.securityfocus.com/data/library/idsforensics.pshttp://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wrihttp://www.nswc.navy.mil/ISSEC/CID/http://www.nswc.navy.mil/ISSEC/CID/http://csrc.nist.gov/nissc/1998/proceedings/paperF6.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF6.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF6.pdfhttp://csrc.nist.gov/nissc/1998/proceedings/paperF6.pdfhttp://www.cs.purdue.edu/coast/projects/autonomous-agents.htmlhttp://www.tcpdump.org/http://www.packetfactory.net/projects/ngrep/http://jarok.cs.ohiou.edu/software/tcptrace/tcptrace.htmlftp://ftp.ee.lbl.gov/tcpslice.tar.gzftp://tracer.csl.sony.co.jp/pub/mawi/tools/tcpd-tools.tar.gzhttp://www.csl.sony.co.jp/person/kjc/papers/freenix2000/draft.htmlhttp://www.csl.sony.co.jp/person/kjc/papers/freenix2000/draft.htmlhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw.tarhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw.tarhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw.tarhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw.tarhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw-tar-md5sum.txthttp://www.caida.org/tools/measurement/coralreef/http://www.monkey.org/~dugsong/dsniff/http://www.ethereal.com/http://www.snort.org/http://sniffit.rug.ac.be/sniffit/sniffit.htmlhttp://staff.washington.edu/corey/fw/http://gibraltar.vianova.at/http://www.benzedrine.cx/pf.htmlhttp://www.daemonnews.org/200103/ipf_bridge.htmlhttp://www.obfuscation.org/ipf/http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gzhttp://www.openbsd.com/faq/faq6.htmlhttp://www.openbsd.com/faq/faq6.htmlhttp://www.openbsd.com/faq/faq13.htmlhttp://www.openbsd.com/faq/faq13.htmlhttp://www.openbsd.com/faq/faq13.htmlhttp://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4&apropos=0&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4&apropos=0&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=brconfig&sektion=8&apropos=0&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=hostname.if&sektion=5&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=5&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=5&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=8&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipfstat&sektion=8&manpath=OpenBSD+Currenthttp://guides.gnusecurity.org/firewall/ipf/howto-fun.htmlhttp://www.codetalker.com/greenbox/docs/vpn-24-minifaq.htmlhttp://www.securityfocus.com/data/library/idsforensics.pshttp://www.securityfocus.com/data/library/idsforensics.pshttp://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wrihttp://www.nswc.navy.mil/ISSEC/CID/http://www.nswc.navy.mil/ISSEC/CID/http://csrc.nist.gov/nissc/1998/proceedings/paperF6.pdfhttp://www.cs.purdue.edu/coast/projects/autonomous-agents.htmlhttp://www.tcpdump.org/http://www.packetfactory.net/projects/ngrep/http://jarok.cs.ohiou.edu/software/tcptrace/tcptrace.htmlftp://ftp.ee.lbl.gov/tcpslice.tar.gzftp://tracer.csl.sony.co.jp/pub/mawi/tools/tcpd-tools.tar.gzhttp://www.csl.sony.co.jp/person/kjc/papers/freenix2000/draft.htmlhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw.tarhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw.tarhttp://staff.washington.edu/dittrich/tools/tcpdstat-uw-tar-md5sum.txthttp://www.caida.org/tools/measurement/coralreef/http://www.monkey.org/~dugsong/dsniff/http://www.ethereal.com/http://www.snort.org/http://sniffit.rug.ac.be/sniffit/sniffit.htmlhttp://staff.washington.edu/corey/fw/http://gibraltar.vianova.at/http://www.benzedrine.cx/pf.htmlhttp://www.daemonnews.org/200103/ipf_bridge.htmlhttp://www.obfuscation.org/ipf/http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gzhttp://www.openbsd.com/faq/faq6.htmlhttp://www.openbsd.com/faq/faq13.htmlhttp://www.openbsd.com/faq/faq13.htmlhttp://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4&apropos=0&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=brconfig&sektion=8&apropos=0&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=hostname.if&sektion=5&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=5&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipf&sektion=8&manpath=OpenBSD+Currenthttp://www.openbsd.org/cgi-bin/man.cgi?query=ipfstat&sektion=8&manpath=OpenBSD+Currenthttp://guides.gnusecurity.org/firewall/ipf/howto-fun.htmlhttp://www.codetalker.com/greenbox/docs/vpn-24-minifaq.html -
8/8/2019 ID DD URLS
12/14
TheNetBSD/i386 Firewall Project
Linux LAN & Firewall FAQ
Linux firewall facilities for kernel-level packet screeningby X/OS Internet Firewalls Frequently Asked Questions
The TAMU Security Package: An Ongoing Response to Internet
Intruders in an Academic Environment Network (In)Security Through IP Packet Filtering, Brent Chapman
(SeeNIST 800-10)
o Virtual Private Networks (VPNs)/Crypto tunnels
Routing and Subnetting 101, by James T. Dennis, Linux Gazette
How to setup IPSec interoperable for Linux, OpenBSD and
PGPNet, by Hans-Jrg Hxer
CIPE - Crypto IP Encapsulation VPS 2.0: Secure, Open Source VPN for Linux
The VPN HOWTO
"Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol
(PPTP)" by B. Schneier and P. Mudgeo Security Policy/Incident Response
RFPolicy 2.0by Rain Forest Puppy Best Practices RFCs
RFC1173, Responsibilities of Host and Network Managers
-- A Summary of the "Oral Tradition" of the Internet RFC2196, Site Security Handbook
RFC2350, Expectations for Computer Security Incident
Response RFC2504, Users' Security Handbook
(SeeNIST 800-18)
(SeeNIST 800-14) (SeeNIST 800-12) (SeeNIST 800-xx)
Harvard University's Information Security Handbook
Handbook for Computer Security Incident Response Teams(CSIRTs), Moira J. West-Brown, Don Stikvort, and Klaus-Peter
Kossakowski
Forming an Incident Response Team, Danny Smith
o Network Security
Ethernet Codes master page
The Ehternet FAQ
A Study of BGP Misconfiguration, by
An Analysis of Using Reflectors for Distributed Denial-of-Service
Attacks, by Vern Paxson, June 2001 RFC 2267 -- Network Ingress Filtering: Defeating Denial of
Service Attacks which employ IP Source Address Spoofing, by
Paul Fergussen and Daniel Senie
http://www.dubbele.com/http://linux-firewall-tools.com/linuxhttp://www.xos.nl/linux/ipfwadm/paper/http://www.interhack.net/pubs/fwfaq/http://drawbridge.tamu.edu/tamu-security.pdfhttp://drawbridge.tamu.edu/tamu-security.pdfhttp://drawbridge.tamu.edu/tamu-security.pdfftp://ftp.greatcircle.com/pub/firewalls/pkt_filtering.ps.Zhttp://www.washington.edu/People/dad/#nist-800-10http://www.linuxgazette.com/issue36/tag/a.htmlhttp://www.rommel.stw.uni-erlangen.de/~hshoexer/ipsec-howto/HOWTO.htmlhttp://www.rommel.stw.uni-erlangen.de/~hshoexer/ipsec-howto/HOWTO.htmlhttp://sites.inka.de/~W1011/devel/cipe.htmlhttp://www.strongcrypto.com/http://metalab.unc.edu/LDP/HOWTO/mini/VPN.htmlhttp://www.counterpane.com/pptp.htmlhttp://www.counterpane.com/pptp.htmlhttp://www.wiretrip.net/rfp/policy.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc1173.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc2196.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc2350.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc2504.htmlhttp://www.washington.edu/People/dad/#nist-800-18http://www.washington.edu/People/dad/#nist-800-14http://www.washington.edu/People/dad/#nist-800-12http://www.washington.edu/People/dad/#nist-800-xxhttp://all.net/books/document/harvard.htmlhttp://www.sei.cmu.edu/publications/documents/98.reports/98hb001/98hb001abstract.htmlhttp://www.sei.cmu.edu/publications/documents/98.reports/98hb001/98hb001abstract.htmlhttp://www.auscert.org.au/Information/Auscert_info/Papers/Forming_an_Incident_Response_Team.htmlhttp://www.auscert.org.au/Information/Auscert_info/Papers/Forming_an_Incident_Response_Team.htmlhttp://map-ne.com/Ethernet/http://www.ethermanage.com/ethernet/enet-faqs/ethernet-faq.htmlhttp://www.ethermanage.com/ethernet/enet-faqs/ethernet-faq.htmlhttp://www.cs.washington.edu/homes/ratul/bgp/index.htmlhttp://www.icir.org/vern/papers/reflectors.CCR.01/reflectors.htmlhttp://www.icir.org/vern/papers/reflectors.CCR.01/reflectors.htmlftp://ftp.isi.edu/in-notes/rfc2267.txtftp://ftp.isi.edu/in-notes/rfc2267.txtftp://ftp.isi.edu/in-notes/rfc2267.txthttp://www.dubbele.com/http://linux-firewall-tools.com/linuxhttp://www.xos.nl/linux/ipfwadm/paper/http://www.interhack.net/pubs/fwfaq/http://drawbridge.tamu.edu/tamu-security.pdfhttp://drawbridge.tamu.edu/tamu-security.pdfftp://ftp.greatcircle.com/pub/firewalls/pkt_filtering.ps.Zhttp://www.washington.edu/People/dad/#nist-800-10http://www.linuxgazette.com/issue36/tag/a.htmlhttp://www.rommel.stw.uni-erlangen.de/~hshoexer/ipsec-howto/HOWTO.htmlhttp://www.rommel.stw.uni-erlangen.de/~hshoexer/ipsec-howto/HOWTO.htmlhttp://sites.inka.de/~W1011/devel/cipe.htmlhttp://www.strongcrypto.com/http://metalab.unc.edu/LDP/HOWTO/mini/VPN.htmlhttp://www.counterpane.com/pptp.htmlhttp://www.counterpane.com/pptp.htmlhttp://www.wiretrip.net/rfp/policy.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc1173.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc2196.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc2350.htmlhttp://www.cis.ohio-state.edu/htbin/rfc/rfc2504.htmlhttp://www.washington.edu/People/dad/#nist-800-18http://www.washington.edu/People/dad/#nist-800-14http://www.washington.edu/People/dad/#nist-800-12http://www.washington.edu/People/dad/#nist-800-xxhttp://all.net/books/document/harvard.htmlhttp://www.sei.cmu.edu/publications/documents/98.reports/98hb001/98hb001abstract.htmlhttp://www.sei.cmu.edu/publications/documents/98.reports/98hb001/98hb001abstract.htmlhttp://www.auscert.org.au/Information/Auscert_info/Papers/Forming_an_Incident_Response_Team.htmlhttp://map-ne.com/Ethernet/http://www.ethermanage.com/ethernet/enet-faqs/ethernet-faq.htmlhttp://www.cs.washington.edu/homes/ratul/bgp/index.htmlhttp://www.icir.org/vern/papers/reflectors.CCR.01/reflectors.htmlhttp://www.icir.org/vern/papers/reflectors.CCR.01/reflectors.htmlftp://ftp.isi.edu/in-notes/rfc2267.txtftp://ftp.isi.edu/in-notes/rfc2267.txt -
8/8/2019 ID DD URLS
13/14
RFC 2644 -- Changing the Default for Directed Broadcasts in
Routers, by Daniel Senie
"Essential IOS" - Features Every ISP Should Consider, CiscoSystems Inc.
Distributed Denial of Service (DDoS) News Flash, Cisco Systems
Inc. Characterizing and Tracing Packet Floods Using Cisco Routers,
Cisco Systems Inc.
Policing and Shaping Overview, Cisco whitepaper on rate limiting Denial of Service (DoS) Attack Resources, by Paul Ferguson
Notes from Lockheed Martin conference on DDoS vendor
solutions, December 20, 2001
See also my Distributed Denial of Service (DDoS) Attacks/toolspage.
o Secure Email
Gnu Privacy Guard (GPG)
Integrating Pine with PGP/GPG Topal: GPG and Pine integration
MIT's PGP Freeware site PGPi's PGP Tools, shells, and plugins page
pgpenvelope(Pine & PGP/GPG integration tool)
o Wireless Security
www.infosec-technologies.com ( Outstanding Book on Wireless
Security)
WildPackets' AiroPeek802.11b wireless protocol analyzer An Introduction to Lucent's WaveLAN Wireless Cards, by Rob
Flickenger
wmwave (dockable GTK application to show wireless signalstrength) Wireless Security, by Jim Reavis, Network World Fusion
AirLink Communications CDPD protocol analyzer
o Secure Programming
How to Write Secure Code, by the Shmoo Group
Writing Secure SUID Programsby Matt Bishop
Secure Programming for Linux and Unix HOWTO, by David A.Wheeler
Designing secure software -- SunWorld, April 1998
Security Code Review Guidelinesby Adam Shostack
Writing More Secure CGI Scripts, by Les Cottrell Software Vulnerability Analysis
Windows 9X/NT/2000 Administration and Security
o Remapping Ctrl and Caps Lock in Windows! (I *hate* keyboards that
have it wrong!)
o The UWICK Contents - Summer Quarter 2000 (Contains
BetterTelnet/Kerberos for Mac, and TeraTerm/SSH for Windows)
ftp://ftp.isi.edu/in-notes/rfc2644.txtftp://ftp.isi.edu/in-notes/rfc2644.txthttp://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.ziphttp://www.cisco.com/warp/public/707/newsflash.htmlhttp://www.cisco.com/warp/public/707/newsflash.htmlhttp://www.cisco.com/warp/public/707/22.htmlhttp://www.cisco.com/warp/public/707/22.htmlhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart4/qcpolts.htmhttp://www.denialinfo.com/http://staff.washington.edu/dittrich/misc/ddos/lockheed.txthttp://staff.washington.edu/dittrich/misc/ddos/lockheed.txthttp://staff.washington.edu/dittrich/misc/ddos/http://www.gnupg.org/http://www.lothlann.freeserve.co.uk/pjb/topal/README.htmlhttp://web.mit.edu/network/pgp.htmlhttp://web.mit.edu/network/pgp.htmlhttp://www.pgpi.org/products/tools/http://pgpenvelope.sourceforge.net/http://pgpenvelope.sourceforge.net/http://www.infosec-technologies.com/http://www.wildpackets.com/products/airopeekhttp://www.oreillynet.com/lpt/a/442http://www.schuermann.org/~dockapps/http://www.nwfusion.com/newsletters/sec/1220sec1.htmlhttp://www.airlink.com/info/ana_mkt.htmlhttp://www.shmoo.com/securecode/http://nob.cs.ucdavis.edu/~bishop/secprog/index.htmlhttp://www.linuxdoc.org/HOWTO/Secure-Programs-HOWTO/http://www.linuxdoc.org/HOWTO/Secure-Programs-HOWTO/http://packetstormsecurity.nl/programming-tutorials/design.secure.software.htmlhttp://packetstorm.widexs.nl/programming-tutorials/code.review.htmlhttp://www.slac.stanford.edu/slac/www/resource/how-to-use/cgi-rexx/cgi-security.htmlhttp://staff.washington.edu/dittrich/papers/krsul-phd-thesis.pshttp://www.annoyances.org/exec/forum/winxp/r1017256194http://www.annoyances.org/exec/forum/winxp/r1017256194http://www.washington.edu/computing/software/uwick/contents.htmlftp://ftp.isi.edu/in-notes/rfc2644.txtftp://ftp.isi.edu/in-notes/rfc2644.txthttp://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.ziphttp://www.cisco.com/warp/public/707/newsflash.htmlhttp://www.cisco.com/warp/public/707/22.htmlhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart4/qcpolts.htmhttp://www.denialinfo.com/http://staff.washington.edu/dittrich/misc/ddos/lockheed.txthttp://staff.washington.edu/dittrich/misc/ddos/lockheed.txthttp://staff.washington.edu/dittrich/misc/ddos/http://www.gnupg.org/http://www.lothlann.freeserve.co.uk/pjb/topal/README.htmlhttp://web.mit.edu/network/pgp.htmlhttp://www.pgpi.org/products/tools/http://pgpenvelope.sourceforge.net/http://www.infosec-technologies.com/http://www.wildpackets.com/products/airopeekhttp://www.oreillynet.com/lpt/a/442http://www.schuermann.org/~dockapps/http://www.nwfusion.com/newsletters/sec/1220sec1.htmlhttp://www.airlink.com/info/ana_mkt.htmlhttp://www.shmoo.com/securecode/http://nob.cs.ucdavis.edu/~bishop/secprog/index.htmlhttp://www.linuxdoc.org/HOWTO/Secure-Programs-HOWTO/http://packetstormsecurity.nl/programming-tutorials/design.secure.software.htmlhttp://packetstorm.widexs.nl/programming-tutorials/code.review.htmlhttp://www.slac.stanford.edu/slac/www/resource/how-to-use/cgi-rexx/cgi-security.htmlhttp://staff.washington.edu/dittrich/papers/krsul-phd-thesis.pshttp://www.annoyances.org/exec/forum/winxp/r1017256194http://www.annoyances.org/exec/forum/winxp/r1017256194http://www.washington.edu/computing/software/uwick/contents.html -
8/8/2019 ID DD URLS
14/14
o Secure FTP transfers via Secure Shell Tunnelling (Using Teraterm for
Windows and WS_FTP as an example)
o Secure Routine Windows to UNIX Web updating using tunnelling via
Teraterm and Rsync
o Installing ssh and rsync on a Windows machine
o TTSSH: An SSH Extension to Teratermo Windows NT Utilitiesby Gordon Chaffee (includes Windows 95/NT
ssh/scp port)
o NT Systems and Services, Stanford University
o A *REAL* NT Rootkit, patching the NT Kernel, Phrack Magazine, Issue
55, Article 5
o NT Objectives was mentioned in a DEFCON talk on forensics. They
produce a free toolkit (that let's you do the same thing as find does for free
on Unix!)
o NetBus
o Back Orifice
o Microsoft Security Advisoro NSA Guidelines for Securing Windows NT Networks (see also other
Trusted Information Systems research and papers)
o Just what is SMB?, by Richard Sharpe
o "Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP)"
by B. Schneier and P. Mudge [Microsoft's response]
o The new Unix alters NT's orbit - NC World - April 1998
o NT Security - Frequently Asked Questions
o Known NT exploits
o NTBugTraq email list
Mac and Mac Security
o Mac OS X 10.1/X.2 noteso Mac OS X Hints
o Freshmeat OS X section
o Macintosh Security Site
Javao Reliable Software Technology'sThe Java Security Hotlist
o A list ofSchools teaching Javafrom a recent JavaWorldarticle
o A proposed Java Coding Standard by Doug Lea
o My JavaOne Conference trip report
o Sun'sJavaWorld emagazine
o JavaWorld's Java Jumps page
o Brewing Java: A Tutorial
** With sincere thanks and full attribution to Professor David Dittrich , University ofWashington, Seattle Washington for the original unedited list an outstanding Job!
http://www.ccp14.ac.uk/ccp14admin/security/secure_tunnelling_ftp.htmhttp://www.ccp14.ac.uk/ccp14admin/security/secure_tunnelling_ftp.htmhttp://www.ccp14.ac.uk/ccp14admin/security/secure_routine_web_update_rsync.htmlhttp://www.ccp14.ac.uk/ccp14admin/security/secure_routine_web_update_rsync.htmlhttp://www.ccp14.ac.uk/ccp14admin/security/secure_routine_web_update_rsync.htmlhttp://optics.ph.unimelb.edu.au/help/rsync/http://www.zip.com.au/~roca/ttsshdoc.htmlhttp://bmrc.berkeley.edu/people/chaffee/winntutil.htmlhttp://www-nt.stanford.edu/http://www.phrack.com/search.phtml?view&article=p55-5http://www.ntobjectives.com/http://www.ntobjectives.com/prod03.htmhttp://www.netbus.com/http://www.cultdeadcow.com/tools/http://www.microsoft.com/security/http://www.trustedsystems.com/NSAGuide.htmhttp://www.trustedsystems.com/Research.htmhttp://samba.anu.edu.au/cifs/docs/what-is-smb.htmlhttp://www.counterpane.com/pptp.htmlhttp://www.microsoft.com/communications/pptpfinal.htmhttp://www.ncworldmag.com/ncw-04-1998/ncw-04-nextten.html?rhhttp://www.it.kth.se/~rom/ntsec.htmlhttp://www.emf.net/~ddonahue/NThacks/ntexploits.htmhttp://www.ntbugtraq.com/http://peter.nyc.ny.us/docs/macosx.htmlhttp://www.macosxhints.com/http://osx.freshmeat.net/http://www.securemac.com/http://www.rstcorp.com/javasecurity/links.htmlhttp://www.rstcorp.com/javasecurity/links.htmlhttp://www.javaworld.com/javaworld/jw-01-1997/jw-01-education.html#LISThttp://www.javaworld.com/javaworld/jw-01-1997/jw-01-education.html#LISThttp://www.javaworld.com/http://www.javaworld.com/http://g.oswego.edu/dl/html/javaCodingStd.htmlhttp://staff.washington.edu/dittrich/misc/javaone/http://www.javaworld.com/http://www.javaworld.com/http://www.javaworld.com/javaworld/common/jw-jumps.htmlhttp://sunsite.unc.edu/javafaq/javatutorial.htmlhttp://www.ccp14.ac.uk/ccp14admin/security/secure_tunnelling_ftp.htmhttp://www.ccp14.ac.uk/ccp14admin/security/secure_tunnelling_ftp.htmhttp://www.ccp14.ac.uk/ccp14admin/security/secure_routine_web_update_rsync.htmlhttp://www.ccp14.ac.uk/ccp14admin/security/secure_routine_web_update_rsync.htmlhttp://optics.ph.unimelb.edu.au/help/rsync/http://www.zip.com.au/~roca/ttsshdoc.htmlhttp://bmrc.berkeley.edu/people/chaffee/winntutil.htmlhttp://www-nt.stanford.edu/http://www.phrack.com/search.phtml?view&article=p55-5http://www.ntobjectives.com/http://www.ntobjectives.com/prod03.htmhttp://www.netbus.com/http://www.cultdeadcow.com/tools/http://www.microsoft.com/security/http://www.trustedsystems.com/NSAGuide.htmhttp://www.trustedsystems.com/Research.htmhttp://samba.anu.edu.au/cifs/docs/what-is-smb.htmlhttp://www.counterpane.com/pptp.htmlhttp://www.microsoft.com/communications/pptpfinal.htmhttp://www.ncworldmag.com/ncw-04-1998/ncw-04-nextten.html?rhhttp://www.it.kth.se/~rom/ntsec.htmlhttp://www.emf.net/~ddonahue/NThacks/ntexploits.htmhttp://www.ntbugtraq.com/http://peter.nyc.ny.us/docs/macosx.htmlhttp://www.macosxhints.com/http://osx.freshmeat.net/http://www.securemac.com/http://www.rstcorp.com/javasecurity/links.htmlhttp://www.javaworld.com/javaworld/jw-01-1997/jw-01-education.html#LISThttp://www.javaworld.com/http://g.oswego.edu/dl/html/javaCodingStd.htmlhttp://staff.washington.edu/dittrich/misc/javaone/http://www.javaworld.com/http://www.javaworld.com/javaworld/common/jw-jumps.htmlhttp://sunsite.unc.edu/javafaq/javatutorial.html