Silence on the Wire
A Field Guide to Passive Reconnaissance and Indirect Attacks
Published on 5. April 2005
312 pages
978-1-59327-093-3 (ISBN)
Description
Author Michal Zalewski has long been known and respected in the hacking and security communities for his intelligence, curiosity and creativity, and this book is truly unlike anything else out there. In Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, Zalewski shares his expertise and experience to explain how computers and networks work, how information is processed and delivered, and what security threats lurk in the shadows. No humdrum technical white paper or how-to manual for protecting one's network, this book is a fascinating narrative that explores a variety of unique, uncommon and often quite elegant security challenges that defy classification and eschew the traditional attacker-victim model.
More details
Other editions
Additional editions
Book
05/2005
1st Edition
No Starch Press
€40.50
Article exhausted; check different version
Person
Michal Zalewski is a security researcher who has worked on topics ranging from hardware and OS design principles to networking. He has published research on many security topics and has worked for the past eight years in the InfoSec field for a number of reputable companies, including two major telecommunications firms.
Content
- Intro
- Silence on the Wire
- Foreword
- Introduction
- A Few Words about Me
- About This Book
- I. The Source
- 1. I Can Hear You Typing
- The Need for Randomness
- Automated Random Number Generation
- The Security of Random Number Generators
- I/O Entropy: This Is Your Mouse Speaking
- Delivering Interrupts: A Practical Example
- One-Way Shortcut Functions
- The Importance of Being Pedantic
- Entropy Is a Terrible Thing to Waste
- Attack: The Implications of a Sudden Paradigm Shift
- A Closer Look at Input Timing Patterns
- Immediate Defense Tactics
- Hardware RNG: A Better Solution?
- Food for Thought
- Remote Timing Attacks
- Exploiting System Diagnostics
- Reproducible Unpredictability
- 2. Extra Efforts Never Go Unnoticed
- Boole's Heritage
- Toward the Universal Operator
- DeMorgan at Work
- Convenience Is a Necessity
- Embracing the Complexity
- Toward the Material World
- A Nonelectric Computer
- A Marginally More Popular Computer Design
- Logic Gates
- From Logic Operators to Calculations
- From Electronic Egg Timer to Computer
- Turing and Instruction Set Complexity
- Functionality, at Last
- Holy Grail: The Programmable Computer
- Advancement through Simplicity
- Split the Task
- Execution Stages
- The Lesser Memory
- Do More at Once: Pipelining
- The Big Problem with Pipelines
- Implications: Subtle Differences
- Using Timing Patterns to Reconstruct Data
- Bit by Bit . . .
- In Practice
- Early-Out Optimization
- Working Code-Do It Yourself
- Prevention
- Food for Thought
- 3. Ten Heads of the Hydra
- Revealing Emissions: TEMPEST in the TV
- Privacy, Limited
- Tracking the Source: "He Did It!"
- "Oops" Exposure: *_~1q'@@ . . . and the Password Is . . .
- 4. Working for the Common Good
- II. Safe Harbor
- 5. Blinkenlights
- The Art of Transmitting Data
- From Your Email to Loud Noises . . . Back and Forth
- The Day Today
- Sometimes, a Modem Is Just a Modem
- Collisions Under Control
- Behind the Scenes: Wiring Soup and How We Dealt with It
- Blinkenlights in Communications
- The Implications of Aesthetics
- Building Your Own Spy Gear . . .
- . . . And Using It with a Computer
- Preventing Blinkenlights Data Disclosure-and Why It Will Fail
- Food for Thought
- 6. Echoes of the Past
- Building the Tower of Babel
- The OSI Model
- The Missing Sentence
- Food for Thought
- 7. Secure in Switched Networks
- Some Theory
- Address Resolution and Switching
- Virtual Networks and Traffic Management
- Attacking the Architecture
- CAM and Traffic Interception
- Other Attack Scenarios: DTP, STP, Trunks
- Prevention of Attacks
- Food for Thought
- 8. Us versus Them
- Logical Blinkenlights and Their Unusual Application
- Show Me Your Typing, and I Will Tell You Who You Are
- The Unexpected Bits: Personal Data All Around
- Wi-Fi Vulnerabilities
- III. Out in the Wild
- 9. Foreign Accent
- The Language of the Internet
- Naive Routing
- Routing in the Real World
- The Address Space
- Fingerprints on the Envelope
- Internet Protocol
- Protocol Version
- The Header Length Field
- The Type of Service Field (Eight Bits)
- The Total Packet Length (16 Bits)
- The Source Address
- The Destination Address
- The Fourth Layer Protocol Identifier
- Time to Live (TTL)
- Flags and Offset Parameters
- Identification Number
- Checksum
- Beyond Internet Protocol
- User Datagram Protocol
- Introduction to Port Addressing
- UDP Header Summary
- Transmission Control Protocol Packets
- Control Flags: The TCP Handshake
- Other TCP Header Parameters
- TCP Options
- Internet Control Message Protocol Packets
- Enter Passive Fingerprinting
- Examining IP Packets: The Early Days
- Initial Time to Live (IP Layer)
- The Don't Fragment Flag (IP Layer)
- The IP ID Number (IP Layer)
- Type of Service (IP Layer)
- Nonzero Unused and Must Be Zero Fields (IP and TCP Layers)
- Source Port (TCP Layer)
- Window Size (TCP Layer)
- Urgent Pointer and Acknowledgment Number Values (TCP Layer)
- Options Order and Settings (TCP Layer)
- Window Scale (TCP Layer, Option)
- Maximum Segment Size (TCP Layer, Option)
- Time-Stamp Data (TCP Layer, Option)
- Other Passive Fingerprinting Venues
- Passive Fingerprinting in Practice
- Exploring Passive-Fingerprinting Applications
- Collecting Statistical Data and Incident Logging
- Content Optimization
- Policy Enforcement
- Poor Man's Security
- Security Testing and Preattack Assessment
- Customer Profiling and Privacy Invasion
- Espionage and Covert Reconnaissance
- Prevention of Fingerprinting
- Food for Thought: The Fatal Flaw of IP Fragmentation
- Breaking TCP into Fragments
- 10. Advanced Sheep-Counting Strategies
- Benefits and Liabilities of Traditional Passive Fingerprinting
- A Brief History of Sequence Numbers
- Getting More Out of Sequence Numbers
- Delayed Coordinates: Taking Pictures of Time Sequences
- Pretty Pictures: TCP/IP Stack Gallery
- Attacking with Attractors
- Back to System Fingerprinting
- ISNProber-Theory in Action
- Preventing Passive Analysis
- Food for Thought
- 11. In Recognition of Anomalies
- Packet Firewall Basics
- Stateless Filtering and Fragmentation
- Stateless Filtering and Out-of-Sync Traffic
- Stateful Packet Filters
- Packet Rewriting and NAT
- Lost in Translation
- The Consequences of Masquerading
- Segment Size Roulette
- Stateful Tracking and Unexpected Responses
- Reliability or Performance: The DF Bit Controversy
- Path MTU Discovery Failure Scenarios
- The Fight against PMTUD, and Its Fallout
- Food for Thought
- 12. Stack Data Leaks
- Kristjan's Server
- Surprising Findings
- Revelation: Phenomenon Reproduced
- Food for Thought
- 13. Smoke and Mirrors
- Abusing IP: Advanced Port Scanning
- Tree in the Forest: Hiding Yourself
- Idle Scanning
- Defense against Idle Scanning
- Food for Thought
- 14. Client Identification: Papers, Please!
- Camouflage
- Approaching the Problem
- Towards a Solution
- A (Very) Brief History of the Web
- A HyperText Transfer Protocol Primer
- Making HTTP Better
- Latency Reduction: A Nasty Kludge
- Content Caching
- Managing Sessions: Cookies
- When Cookies and Caches Mix
- Preventing the Cache Cookie Attack
- Uncovering Treasons
- A Trivial Case of Behavioral Analysis
- Giving Pretty Pictures Meaning
- Beyond the Engine . . .
- . . . And Beyond Identification
- Prevention
- Food for Thought
- 15. The Benefits of Being a Victim
- Defining Attacker Metrics
- Protecting Yourself: Observing Observations
- Food for Thought
- IV. The Big Picture
- 16. Parasitic Computing, or How Pennies Add Up
- Nibbling at the CPU
- Practical Considerations
- Parasitic Storage: The Early Days
- Making Parasitic Storage Feasible
- Applications, Social Considerations, and Defense
- Food for Thought
- 17. Topology of the Network
- Capturing the Moment
- Using Topology Data for Origin Identification
- Network Triangulation with Mesh-Type Topology Data
- Network Stress Analysis
- Food for Thought
- 18. Watching the Void
- Direct Observation Tactics
- Attack Fallout Traffic Analysis
- Detecting Malformed or Misdirected Data
- Food for Thought
- A. Closing Words
- B. Bibliographic Notes
- Chapter 1
- Chapter 2
- Chapter 3
- Chapter 5
- Chapter 6
- Chapter 7
- Chapter 8
- Chapter 9
- Chapter 10
- Chapter 11
- Chapter 13
- Chapter 14
- Chapter 15
- Chapter 16
- Chapter 17
- Chapter 18
- Index
- Updates
