Zalewski’s book should be read by anyone interested in computer security. It presents a unique view of how a hacker’s mind works; how he or she puts together pieces of a puzzle; how innocent bits of information reveal valuable information when considered as a whole; and how unrelated technologies and protocol designs may be secure in an isolated environment, but can turn out to be a different ballgame altogether when they interact with each other.
As evident from the subtitle of the book, this work covers the area of passive reconnaissance and attacks. The book is organized into four sections, following the flow of information as it travels within a machine and onto the Internet. The first, “The Source,” describes passive attacks that can be mounted well before the information leaves the host machine. These include timing attacks, computational complexity attacks, and TEMPEST-like attacks, perpetrated by exploiting the ability to read information on display screens.
Section 2, “Safe Harbor,” elaborates upon threats that “lurk in between the computer and the Internet.” In this section, Zalewski dives into the interesting idea of gathering information (sometimes sensitive) about data residing on, or computation taking place in, a computer from “blinkenlights,” or activity light-emitting diodes like the ones on a normal desktop personal computer. What is impressive, and different from any other book on security, is that the author actually provides a design schematic, to build a simple circuit receiver to monitor the state-of-the-line printer interface. Then, using the example of the minimum packet length requirement of ethernet packets, Zalewski shows what can go wrong when a request for comment document that is trusted to provide clear protocol design instructions is vague about certain steps. In the next chapter, the author takes a look at the security implications of using a broadcast medium in ethernet local area networks (LANs), and the use of virtual LANS, trunking, and signal transfer points to mitigate the problems. He follows this discussion with notes on ways in which attacks can still be mounted against such security measures. In the last chapter in this section, the author offers his thoughts on information disclosure from protocols like simple network management protocol, and technologies like roaming profiles and domain controllers, and touches on the vulnerabilities introduced by Wi-Fi.
“Out in the Wild,” the longest section of the book, tackles issues that crop up when data leaves the local network and goes out onto the Internet. After giving a good overview of Internet protocol (IP), user datagram protocol, and transmission control protocol headers, the author discusses the process of passive fingerprinting using the data carried in these headers. Values of fields—like time to live (TTL), don’t fragment flag, IP-identifier number, type of service, and window size—provide reliable information about the operating system (OS) that is being run at the originating host, due mainly to the OS-specific implementation of these fields. IP fragmentation is the subject of heavy scrutiny, due to its flawed logic, and implementation on various OSs. After this discussion, the author provides clues on how to limit fingerprinting activities. In the next chapter, the author returns to the use of TTL and maximum segment size in fingerprinting, explaining how it can be used to map a complex network, and then goes into the details of using initial sequence numbers to guess which OS is powering the end host. A chapter on firewalls comes next. In this, the author presents an example of how various implementation characteristics help an adversary to identify the kind of firewall in place in a network. In the next chapter, Zalewski introduces port scanning, and the use of synchronization and reset packets to perform such scanning. He ends the chapter with some thoughts on preventing such attacks. The chapter that follows provides a fascinating example of how hypertext transfer protocol and content caching, working in tandem, prove to be an unintended outlet for user information. It is chapters like this that set the book apart from any other on the market.
The last section, “The Big Picture,” begins with an introduction to the intriguing topic of parasitic computing: the use of others’ machines to solve mathematical problems, and to store data without their knowledge or consent. The next chapter describes techniques used to map the Internet, and how such a map can be used in tracking down friends and foes. In the last chapter of the book, the author looks at how unwanted traffic that arrives at a machine, for example, during a worm outbreak, helps us to analyze what is going on on the network, and gather important clues on network attacks.
