Hack Attacks Revealed 34
| Hack Attacks Revealed | |
| author | John Chirillo |
| pages | 800 |
| publisher | Wiley, John & Sons |
| rating | 8.5 |
| reviewer | Bill Camarda |
| ISBN | 047141624X |
| summary | If you have a computer that's not locked underground, disconnected from any network, and powered down, it probably has some of the security holes described in this book. |
"I'm going to make a virtuous hacker guru out of you."
That's how John Chirillo begins his "challenging technogothic journey," Hack Attacks Revealed. And whoever "you" are -- sysadmin, internetworking engineer, or hacker (disaffected or otherwise), you'll find that Chirillo is selling authentic goods. (He's been hired by many Fortune 1000 companies to break into their networks.) This book offers a systematic tour of network vulnerabilities, hacking tools and techniques, and a whole lot more. Be warned: "This book is sold for information purposes only. Without written consent from the target company, most of these procedures are illegal in the United States and many other countries as well. Neither the author nor the publisher will be held accountable for the use and misuse of the information contained in this book."
Whew. Now that we've got that out of the way, let's see what's really in here...
The first section of Hack Attacks Revealed reintroduces each of today's communications protocols from a hacker's point of view. For example, it's one thing to know that when IP datagrams traveling in frames cross networks with different size limits, the routers must sometimes fragment the datagrams. It's another to recognize that this introduces a potential vulnerability to both passive and intrusive attacks. It's one thing to know that Address Resolution Protocol (ARP) broadcasts packets to all the hosts attached to a physical network, which store this information for later use; it's another to recognize that this represents an opportunity for a spoofing attack.
In Part II, Chirillo moves on to the communications media that tie workstations into LANs, LANs into WANs, and WANs into internets -- Ethernet, Token Ring, FDDI, ISDN, xDSL, point-to-point links, and frame relay. Then, it's on to start attacking the most vulnerable of those 65,000 ports into your computer.
Chirillo starts with Port 7, echo, explaining echo overloads, Ping of Death attacks, and Ping flooding, which takes advantage of a computer's responsiveness by bombarding it with pings or ICMP echo requests. There's Port 19, chargen, vulnerable to a telnet connection that generates a string of characters with output redirected to a telnet connection. There's Port 53, domain, which leads to a discussion of how DNS caching servers can be spoofed, forwarding visitors to the wrong location.
And so it continues, through more than 50 vulnerable TCP and UDP ports, all the way up to Port 540, uucp, Port 543, klogin, and beyond. Chirillo exposes a veritable who's who of viruses, worms, and trojans: Executor, Cain & Abel, Satanz Backdoor, ServeU, ShadowPhyre, SubSeven Apocalypse, Voodoo Doll, Portal of Doom...
Next, you're introduced to scanning: IP, port, and service site scans, tools, and techniques -- including techniques that can penetrate or "stealth" their way past firewalls (a comforting thought).
There's detailed coverage of mail bombing, spamming, and spoofing; web page hacking, and vulnerabilities of specific *nix and Windows operating systems, as well as internetworking hardware (Cisco, 3Com, et al.). You'll find tons of useful charts (from common ports to Ethernet frame formats). There's even an introductory guide to the lingua franca of hacking, the C programming language.
The accompanying CD-ROM contains an extensive collection of security and hacking software, plus TigerSuite -- all you need to uncover, scan, penetrate, expose, control, spy, flood, spoof, sniff, infect, report, monitor, and generally prevent (or perform) all manner of havoc. We hope you'll use the software -- and the book -- for good, not evil.
You can purchase this book at Fatbrain.
Gee Wiz (Score:1)
Lets run out and buy this today! Afterall, the author does security auditing for Fortune1000 companies. That means he's smart!*
#puke#
* There is a high rate of scamming in the security industry, wherein "auditors" will go in and scan, poke, prod, and bleed a network into shambles, dump the results into a tidy little report, and walk out with a cool $5,000 (or even up to $15,000). No answers. No solutions. No fixes. And certainly no security. Now where'd I put my ethics...
Re:Gee Wiz (Score:1)
$150-$200 an hour for experienced network consulting is not unreasonable. So consider that $5K a week's work. Not to mention shits and giggles for the average IT money pit.
(It's like the classic invoice:
Part: $1.00
Knowing how to fix problem: $99.00)
Re:Gee Wiz (Score:1)
drop it all into a "report", and walk away. they offer no solutions, no fixes, and no answers. we're not talking hourly here. we're talking per "project". as in the following invoice:
network study: $5,000
proof of exploit: $2,000
report: $1,000
finis
for the Hackers who didnt understand the review... (Score:3)
+H4T'5 H0W JOHN cHiRilLO 839In5 H1$ "cH4llenG1n9 t3ChN0g0+hIc JOuRn3Y," h4ck @TT4ckS ReV34L3D. 4Nd wh03V3r "YoU" 4Re -- 5Y5@dMiN, INtERNe+WorK1n9 eN9In3ER, 0r H4x0R (d154ffectEd 0R 0+H3rwI5E), y0U'Ll ph1ND tH@+ ChiRIlL0 i5 $Ell1N9 4U+HEN+1C 90od$. (h3'S 8eeN HireD by m4ny f0r+Un3 1000 cOMp@n1E5 tO 8r3@K iN+0 +HE1r nETwORK$.) th15 8O0k 0fF3R5 A $Y5+em4t1C TOUr Oph N3+W0rK VUlNer48iLITI3$, h4Ck1N9 t00l5 4ND t3chNiKW35, @Nd @ Wh0l3 loT mOR3. 8e WArned: "+hI5 80Ok I5 5OlD F0R Inph0RM@+10n PuRp05e5 oNLy. With0U+ wr1++3n coNSenT phroM t3H t4rg3+ C0Mp4nY, m05+ 0pH +h3$3 PR0cEdUr3$ 4rE IlLe9@l In The un1+ED 5t@+e$ @nD mAnY 0tH3R C0uNtr135 45 well. NE1+HeR t3H @UthoR nOr +3h pUBL1$heR w1Ll b3 HeLD @Cc0UN+abL3 FOr +hE u5E 4Nd MI$u53 0f +3h 1nF0rm@tiON c0n+41n3d 1n tH15 B00K."
WHEW. N0W Th4T We'V3 g0T tH4+ ouT OpH teH wAy, L3T'$ 533 Wh4+'S re4LLy 1n h3re...
Th3 pHIr5+ 53c+i0n 0pH h4Ck a++4ck$ r3ve@led R3in+r0Duc35 3@CH 0F +oD4Y'$ coMmUnic@+i0N$ pr0+0coLS FRoM 4 H4Ck3R'5 P01n+ 0pH Vi3W. pHOr eX@mPl3, 1+'5 0N3 +H1N9 tO knoW +h@+ wh3n Ip d@t4gR@m$ +R@veling 1n FR4Me$ cro5$ NE+WoRk$ with DiPHFeren+ 51zE l1mI+5, Teh rOuteR5 Mu5t $0M3T1ME5 PHR4gMent tH3 d@T4gR4ms. IT'5 @n0TH3r to R3C0GNIze TH4T +h1S IN+ROdUC3$ 4 Po+3nTi4L vuLN3r@bil1+y +0 B0Th P@5$1v3 @Nd 1n+RU$1vE 4tT4ck5. 1+'$ on3 THIN9 T0 knoW +h@T 4dDre55 r350lUt10n pr0toC0l (4rP) 8r0ADC4$+5 p4cKeT5 To 4lL TH3 H05+5 4Tt@ChED T0 4 PHY$1c4L Ne+wOrK, WHiCh 5+oR3 tHi5 InF0rM4+IoN pHOR L4+3R U$3; i+'5 @n0tH3r T0 Rec09N1z3 +h4+ th1$ rEpreSen+s @N 0pportUnI+Y PhOr @ Sp0Of1nG @+T@cK.
IN p@R+ 1I, cH1rilL0 M0VE5 0n T0 +eh C0MmUn1C4tiOn$ m3D14 +H@+ T1E W0RK5+4Ti0N$ 1N+o LaN5, L@n5 in+O waN$, @nd w4n$ 1nt0 1n+erne+5 -- 3Th3rNe+, tok3n R1n9, fDdi, 15Dn, XD$L, po1N+-+o-po1nt LinKS, 4nD fR@M3 rEl@Y. +h3n, it'5 ON +0 5t4r+ 4++@ck1N9 +Eh Mo5t VULN3r48LE 0f TH053 65,000 p0r+5 into y0Ur C0mput3R.
chir1LL0 $t4r+S W1TH p0Rt 7, 3Cho, EXPL@1NING Ech0 OV3RLo4D5, pin9 0Ph dea+h @++@ck5, @nD P1Ng fL0oD1nG, wHiCh T4K3S @DvAnTag3 Of 4 cOmpU+Er'5 RespON51veN355 bY bOm84RDing 1+ wI+h P1nG$ 0R 1cmp 3cH0 REkw35T$. tHERE'5 p0R+ 19, CHaRG3N, vUlNeR48Le +0 4 +3ln3t C0nnect1on +H4+ G3n3R4+eS 4 $trin9 of cHArAc+3RS WI+H oU+PUT R3dIR3c+ED +O 4 +3ln3+ C0NnECTiOn. +HErE'5 P0R+ 53, D0m41n, wh1ch L34D5 T0 4 d15CU5$Ion 0pH how DN$ C@cH1Ng $3Rv3R5 c@N 8e 5p0opH3D, Ph0rW4Rd1N9 VI5IT0r$ t0 +Eh Wr0ng LOC4TI0N.
4nD 5O 1t C0NTiNUE5, THR0uGh M0r3 th4n 50 VuLN3r48l3 +CP @nd UDp Por+5, 4lL +H3 W4y uP +0 por+ 540, UuCP, POr+ 543, KL09iN, @Nd bEYonD. chiR1lLo EXP0535 @ ver1+@ble wH0'$ Wh0 0f viRu$35, Worm5, @nD +R0j@n$: execuTor, c41n & 4B3L, $@T@Nz B4cKd00R, 53rVEU, 5h@d0WPhYre, 5U853vEn @P0c4lYp$e, VooDo0 D0LL, pOrt4l of dO0m...
N3Xt, YOU'rE 1N+R0DUcED TO 5C4nnin9: IP, P0R+, 4Nd 53rv1ce S1+3 sc4NS, tO0L5, @Nd tecHNiKWeS -- 1nCLUd1nG TEChNIKWE5 +H@T c4N p3NetR4+E or "sT3@l+h" tHe1R W4Y P45+ phIREw4lL5 (4 C0MPhoRTiNG tHOu9Ht).
+HER3'5 D3+41l3d C0veR@g3 OPH m41L B0Mb1N9, 5P4mM1NG, 4ND $P0ophIng; wE8 p4Ge h4cK1NG, @Nd vULneR481lIt1E$ 0Ph $p3C1F1C *NiX And w1ND0W$ opeR@T1n9 5Y$t3MS, 4s w3ll 45 1N+3RN3tW0Rk1N9 h4RDW4R3 (ci$co, 3COM, 3T 4l.). y0U'LL ph1nd t0n5 OF U53pHuL Ch4rT5 (PhR0m c0mMon p0R+5 To 3TH3Rn3+ fR@M3 F0Rm@T5). ThER3'5 eV3n 4n 1nTr0DuCtoRy 9U1d3 T0 th3 LINGu@ fr4NC4 0F h4CkinG, the C PRogR@mminG l@n9U@9E.
+h3 4CC0mp4Ny1n9 CD-Rom cON+@In$ 4n Ex+en5ive c0lL3CTioN 0f 53CUr1+y @Nd H@ck1ng 5OF+w4R3, plu5 +193rsUi+E -- ALl J00 ne3d +0 UNC0V3r, $cAn, PeN3trat3, eXPo5E, c0n+ROL, $Py, pHL00d, 5p00pH, 5nIphF, 1NPH3C+, rEp0Rt, M0nI+or, @nD g3NEr4Lly pRev3nt (0R pERF0Rm) 4LL m4nNEr 0ph H4vOc. W3 h0pE y0U'lL u53 +H3 $OFtw@r3 -- And tHE b00K -- PH0r 900d, no+ 3viL.
help wanted - editors familiar with English (Score:3)
Man, now THAT is useful commentary. Although what the old progressive rock band Yes have to do with it is another question altogether.
"Denies the existence.. of neither... nor... "
Are you trying to say it covers both Unix and Windows?
Try this: It covers both Unix and Windows.
Go ahead kids, mod me down... English wants to be free! (Of useless editors, that is.)
A colleague bought this... (Score:3)
Sorry, I can't recommend this book. I didn't, however, look at the TigerSuite CD... maybe that /is/ useful. Personally, I would recommend Hacking Exposed, 2nd Ed as a starters/reference guide, though to be any good at pen testing, you really need to have a natural inquisitiveness and back that up with private study and experimentation.
(Disclaimer, I pen. test for a living and got my copy of Hacking Exposed free direct from the authors... :)
buy it at bookpool for 39% off instead (Score:5)
He also wrote Hack Attacks Denied.
not an employee or investor, just a customer.
Re:Ping floods (Score:1)
echo 7/tcp
echo 7/udp
echo != ping. Perhaps before flaming you ought to actually get your facts straight in future. And yes, it _is_ port 7. Duh...
Plus, I subscribe to the noun 'hacker'. Crackers are things you put cheese on. Trying to get people to call hackers 'crackers' is like trying to reclaim your virginity or something..
No, the author *does* confuse the distinction (Score:1)
From page 773 - in his discussion of the absolutely hilariously inept TigerSuite package:
Ping Scanner: Recall that Ping sends a packet to a remote or local host, requesting an echo reply. If the echo is returned, the host is up, and at the very least, listening to TCP port 7; therefore, it may be vulnerable to a Ping flood.
The TigerSuite package, described by the author as "Designed using proprietary coding and technologies" is laughable. It is a Windows GUI wrapping around whois, nslookup, telnet, traceroute, ping, and a weak port scanner that doesn't even appear to support nmap style half-scans. There are a couple of what are termed "penetrators," that are little more than DOS flood attacks, and, in some cases, buffer overrun exploitation tools that work on old, fixed buffer overruns.
What is marginally useful in the book/cd is that there is a relatively wide assortment of script kiddy tools collected on the CD. These tools are not, for the most part, discussed in the book, but it is somewhat useful to have them around for experiments...
Re:Ping floods (Score:2)
Echo Service != ICMP (Score:1)
precious pennies (Score:5)
Well I have my own Cisco based [1 [antioffline.com] 2 [antioffline.com] 3 [antioffline.com]] information which sums up networking to a tee. Security Focus [securityfocus.com], Packet Storm [securify.com], SpyKing [spyking.com], and Cryptome [cryptome.org] all cover the other areas for information when I need it. Is it me or in the past 2 years did everyone jump on the "Hacker" bandwagon writing books on information that's already a point and click away? Not taking anything away from the book, but Information Security Management Handbook 2001 [amazon.com], Cisco's Routing TCP/IP, and other security books in my library [antioffline.com] have done me justice. Makes I guess a nice intro for newer users, but personally I don't like books with "Hacker" in them, they tend to be geared for those with little clues, and who are often too lazy or dumb to find information and study it on their own.
Re:Gee Wiz (Score:2)
the point here is that the problem never gets fixed. they run a port scanner, toy some exploits, drop it all into a "report", and walk away.
While this is true of some people, its not always the case .. I work, freelance, as a penetration tester - in my spare time.
I tend to get 200 pounds an hour, for the testing/analysis - and the report writing.
After the report is completed its presented to the management of the company that hired us - not by me .. I'm covered in piercings, and allergic to suits ;)
The most interesting part of the report for the hirers are the steps they can take to improve their network
A typical report is 25% info, and 75% recommendations, which range from tightening typical security, to updating their ancient, externally visible, copy of bind, etc.
Interesting, varied, work if you can get it - but it gives you a really scary feeling sometimes...
Steve
---
Hack Attacks Denied (Score:1)
From the "publisher's summary":
Once you've seen firsthand in Hack Attacks Revealed all the tools and techniques that hackers use to exploit network security loopholes, you're ready to learn specific methods for protecting all parts of the network against security breaches. Corporate hack master Chirillo shows readers how to develop a security policy that has high alert capability for incoming attacks and a turnkey prevention system to keep them out. Network professionals will find expert guidance on securing ports and services, intrusion detection mechanisms, gateways and routers, Tiger Team secrets, Internet server daemons, operating systems, proxies and firewalls, and more.
Re:buy it at bookpool for 39% off instead (Score:1)
http://www.tigertools.net/soon.htm
It might be cheaper, as no commission will be earned by the submitter.
Author's Page: More Links / System Requirements (Score:1)
http://www.tigertools.net/soon.htm [tigertools.net]
It might be cheaper, as no commission will be earned by the submitter.
Also, this page will tell you what platform requirements the Tiger Tools carry with them.
Cheers.
Ping floods (Score:3)
ICMP echo requests (as used by "ping") do not use port 7 - as the name implies, they are ICMP not UDP!
More importantly, while ping -f is not exactly a high-skill DoS attack, it works - and it does not "take advantage of a computer's responsiveness": it just floods your connection with junk. Even if you just ignore this traffic completely, it's too late: it floods your connection, blocking out legitimate traffic. This is exactly what happened to Steve Gibson at grc.com, as he describes here [grc.com].
Re:Ping floods (Score:3)
Exactly. Ping = ICMP echo. There are three different "echo" services, of which the most common is ping - which uses ICMP, which doesn't have port numbers!
Yes, you should...
No, normally it's ICMP, which doesn't even have port numbers. Duh...
Re:Ping floods (Score:1)
Re:Ping floods (Score:1)
Re:precious pennies (Score:3)
Its you.
But I agree that a big part of this is available on the web, although I can also understand that some people prefer the this information in written form and without having to find it themselves. Google "Hacking" and you get a ton of hits which can be quite hard to sift through to the interesting stuff.
Re:for the Hackers who didnt understand the review (Score:1)
Re:Gee Wiz (Score:2)
This is the same thing as all of those internet consultants who advised spending huge amounts if investment capital to make a name and run up the stock price of a IPO. Who then bail out when the company has not enough income flow to justify the existance of the company in the first place.
After all they made theirs. Not that I am all that surprised.
Check out the Vinny the Vampire [eplugz.com] comic strip
Re:for the Hackers who didnt understand the review (Score:4)
"Hello, World!"
Re:hmm (Score:1)
hmm (Score:3)
uh (Score:1)
hirillo exposes a veritable who's who of viruses, worms, and trojans: Executor, Cain & Abel, Satanz Backdoor, ServeU, ShadowPhyre, SubSeven Apocalypse, Voodoo Doll, Portal of Doom...
Re:Gee Wiz (Score:3)
So do I, but not in the computer field... ;)
I tend to get 200 pounds an hour, for the testing/analysis - and the report writing
Yikes! I try to avoid anything over 120 pounds, and I definitely don't write reports about it! Just a bragging session or two with the fella's ;)
And if you think I'm actually serious about all this, you need your head examined, and the wedgie pulled out of your bottom.
Re:precious pennies (Score:1)
So no one should write any factual books anymore because the information is out there somewhere?
Isn't much more efficient to have someone else cull through the 65,000 results found in 0.1 seconds, sorting the wheat from the chaff and organizing, summarizing, and presenting it all to you in a handy bound form?
good book (Score:1)
Re:No, the author *does* confuse the distinction (Score:1)
H@LD TH3 PH0N3!!!!!!!!!!!!!!! (Score:1)
Re:An example (Score:1)
Re:Ping floods (Score:1)