Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Books Media Book Reviews

Aggressive Network Self-Defense 128

nazarijo (Jose Nazario) writes "Continuing in the new theme of fiction and technical how-to, Aggressive Network Self-Defense brings together several authors to provide a wide range of material. Syngress' niche in this space seems to be breaking new ground -- and for the most part, it works. While you don't get as in-depth a treatment as a typical technical book gives you, there is an added dimension: namely, a more realistic scenario of how these tools fit together in a real, live series of actions." Read on for the rest of Nazario's review.
Agressive Network Self-Defense
author Neil Archibald, Seth Fogie, Chris Hurley, Dan Kaminsky, Johnny Long, Haroon Meer, Bruce Potter, Roelof Temmingh, Neil R. Wyler, Timothy Mullen
pages 416
publisher Syngress
rating 8
reviewer Jose Nazario
ISBN 193183625
summary take your security into your own hands to identify, target, and nullify your adversaries

Not being a big fan of most fiction (I tend to prefer history), it's hard to say definitively good or bad things about the quality of the writing. What I can say is that it's infinitely less irritating, and far more realistic, than Neal Stephenson's Cryptonomicon or Gibson's Neuromancer. No over-the-top smearing of adjectives to describe the mundane, and no unrealistic sequences of events. Then again, there's no character development and no real story progression, so it's not great fiction.

As a series of hacker vignettes, the book works just fine, and very well for the purposes at hand. Basically, what the authors want you to get from the book is two-fold: First, they want you to debate the issues around "strike back" attack methodologies. Several of the authors are open advocates of what are legal grey areas and open moral questions in the field of network security. Secondly, they want you to see how it's done, what you do when you actually use a tool to achieve a goal. Most books that do this, like Hacking Exposed, cover far more tools, but they usually do so without showing you each tool's use in a real-world scenario.

I won't bore you with a lengthy, detailed overview of the first part of the book. Like I said, it's a series of part fiction, part tutorial series of short stories. In them, you'll see tools like Metasploit, virus creation, some nmap, sniffers, and keystroke loggers, all in action, being used as an operator would use them, and achieving real goals. This is more valuable than a basic manual, and the stories themselves act as a nice setting. While not great fiction writers, the authors are decent enough at the job, and they write the technical material clearly.

The second part of the book is interesting. It makes up about a fifth of the book in volume, but a lot more in technical weight. The book bills this section as "The technologies and concepts behind network strike-back," and that's an accurate summary. It's a series of four unique perspectives and technical chapters that complement the rest of the book quite well.

The first introduces ADAM, the "Active Defense Algorithm and Model," which develops a methodology for network administrators to actively defend their networks against attacks. It's quite interesting, and brings together a number of risk models in an uncommon take. The authors are academic researchers from the University of Idaho, so it's a lot more academic than the previous material in Aggressive Network Self-Defense, but it formalizes a lot of the thinking that was present in the writing of the stories and techniques.

The second is Tim Mullen's classic "Defending your right to defend." This is the original position paper shared by Mullen with the information security community in 2002 or so. Here, Mullen makes a compelling case for actually striking back at worm infected hosts. After all, the position holds, someone should do something about them to help clean up the Internet. While it's a position I disagreed with at the time and still do, Mullen's writing is articulate and an important read. It really helps you understand a lot of the thinking that went into the book itself.

Dan Kaminsky wrote the next chapter, "MD5 to be considered harmful someday." Largely considered to be a follow-on to Joux and Wang's one-way hash function research, what it shows is how practical such an attack can be. Kaminsky never fails to come up with interesting ideas he puts into practice, and he adds another level of depth to this book.

Finally, Aggressive Network Self-Defense ends with an interesting paper, "When the tables turn: Passive strike-back." Like any good paper, it has a clear and thoughtful motivation, and really demonstrates the principles at play, namely building network resources that don't simply lure the attacker in, they trip her up. There are so many ways to do this, the authors show us, and ultimately it's almost fun. A good way to end the book.

An over-arching concern with the book that I have is the question of ethics. Mullen, in the foreword, states that he hopes the book stirs a debate about the ethics of the actions in the book. However, the book itself falls short in this area. Instead, sometimes the characters get busted, and sometimes they don't, but just because they didn't get caught doesn't mean some ethical lines weren't crossed. All too often the authors leave the ethical debate up in the air. While I prefer this to overt preaching or questions, the style leaves me wondering if this goal was achieved.

So, where do I stand on Aggressive Network Self-Defense? In the end, I like it, more so than a book like Hacking Exposed or other "hacking how-to" types. The style of presentation doesn't lend itself all that well to exploring a very wide number of tools, but it does give you a deeper context to see how they assemble into something larger. For many people I expect it will be a page turner, and I think the format has some utility, as shown here.


You can purchase Aggressive Network Self-Defense from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
This discussion has been archived. No new comments can be posted.

Aggressive Network Self-Defense

Comments Filter:
  • by darth_MALL ( 657218 ) on Thursday April 14, 2005 @03:02PM (#12237738)
    Smith and Wesson.
    • by Effugas ( 2378 ) *
      At least with guns, you know who you're shooting.

      It's much harder with networks. All you really know is that someone sent a message to someone sent a message to someone, and you received something because of it. How do you attack back in such an environment?

      The best way is to prevent a counterattack from working against anyone who's innocent of attacking you in the first place. Embedding a counterattack in a TCP session started by your enemy is one approach; if the session was spoofed, your malicious r
      • by idontgno ( 624372 )
        At least with guns, you know who you're shooting.

        Oh, I don't know. Mere possession of a firearm doesn't give you IFF, x-ray low-light vision, or even basic good sight picture. If you want, you can blast away in the general direction of a perceived threat. In fact, aimed fire is pretty rare, even among law-enforcement professionals. [theppsc.org] And how many innocent cattle die each deer hunting season because "trained" hunters risk shots through cover at a barely-glimpsed "deer"? Hell, how many hunters are fired on und

        • >"trained" hunters risk shots through cover at a barely-glimpsed "deer"

          I hate to break this one to you, but NO "trained hunter" would take a shot at a target he couldn't identify.

          Your "guns and 'active network defense'" analogy only applies when you're talking about UNtrained gun owners and poorly programmed automatic network defense mechanisms.

          Properly trained gun owners are safer with their guns than you will ever be with your car, and an actual trained professional network administrator operating t
          • Oddly, I think we agree, except to the significance of what we're agreeing to. You cite training as if it were sufficient per se to prevent bad firearms handling. I believe that in many cases (probably not the majority, but a significant minority), safe hunter training fails to prevent stupid aiming choices.

            My point is that there are both enough both people with guns and enough people with the capacity to strike back on the network for whom no amount of training or good intentions can prevent from doing the

      • At least with guns, you know who you're shooting.

        Tell that to the relatives of Amadou Diallou, or the relatives of the victims of Bloody Sunday, or the relatives of the many civilians shot in Iraq by US/UK soldiers for no good reason (went past a checkpoint they didn't know was there/driving fast to get an family member to hospital/caught between US and Iraqi forces/etc).

        With guns, you know you're shooting at a person across the way. History shows that the shooter often doesn't know who the person is, c
  • by Timesprout ( 579035 ) on Thursday April 14, 2005 @03:02PM (#12237739)
    when you try to login and your network tells you

    "I know Kung Fu"
  • by ikewillis ( 586793 ) on Thursday April 14, 2005 @03:03PM (#12237754) Homepage
    ...and it's great there's a book covering it. There are so very many security related tools available today, and the real problem nowadays is that few of them integrate in any usable manner. NIDS should integrate with each other and generate more comprehensive, multiperspective data about suspicious looking traffic. Networks should autoadapt to block malicious traffic.
  • Agressive (Score:5, Funny)

    by tcopeland ( 32225 ) * <tom@th[ ]sleecopeland.com ['oma' in gap]> on Thursday April 14, 2005 @03:05PM (#12237781) Homepage
    My compliments on this conservation of the letter 'g'. But why the duplicate 's'?
    [tom@hal ~]$ ruby -e "puts 'Aggressive'.squeeze"
    Agresive
    [tom@hal ~]$
    That's better!
  • by BJZQ8 ( 644168 ) on Thursday April 14, 2005 @03:06PM (#12237806) Homepage Journal
    The only three programs you need to know.
  • by crottsma ( 859162 ) on Thursday April 14, 2005 @03:07PM (#12237822)
    While his proposed recommendations for network defense appear viable, nothing is more effective for protecting your computer than sucker-punching a random script-kiddy in the groin at a local LAN party.
  • ...he's got some nifty visualizations of the MD5 attacks on his site [doxpara.com]; scroll down a page or so to see this [doxpara.com] and other images...
  • by humankind ( 704050 ) on Thursday April 14, 2005 @03:11PM (#12237862) Journal
    One thing that really bothers me are things like this in my logs:

    Mar 2 22:42:37 inetd[32684]: refused connection from 210.29.1.3, service sshd (tcp)
    Mar 2 22:42:38 inetd[1534]: ssh from 210.29.1.3 exceeded counts/min (limit 1/min)
    Mar 2 22:43:09 last message repeated 38 times
    Mar 2 22:45:09 last message repeated 114 times
    Mar 2 22:55:10 last message repeated 644 times
    Mar 2 23:05:10 last message repeated 509 times

    I routinely run into foreign systems hitting my server at extraordinary rates. These seem to be bursts here and there, more looking to probe the system than DoS it but sometimes a DoS condition occurrs.

    I routinely to an IPWHOIS of these locales and send e-mail to the IP administrators, but some of the foreign ones are unresponsive. So what can you do?

    Are there any scripts out there that can automate the process of reporting system probes?

    Is there any recourse in taking aggressive counteraction against, for example, the hoards of chinese IPs that routinely probe and attack domestic hosts?
    • How about borrowing IBM's supercomputer and DoS the sh*t out of em? Do the whole government whil you're at it.
    • by bobintetley ( 643462 ) on Thursday April 14, 2005 @03:29PM (#12238046)

      Is there any recourse in taking aggressive counteraction against, for example, the hoards of chinese IPs that routinely probe and attack domestic hosts?

      No, but I find the simplest thing to do is lookup the netblocks/ips for addresses I will be connecting to my SSH/OpenVPN from (in my case, work and my mobile phone GPRS provider) and then crafting a couple of iptables rules to only allow those addresses to connect. I find this cures half of the far east trying to connect :-)

      • Comment removed based on user account deletion
      • In the event you are hosting services for the anonymous public you will unfortunately always have to deal with attempted intrusions. If you keep your system up to date and configure it with security in mind then there is nothing to really worry about.

        If you are concerned malicious activity and brute force attacks on you ssh service then simply use public key authentication to login, disable passwords and disable root login (login as user and su to root).

        I have found swatch to be an excellent log monitorin
        • I have taken your "disable root login" to the next level and created a dummy user account with no real privs, a difficult username, and a random password, from which I must su to a regular user, and then again to root. I feel much safer now.
    • Some of the larger ISP's will block entire countries subnets from ever reaching your firewall/router. You just have to get past the support desk to an engineer. I used to consult for a company that had all non-North American subnets filtered by their ISP.

      Not only did their Firewall logs quite down but the amount of Spam hitting their Exchange server dropped by a massive ammount.
      • Some of the larger ISP's will block entire countries subnets from ever reaching your firewall/router. You just have to get past the support desk to an engineer. I used to consult for a company that had all non-North American subnets filtered by their ISP.

        It's even better when you disconnect from the Internet and only use your local network. Firewall logs and spam traffic will immediately go to zero in most cases.

        SCNR

    • by Anonymous Coward
      You can use snort_inline to detect attacks like this and atumatically it places an iptables rules to block these subnets. You can also write a small script to be executed that mails the owner of the ip block along with blocking it.

    • Re: (Score:3, Informative)

      Comment removed based on user account deletion
      • Comment removed based on user account deletion
      • Thanks for the info... I've been looking at portsentry. Is there any sample info available for demonstrating how to integrate this into hosts.allow?

        One issue is that I've already mass-blocked most of the offending foreign IP space in hosts.allow, but this doesn't stop them from consuming inetd resources while probing. In some cases I have router access, and on other servers I don't, so I can't always count on using hardware firewalls.

        This is one reason why i ultimately think that the future of computer
    • First off, I wouldn't run SSH from inetd because of things like this.

      I use swatch to look for these SSH probes. Two rules seems to catch most of these: 1) looking for illegal users (such as test, which occurs most frequently) and 2) looking for root login password failures. If you need to allow root logins, I'd recommend requiring that auth be key-based with the poorly-worded without-password option for PermitRootLogin. Then, there would be no situation in which a legit SSH root login would trigger the rul
    • One way to help thin this sort of thing down a bit is to use a non-standard high port (above 1024) for your SSH daemon.

      This keeps the 5|<r1p7 |<1dd3z from being able to trivially find you SSH server.

      Ideally, you want to do this in combination with code that watches for a port-scan and adds a firewall rule to block the scanning address.

      Yes, this won't completely stop abuses of your SSH server - there's always a chance that somebody will stumble across it, so you should keep it up to date on security
    • They're automated probes and the ISP's don't care. You're not paying them.

      I get false SSH login attempts all the time even with a very threatening ssh banner. (untilI firewalled it off)
    • Add a rate limit to your incoming ssh syn connections and drop the ones that go over the rate limit. Also, remove password authentication and only allow rsa authentication. With these together, ssh attacks will disappear from your logs.

      For example:

      $IPTABLES -A tcp_packets -p TCP -s 0/0 -d $INET_IP --dport 22 -j allowed
      $IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
      $IPTABLES -A allowed -p TCP --syn -m limit --limit 3/minute --limit-burst 3 -j ACCEPT
      $IPTABLES -A allowed -p TCP -

    • I have had mild successes before by not attacking them, but just 'letting them know I'm watching'. Often addresses will be spoofed, so there is no point in retaliating by trying to break into or DoS the IP address you have.. but I have had long term probes stop several times by just running an nmap against the probing IP, or running a few ssh connection attempts..
  • Seems like this only verges on the edge of a how-to for network vigilantism - is there such a work?
  • by Anonymous Coward on Thursday April 14, 2005 @03:21PM (#12237966)
    7f2c83031b3e693a86e2b0cc25df7ef7
  • by Anonymous Coward
    Then again, there's no character development and no real story progression, so it's not great fiction.

    Character development is massively overrated in lit. I'm not sure if this refers to how fleshed out a character is or how much he changes during the course of the story but in either case it saddens me to think that some people think this is the point of fiction.
  • Don't you think that Digital Rottweiler would be a great name for an aggresive network security app?
  • by Anonymous Coward
    Hey thats kinda like my network...

    If someone attacks my network, it attacks them right back. You scaning my network ? then all my machines scans you right back. It also ddoses random webservers just for practice.
  • Excellent! (Score:3, Informative)

    by Grendel Drago ( 41496 ) on Thursday April 14, 2005 @03:30PM (#12238058) Homepage
    Excellent work, editors, fixing the title like that. The "we're a bunch of whores" referrer link is still misspelled, with only one copy of the oh-so-precious letter g.

    So close, and yet so far!

    --grendel drago
  • I'm going to implement spamd (the tarpit), that's about as proactive I am at going out of my way on offence with my network. Up till now it's all be defense. What else can I do from a FreeBSD server, or an OpenBSD pf firewall box?

    bo
    • Not hard to set up snort+iptables to automatically set up entries to DROP packets from probing hosts. Response is not instantaneous if you're just getting scanned quickly by random lusers from some backwoods Chinese technical college (probably their idea of a lab assignment). Of somewhat limited use for ports inside firewall, but a lot of firewalls these days have snort-like capabilities anyway.

      Port scans are part of the business. I don't care who scans me - only port 22, 80, and 443 are open, so what?
  • Author of ADAM (Score:5, Informative)

    by scaltagi_the_pirate ( 777620 ) on Thursday April 14, 2005 @03:36PM (#12238125) Homepage
    I am an author of ADAM (Ch 9) in the book, with Deb Frincke. I would like to point out that more information and resources on the topic of active defense and active response can be found at: http://www.activeresponse.org [activeresponse.org]
  • Ugh. (Score:1, Flamebait)

    by Sheepdot ( 211478 )
    What I can say is that it's infinitely less irritating, and far more realistic, than Neal Stephenson's Cryptonomicon or Gibson's Neuromancer.

    I always hear these two books mentioned when people talk about computers in science fiction(aside only from 2001:A Space Odessey).

    I have yet to read Cryptonomicon, so I cannot comment on that. I have, however, read Neuromancer.

    The book is utter crap. The main character is unbelievable, and acts contrary to what his own mind and desires would be. The other character
    • Most of Gibson is crap. If you want interesting, *thoughtful* computer-related SF, read Vinge. He invented virtual reality with his short story "True Names", and has been ahead of just about everyone else ever since.
      • Awesome, thanks! I was also told to read Snowcrash for good SF.
        • Yes, Stephenson kicks Gibson's ass.
          • http://interviews.slashdot.org/article.pl?sid=04/ 1 0/20/1518217&tid=192&tid=214&tid=126&tid=11

            4) Who would win? (Score:5, Funny) - by Call Me Black Cloud

            In a fight between you and William Gibson, who would win?

            Neal:

            You don't have to settle for mere idle speculation. Let me tell you how it came out on the three occasions when we did fight.

            The first time was a year or two after SNOW CRASH came out. I was doing a reading/signing at White Dwarf Books in Vancouver. Gibson stopped by to say
            • Ahhhh, thanks for the memories!

              I'll second the notion of Gibson is crap. I've read several of his books and they were boring, contrived and incoherent. Stephenson was riveting, intelligent and didn't cheat. I haven't read the Baroque Cycle yet, but Cryptonomicron was fantastic.

              I've only heard two complaints levied against Stephenson. One, that his endings can be abrupt. I would have loved for Snow Crash to go on for another 20 pages. Second, that he has a large number of characters, as he does in Cryptono
              • I LOVE Neuromancer, but I haven't been able to finish some of the others.

                I've dug everything Stephenson wrote except Big U - he was still learning. Some nice ideas, but a little too easy, somehow. I may not get through Baroque Cycle. The first was o.k., but didn't grab me nearly as much as Cryptonomicon. I was looking forward to it, too. Mmmm...5000 pages of stephenson...I think part of my problem was in placing stephensonisms in a historical context. When people acted a little post-modern in the 19
      • Most of Gibson is crap. If you want interesting, *thoughtful* computer-related SF, read Vinge.

        Thoughtful characterizes the man indeed- in his writing and his person. I've had the fortune to meet Vinge, and a dozen or so other prominent writers, at conventions and other events, and Vinge stands out in his demeanor and presence. When not speaking, or being spoken to, he rarely seems to make eye contact, but scribbles and scratches in his notes, furitively glancing around him. His voice is soft and ten

    • One cannot reasonably argue that an opinion is wrong. Opinions, as they say, are like assholes, everyone has one. As a William Gibson "fan boy" you could say that I don't share your view of Neuromancer. In my opinion Gibson is one of the best writers of this century.
      • And your username would indicate so. :)

        I just don't see what the hoopla is. I keep seeing Neuromancer mentioned in geek circles as if it's on the level of Foundation, Mote in God's Eye, Stranger in a Strange Land, and other Science Fiction novels. It's a REALLY bad story, but beautiful world and environment.

        I hope Gibson has improved since, but no part of me cares to read anymore of his work to find out.
        • Diversity of opinion is what makes the world interesting. So I respect the fact that you don't like Gibson.

          Obviously my take on things is different. In my opinion Stranger in a Strange Land is a work that would appeal only to teenagers. I liked Mote in God's Eye but I don't find it more than entertaining.

          In contrast there are parts of Neuromancer that fascinate me. The description of Tessier-Ashpool as a wasp like organism.

          Perhaps Neuromancer is a generational thing. My parents generation love

          • lol, I love "On the Road"! Well, I take that back cause I never read the whole thing. But his descriptions of events and travelogues in general fascinate me. It's the book that defines the beatniks, so your parents must have loved the free life that existed then.

    • Thank you for your concise and interesting review.

      Now fuck off.

      You're the moron who comes out of EVERY movie theater I've ever been in saying, loudly, so everyone in the lobby can hear, "Well, THAT SUCKED!"

      Nobody gives a shit what you think.

      Besides which, your review is crap because you obviously have no fucking clue what the story was about because you have no fucking clue why the characters did what they did.

      Take your no fucking clueless self elsewhere.

      • Actually I hate the people that talk loudly after watching the movie like they are arrogant too. But I keep seeing Neuromancer mentioned in geek circles as if it's on the level of Foundation, Mote in God's Eye, Stranger in a Strange Land, and other Science Fiction novels. It's a REALLY bad story. I hope Gibson has improved since, but no part of me cares to read anymore to find out.
  • I worked on the book. Anyone interested in checking out a chapter can go to http://www.syngress.com/catalog/?pid=3190 [syngress.com]
  • My checklist (Score:5, Interesting)

    by Sheepdot ( 211478 ) on Thursday April 14, 2005 @04:06PM (#12238478) Journal
    In order (somewhat):

    1. NMAP the offender.

    2. NSLookup, Whois, etc. I even go so far as to use GeoIP to get city, state, ISP, etc. Get email addresses to send to.

    3. Look for open proxies on the address in the case of SPAM. If so, just drop the search there.

    4. Nessus check for potential vulns that might have been exploited by common/known worms. Essentially, find how they were exploited, and if there is no known reason, assume they are malicious.

    5. Take necessary actions to blacklist or block the IP on the offending protocol, or in some rare cases, kill the IP altogether. (rarer cases, the subnet)

    6. Google. You'd be amazed at what I can do here. I put in the direct IP, I put in email addresses I've collected to find out where the person posts, etc. I get to know the individual, who they are, and further deduce if they are malicious. I used to even go so far as to imiate someone of the opposite sex their age and talk to them on their favorite IM and ask them if they are a h4x0r and can help me "get back at my brother, the bully at school, the girl that stole my boyfriend" etc. (never assume the gender of a /. poster)

    7. Email at a minimum 5 people, including Incident Response (https://forms.us-cert.gov/report/), the offending ISP, any emails off of the website of the IP in question, etc. Half the emails I CC just so that the individuals take the email seriously. Occasionally these will contain logs, IM logs, who the person is, what they do in their spare time, what forums they visit, their picture (if any) and etc. I do this from a TOR-accessed Hushmail account, so no one knows who the hell it is. One time I sent the email to the offender's mother. He sure thanked me with some profanities on that one (which were subsequently forwarded to his mother).

    There's ways of "attacking back" in such a way that script kiddies die out, but you have to totally overwhelm them with your sheer capability to outsmart them.

    Let's face it, we're all guilty of being lax in our network activity and leave IP trails on logs that Google indexes. It makes no sense to sit back and complain about script kiddies when it's quite obvious that we're unwilling to take them to task when they probe. The information is there, you just gotta do some digging and learn how to use Google's Advanced features. It's important to make your response to their actions overwhelming, so they are never tempted to turn back to random probing again.
    • Thats a good list of some active response actions, a potential taxonomy of actions to begin with is presented in my west point paper, here is the short version:

      No Action: A threat is detected, but no action is taken.

      Internal Notification: Using the organizational structure to notify the designated responder(s) of an active response situation.

      Internal Response: Applying active response actions within the domain over which the responder has authority (e.g. close a threat vector's associated port).
    • This brings us to an issue I've wondered about for a long, long time.

      Where are the detailed IP databases? Who is compiling them? (You know some intelligence and other agencies are surely generating these database, but are there any that are public other than the search engines?)

      Google would be great if you could put in an IP and get a list of all the things that IP searched on. Imagine the possibilities in tracking people down. Yes, a huge security issue, but you know it's being done. A few select co
  • Counter-argument (Score:2, Informative)

    by Slendro ( 105066 )
    I wrote an article back in 2002 ( http://www.securityfocus.com/guest/16531 [securityfocus.com]), which was published on SecurityFocus, in response to Mullen's initial SecurityFocus article.

    Not having read the book, I can't be sure, but according to the review there didn't seem to be much of a dissenting opinion in the book on the question of whether aggressive tactics are desirable (or effective).

    That's unfortunate, since as you'll see in my article, I think a good argument can be made that aggressive network defense is both
    • You might wish to read item 4 in your own article again, especially "disabling your opponent's attack" - if it is possible to remove the "weapon" from the attacker's "hand" (read "malware" and "computer"), is it wise to then return it to them?
    • I would strongly disagree, read ADAM in the book for a legally and ethically thorough argument for active response. To generally disregard active response is a mistake and shows that the topic is miscategorized to only include strike-back and hack-back methodologies. An argument can be made that aggressive tactics are ethically and legally questionable in certain situations - but not in ALL scenarios (e.g. air traffic control threats, national security/life/safety critical systems). Active response has a
    • No, what's unfortunate is that you didn't bother reading my strikeback white-paper before writing your SF piece... Just like you didn't bother reading any of the book before posting this response. My strikeback concept and code for the associated neutralizing agents were *never* self propagating or worm-like, yet you go out of your way to make it seem like they were... Not only is guidance offered, but a framework proposed that specifically addresses the questions of when, where, and how to strikeback, ye
      • Having reread your BH presentation, and read the white paper (which I, frankly, somehow didn't find at the time) I have to say: you're right and I'm wrong! I do have a caveat, but first: some public self-flagellation.

        I honestly don't recall how I could have missed the final few slides of your presentation, where you indeed answer the questions that I posed in my SF article, i.e. you set limits on what should be done. I have to say that my paper was way too harsh considering that fact.

        If it seemed like I
  • Can someone 'out there(As In - The US)' please get Syngress to "Force Replicate" this book to Local(As In - In~dia) Publishers cause i've read the sample chapter and boy, does it sound interesting... On a more serious note... Waiting for this book to hit the shelves in India (P.S. And if you're wondering, No, I'm not from Bangalore[If you know what I mean!])
    • I am the Publisher for Syngress. We are currently in negoatioations to have the book published in India. I will let you know as soon as soon as we have a deal in place and expected publication date.
      • Well, Thank you for that!!! I'm new to slashdot and the reason i posted here is because of the book review. I've read (and OWN!) both the 'Stealing the Network' books and have constantly visited my local bookstore to check for other Syngress titles, but mostly to no avail, and don't get me started on the local publishers website(BTW, I DID NOT say that!).

"Pok pok pok, P'kok!" -- Superchicken

Working...