- Shopping Bag ( 0 items )
Posted May 17, 2005
a reductionist scrutiny
Makes you ponder. 'Silence' is not a book about using the latest version of an IDS like Nessus, where you get tons of detail about all its abilities. Instead, Zalewski goes back to the basics of IP and TCP. Much of the book revolves around low level fields in the IP or TCP headers. And how different operating systems often have different policies about filling these fields. A Microsoft OS and a Unix OS would initialise a TTL with different values. So what? Well, a passive surveillance of traffic might give a reasonable guess as to the OS, based on observed TTLs coming from that machine. Other aspects also come under similar reductionist scrutiny. Some of you with a maths background might appreciate the book's analysis of the pseudo random number generators using in making sequence numbers. There are 3 dimensional plots of these outputs, which show very different shapes for different OSs. More importantly, most do not exhibit good randomness. Zalewski eloquently demonstrates these shortcomings.
1 out of 1 people found this review helpful.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.