- Shopping Bag ( 0 items )
From Barnes & NobleThe Barnes & Noble Review
"I'm going to make a virtuous hacker guru out of you."
That's how John Chirillo begins his "challenging technogothic journey," Hack Attacks Revealed. And whoever "you" are -- sysadmin, internetworking engineer, or hacker (disaffected or otherwise), you'll find that Chirillo is selling authentic goods. (He's been hired by many Fortune 1000 companies to break into their networks.) This book offers a systematic tour of network vulnerabilities, hacking tools and techniques, and a whole lot more.
Be warned: "This book is sold for information purposes only. Without written consent from the target company, most of these procedures are illegal in the United States and many other countries as well. Neither the author nor the publisher will be held accountable for the use and misuse of the information contained in this book."
Whew. Now that we've got that out of the way, let's see what's really in here...
The first section of Hack Attacks Revealed reintroduces each of today's communications protocols from a hacker's point of view. For example, it's one thing to know that when IP datagrams traveling in frames cross networks with different size limits, the routers must sometimes fragment the datagrams. It's another to recognize that this introduces a potential vulnerability to both passive and intrusive attacks. It's one thing to know that Address Resolution Protocol (ARP) broadcasts packets to all the hosts attached to a physical network, which store this information for later use; it's another to recognize that this represents an opportunity for a spoofing attack.
In Part II, Chirillo moves on to the communications media that tie workstations into LANs, LANs into WANs, and WANs into internets -- Ethernet, Token Ring, FDDI, ISDN, xDSL, point-to-point links, and frame relay. Then, it's on to start attacking the most vulnerable of those 65,000 ports into your computer.
Chirillo starts with Port 7, echo, explaining echo overloads, Ping of Death attacks, and Ping flooding, which takes advantage of a computer's responsiveness by bombarding it with pings or ICMP echo requests. There's Port 19, chargen, vulnerable to a telnet connection that generates a string of characters with output redirected to a telnet connection. There's Port 53, domain, which leads to a discussion of how DNS caching servers can be spoofed, forwarding visitors to the wrong location.
And so it continues, through more than 50 vulnerable TCP and UDP ports, all the way up to Port 540, uucp, Port 543, klogin, and beyond. Chirillo exposes a veritable who's who of viruses, worms, and trojans: Executor, Cain & Abel, Satanz Backdoor, ServeU, ShadowPhyre, SubSeven Apocalypse, Voodoo Doll, Portal of Doom...
Next, you're introduced to scanning: IP, port, and service site scans, tools, and techniques -- including techniques that can penetrate or "stealth" their way past firewalls (a comforting thought).
There's detailed coverage of mail bombing, spamming, and spoofing; web page hacking, and vulnerabilities of specific *nix and Windows operating systems, as well as internetworking hardware (Cisco, 3Com, et al.). You'll find tons of useful charts (from common ports to Ethernet frame formats). There's even an introductory guide to the lingua franca of hacking, the C programming language.
The accompanying CD-ROM contains an extensive collection of security and hacking software, plus TigerSuite -- all you need to uncover, scan, penetrate, expose, control, spy, flood, spoof, sniff, infect, report, monitor, and generally prevent (or perform) all manner of havoc. We hope you'll use the software -- and the book -- for good, not evil. (Bill Camarda)
Bill Camarda is a consultant and writer with nearly 20 years' experience in helping technology companies deploy and market advanced software, computing, and networking products and services. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.