Hack Attacks Revealed: A Complete Reference with Custom Security Hacking Toolkit


Beat hackers at their own game — The world of a hacker revealed by a corporate hack master
Hack Attacks Revealed
Take a technogothic journey inside the world of a hacker as seen by security expert John Chirillo. Drawing on his own experience as a hacking consultant for Fortune 1000 companies, Chirillo shows how hackers can exploit network security holes and how you can recognize an oncoming threat to your security. The book features details of ...
See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (25) from $1.99   
  • New (3) from $50.00   
  • Used (22) from $1.99   
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
Seller since 2015

Feedback rating:



New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Seller since 2015

Feedback rating:


Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Seller since 2008

Feedback rating:


Condition: New

Ships from: Chicago, IL

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Sort by
Sending request ...


Beat hackers at their own game — The world of a hacker revealed by a corporate hack master
Hack Attacks Revealed
Take a technogothic journey inside the world of a hacker as seen by security expert John Chirillo. Drawing on his own experience as a hacking consultant for Fortune 1000 companies, Chirillo shows how hackers can exploit network security holes and how you can recognize an oncoming threat to your security. The book features details of the powerful Tiger Box(r) system, used by hackers to penetrate vulnerable networks, and teaches you how to use that same tool to your advantage.
In this highly provocative work, you'll discover:

* The hacker's perspective on networking protocols and communication technologies
* A complete hacker's technology handbook, illustrating techniques used by hackers, crackers, phreaks, and cyberpunks
* Information discovery and scanning tools for hacking into known and unknown ports and service vulnerabilities
* Detailed instructions for customizing the Tiger Box for your needs and using it to search hack attacks
Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
"I'm going to make a virtuous hacker guru out of you."

That's how John Chirillo begins his "challenging technogothic journey," Hack Attacks Revealed. And whoever "you" are -- sysadmin, internetworking engineer, or hacker (disaffected or otherwise), you'll find that Chirillo is selling authentic goods. (He's been hired by many Fortune 1000 companies to break into their networks.) This book offers a systematic tour of network vulnerabilities, hacking tools and techniques, and a whole lot more.

Be warned: "This book is sold for information purposes only. Without written consent from the target company, most of these procedures are illegal in the United States and many other countries as well. Neither the author nor the publisher will be held accountable for the use and misuse of the information contained in this book."

Whew. Now that we've got that out of the way, let's see what's really in here...

The first section of Hack Attacks Revealed reintroduces each of today's communications protocols from a hacker's point of view. For example, it's one thing to know that when IP datagrams traveling in frames cross networks with different size limits, the routers must sometimes fragment the datagrams. It's another to recognize that this introduces a potential vulnerability to both passive and intrusive attacks. It's one thing to know that Address Resolution Protocol (ARP) broadcasts packets to all the hosts attached to a physical network, which store this information for later use; it's another to recognize that this represents an opportunity for a spoofing attack.

In Part II, Chirillo moves on to the communications media that tie workstations into LANs, LANs into WANs, and WANs into internets -- Ethernet, Token Ring, FDDI, ISDN, xDSL, point-to-point links, and frame relay. Then, it's on to start attacking the most vulnerable of those 65,000 ports into your computer.

Chirillo starts with Port 7, echo, explaining echo overloads, Ping of Death attacks, and Ping flooding, which takes advantage of a computer's responsiveness by bombarding it with pings or ICMP echo requests. There's Port 19, chargen, vulnerable to a telnet connection that generates a string of characters with output redirected to a telnet connection. There's Port 53, domain, which leads to a discussion of how DNS caching servers can be spoofed, forwarding visitors to the wrong location.

And so it continues, through more than 50 vulnerable TCP and UDP ports, all the way up to Port 540, uucp, Port 543, klogin, and beyond. Chirillo exposes a veritable who's who of viruses, worms, and trojans: Executor, Cain & Abel, Satanz Backdoor, ServeU, ShadowPhyre, SubSeven Apocalypse, Voodoo Doll, Portal of Doom...

Next, you're introduced to scanning: IP, port, and service site scans, tools, and techniques -- including techniques that can penetrate or "stealth" their way past firewalls (a comforting thought).

There's detailed coverage of mail bombing, spamming, and spoofing; web page hacking, and vulnerabilities of specific *nix and Windows operating systems, as well as internetworking hardware (Cisco, 3Com, et al.). You'll find tons of useful charts (from common ports to Ethernet frame formats). There's even an introductory guide to the lingua franca of hacking, the C programming language.

The accompanying CD-ROM contains an extensive collection of security and hacking software, plus TigerSuite -- all you need to uncover, scan, penetrate, expose, control, spy, flood, spoof, sniff, infect, report, monitor, and generally prevent (or perform) all manner of havoc. We hope you'll use the software -- and the book -- for good, not evil. (Bill Camarda)

Bill Camarda is a consultant and writer with nearly 20 years' experience in helping technology companies deploy and market advanced software, computing, and networking products and services. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

An internetworking engineer with an Illinois technology management company, Chirillo details how network hacking can exploit network security holes, and how to recognize an oncoming threat to security. He also describes the Tiger Box system used by hackers to penetrate vulnerable networks, and how to use the same tool<-->provided on the disk<-->to protect against them. Annotation c. Book News, Inc., Portland, OR (booknews.com)
Read More Show Less

Product Details

  • ISBN-13: 9780471416241
  • Publisher: Wiley
  • Publication date: 4/16/2001
  • Edition description: BK&CD-ROM
  • Edition number: 1
  • Pages: 960
  • Product dimensions: 7.48 (w) x 9.22 (h) x 2.13 (d)

Meet the Author

John Chirillo (Itasca, IL) is Senior Internetworking Engineer at ValCom, a tech-nology management company. John holds an impressive number of professional certifications. Performing award-winning security audits, he has been given permis-sion to break into many Fortune 1000 company networks to evaluate their security policies and then prevent outside attacks. He is a frequent speaker at conferences like Comdex, participates in IETF security work, and trains Microsoft and Cisco certification candidates.
Read More Show Less

Read an Excerpt

An increasing number of users on private networks are demanding access toInternet services such as the World Wide Web, email, telnet and File Transfer Protocol (FTP). Corporations want to offer Internet home pages and FTP servers for public access via the Internet. As the online world continues to expand, so too do concerns about security. Network administrators and managers worry about exposing their their organizations' confidential and or proprietary data, as well as their networking infrastructures, to the growing number and variety of Internet hackers, crackers, cyberpunks, and phreaks. In short, online security has become one of the primary concerns when an organization develops a private network for introduction to the Internet. To provide the required level of protection, an organization needs more than just a robust security policy to prevent unauthorized access; its managers need a complete and thorough understanding of all the elements involved in erecting solid fortification against hack attacks. And even those organizations not connected to the Internet need to establish internal security measures if they are to successfully manage user access to their networks, and protect sensitive or confidential information.

Hack Attacks Denied: A Complete Guide to Network Lockdown addresses all those concerns, and defines the procedures required to successfully protect networks and systems against security threats. By introducing a phased approach, which correlates to my previous book, Hack Attacks Revealed, this volume outlines the security steps to take to formulate and implement an effective security policy.

To begin, readers are made aware of security dangers, by introducing secret tiger team routines, complete with examples and illustrations. The book is divided into four logical phases. Phase 1 covers system infrastructure engi-neering, explaining the processes essential to protect vulnerable ports and services. Phase 2 details how to protect against the secret vulnerability pene-trations itemized in Hack Attacks Revealed. Phase 3 introduces the necessary hack attack countermeasures to use on popular gateways, routers, Internet server daemons, operating systems, proxies, and firewalls. Phase 4 puts these security measures into perspective by compiling an effective security policy.

Who Should Read This Book

Hack Attacks Denied will enlighten anyone and everyone interested in or concerned about online security today, and lead to an understanding of how to best make their systems and networks as safe as they need to be.

More specifically, however, Hack Attacks Denied was written for these audiences:

  • The home or small home office (SOHO) Internet Enthusiast, whose web browsing includes secure online ordering, filling out forms, and/or transferring files, data, and information
  • The network engineer, whose world revolves and around security
  • The security engineer, whose intent is to become a security prodigy
  • The hacker, cracker, and phreak, who will find this book both educational and entertaining
  • The nontechnical manager, whose job may depend on the information herein
  • The hacking enthusiast and admirer of such films as Sneakers, The Matrix, and Hackers
  • The intelligent, curious teenager, whose destiny may become clear after reading these pages

About the Author

Now a renowned superhacker who works on award-winning projects, assisting security managers everywhere, John Chirillo began his computer career at 12, when after a one-year self-taught education in computers, he wrote a game called Dragon's Tomb. Following its publication, thousands of copies were sold to the Color Computer System market. During the next five years, John wrote several other software packages including, The Lost Treasure (a game-writing tutorial), Multimanger (an accounting, inventory, and financial man-agement software suite), Sorcery (an RPG adventure), PC Notes (GUI used to teach math, from algebra to calculus), Falcon's Quest I and II (a graphical, Diction-intensive adventure), and Genius (a complete Windows-based point-and-click operating system), among others. John went on to become certified in numerous programming languages, including QuickBasic, VB, C++, Pascal, Assembler and Java. John later developed the PC Optimization Kit (increasing speeds up to 200 percent of standard Intel 486 chips).

John was equally successful in school. He received scholarships including one to Illinois Benedictine University. After running two businesses, Software Now and Geniusware, John became a consultant, specializing in security and analysis, to prestigious companies, where he performed security analyses, sniffer analyses, LAN/WAN design, implementation, and troubleshooting. During this period, John acquired numerous internetworking certifications, including Cisco's CCNA, CCDA, CCNP, pending CCIE, Intel Certified Solutions Consultant, Compaq ASE Enterprise Storage, and Master UNIX, among others. He is currently a Senior Internetworking Engineer at a technology management company.

Read More Show Less

Table of Contents

A Note to the Reader.
Understanding Communication Protocols.
NetWare and NetBIOS Technology.
Understanding Communication Mediums.
Intuitive Intermission: A Little Terminology.
Well-Known Ports and Their Services.
Discovery and Scanning Techniques.
Intuitive Intermission: A Hacker's Genesis.
The Hacker's Technology Handbook.
Hacker Coding Fundamentals.
Port, Socket, and Service Vulnerability Penetrations.
Intuitive Intermission: A Hacker's Vacation.
Gateways and Routers and Internet Server Daemons.
Operating Systems.
Proxies and Firewalls.
Intuitive Intermission: The Evolution of a Hacker.
TigerSuite: The Complete Internetworking Security Toolbox.
Appendix A: IP Reference Table and Subnetting Charts.
Appendix B: Well-Known Ports and Services.
Appendix C: All-Inclusive Ports and Services.
Appendix D: Detrimental Ports and Services.
Appendix E: What's on the CD.
Appendix F: Most Common Viruses.
Appendix G: Vendor Codes.
Read More Show Less

Interviews & Essays

Author Essay
If You Think You're Safe, You're Probably Not

This just in -- the fighting between Palestinians and Israelis has spread to cyberspace. Extremists are defacing web sites, penetrating systems, and using viruses and Trojan horses to try to disrupt each other's communications. At the same time, cyber-activists coordinate efforts to disrupt the operations of corporate web and e-commerce sites to drive down company stock prices. It turns out that the Internet -- inexpensive, open and accessible at any time from anywhere -- is an ideal tool for terrorists. Statistically, hackers and radicals vandalized and defaced more than 5,800 web pages last year, up from about 3,800 in 1999 -- but the real damage may be hiding in the shadows. Government and industry security experts are expressing concern that hackers may have already left behind malicious code that's capable of turning unsuspecting systems into time bombs for future denial-of-service (DOS) attacks. Right on the money, these bombs happened to be a key part of the DOS attacks against popular sites back in February, including those of CNN, Yahoo, and eBay.

What's more, the most recent build of millennium Trojan variations contain undocumented features that can indeed be used to ping the living hell out of web servers, from numerous infected clients simultaneously. In addition to the malicious disruption, these attacks involve the unlawful intrusion into thousands of computers worldwide, which are also used to steal user passwords, credit card numbers, and financial data. Furthermore, web surfers can unintentionally download malicious programs that can make the most threatening virus seem harmless -- these programs are designed to allow a remote attacker the ability to secretly control network servers or personal computers. Hackers can collect passwords, access accounts (including email), modify documents, share hard drive volumes, record keystrokes, capture screen shots, and even listen to conversations from computer microphones. The number of victims in these types of cases can be tremendous, and the collective loss and cost for law enforcement (such as the FBI) to respond to these kinds of attacks can run into the tens of millions of dollars or more.

But many in the industry frankly question the FBI's competence and fear the publicity that may ensue from a high-profile agency investigation. They prefer to hire their own investigators and handle their own real-time security -- even though today's technology tools cannot always ensure network safety from computer hackers. For instance, to gather underground information, a 35-person security company devotes as many as 20 staff members to eavesdrop on Internet chat groups and monitor web sites where hackers and computer virus writers are known to congregate. It also employs automated searching tools, called spiders, to search the Internet for keywords that might lead to new sources of vulnerabilities. Meanwhile, during hack attack aftereffects, "FBI management still doesn't get it," said Jim Settle, a Springfield, Virginia, security consultant and former chief of the FBI's national computer crime program. "They keep turning over their management and putting people in that have little or no background. Do I have a lot of confidence that they will find the people who did this? No."

With the growth of the Internet and continued advances in technology, these intrusions are becoming increasingly prevalent. External threats are a real-world problem for anyone with connectivity. Competitors, spies, disgruntled employees, bored teens, and hackers more frequently invade others' computers to steal information, sabotage careers, and just to make trouble.

Together, the Internet and the World Wide Web have opened a new backdoor through which a remote attacker can invade home computers or company networks and electronically snoop through the data therein. By simply browsing the Internet, wherever you go and whatever you do, almost anyone can track your movements while collecting personal information about you -- right from your web browser. Without revealing these hack attacks and the security measures to deny them, we are faced with the disquieting realization that, if you think you're safe, you're probably not... (John Chirillo)

John Chirillo is a leading information security consultant who has worked for a wide range of prestigious companies, performing tasks ranging from security analysis to WAN design. He holds multiple Cisco, Compaq, Intel, UNIX, and programming certifications, has created and published advanced game software, and has launched and run two companies.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 7 Customer Reviews
  • Anonymous

    Posted August 8, 2001


    Detailed instruction on testing your network before a hacker tests it for you. A comprehensive education in network security.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted July 13, 2001

    If your system is not buried underground...

    I found this book to be among the best choices for security hacking. For the veterans, it's an excellent reference-from the compilations and coding grounds, to the vulnerability listing that covers ALL ports & services. The CD has a repository of 15,000 security & underground links and tigersuite is useful too-nothing new there, but a collection of ip tools and penetrations from a single interface that requires very little resources. Normally I wouldn't waste my time, but this book deserves recognition. Slashdot says it best 'If you have a computer that's not locked underground, disconnected from any network, and powered down, it probably has some of the security holes described in this book.' 'A healthy dose of paranoia comes in handy sometimes -- and anyone with a broadband connection of any kind has reason to double the dose. And Yes, this book denies the existence of neither *NIX nor Windows systems.'

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted May 9, 2001

    Excellent Network Security Reference

    John was written an excellent set of books. The organization and content lend to a superior training manual for the security consultant. I was very impressed with the chapters concerning specific breaches and source code examples. Mr. Chirillo should be applauded for the completeness of his work. While new exploits appear on a daily basis, John has given the reader sufficient links to online resources to remain current. My firm is requiring that Mr. Chirillo's books be read by all persons who will be performing any security work for our clients. I look forward to any further publications from John.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted April 4, 2001

    Excellent for methodology, penetration, and analysis

    These books are great for hackers, administrators, and users. When it comes to security and hacking, they teach everything you need to know about the basics to the advanced. Even though you may already know something of the subjects, you will find out things that will amaze you. These books provide excellent methodologies about hacking and teach how it is more important to understand the way hackers think, then to rely on incomplete security tools. They provide great resources on researching, OS vulnerabilities, network security, internet user security, home pc and network security software, and more.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted April 19, 2001

    Hack Attacks Revealed: A Complete Reference with Custom Security Hacking Toolkit

    A long awaited provocative look on Security & Hacking within corporate networks and home computers. Makes excellent read both for the simple and technical minds.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted April 19, 2001

    Hack Attacks Revealed: A Complete Reference with Custom Security Hacking Toolkit

    In Hack Attacks Revealed and Hack Attacks Denied, John Chirillo has produced nothing less than a tour de force in the field of networking and network security. I had the priviledge of working with the author and both of these remarkable books before publication. When I first started reading Hack Attacks Revealed, I was fascinated with the material presented; by the time I finished, I realized that it was more than fascinating stuff--it was a chilling reminder of our vulnerability. If you--like me--are interested in all things technical, you will find these books a wonderful treasure box of information. If you are an Information Systems professional, and hope for continued employment in your chosen field--you NEED these books.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted April 4, 2001

    Hack Attacks Revealed Early Review

    The information contained in Hack Attacks Revealed is an eye opening look at how vulnerable companies are. By delving into the world of the hacker, it provides a unique view of what makes hackers tick, and ultimately how to better protect against them. This information along with the tools provided, make this a must have in your library.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 7 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)