Michal Zalewski is a security researcher who has worked on topics ranging from hardware and OS design principles to networking. He has published research on many security topics and has worked for the past eight years in the InfoSec field for a number of reputable companies, including two major telecommunications firms.
Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacksby Michal Zalewski
- LendMe LendMe™ Learn More
Zalewski, a security researcher who's made a name for himself finding and resolving network security flaws, explains how computers and networks work, how information is processed and delivered, and what security threats lurk. His narrative explores the nuts and bolts of modern-day computing to disclose real and significant lapses in computer security that are not well known or, in some cases, even understood by experts. Of interest to security professionals, hackers, students, and technophiles who want to understand how computer security fits into the big picture. Annotation ©2005 Book News, Inc., Portland, OR
- No Starch Press San Francisco, CA
- Publication date:
- Sold by:
- Barnes & Noble
- NOOK Book
- File size:
- 8 MB
Meet the Author
Most Helpful Customer Reviews
See all customer reviews
Before I bought this book I had seen some of Zalewski's work: his museum of broken packets and his famous Mozilla Firefox vulnerability reports. Because of that, I suspected Zalewski's book would be worth reading. Well, It actually turned out to be much more than that. Silence on the wire is an awesome book, clearly targeted for security enthusiasts. In its 18 chapters, it shows many different (and often undetectable) ways in which an attacker can obtain useful information just by watching the way your systems behave. Did you know that in some cases it's possible to determine an attacker's system clock time that is port-scanning one of your boxes? Did you know that there are ways to identify decoys and spoofed packets? Or that you can recover the information being transmitted by a modem just by observing its LEDs? Reading the book you may find that your Ethernet card is leaking kernel-space information, that your system's pseudo-random-number-generator is not that random but totally predictable or that someone is remotely port-scanning your server while all you can see are incoming TCP SYN packets coming from a trusted box. Every chapter starts with an introduction, then discusses one or more attack vectors and finally gives some "food for thought", this is, ideas for further research or further paranoia. Sometimes those introductions are longer than they should but at the same time they provide the background required to understand what comes next. For every chapter, the book also includes a list of references to relevant papers, specifications or research projects. It is true that the book is 5 years old, but believe me, I didn't find a single line that was outdated. Hey, the book even talks about the recent Kaminsky's DNS vulnerability research and it was published 4 years before it became public! Its fair to say that some of the techniques explained in the book are difficult to use in real world situations but still, they will give you an idea of all the threats you are exposed to. Things can sometimes get scary... Honestly, I highly recommend this book for anyone that enjoys network security from a technical point of view, anyone that has to protect critical systems against skilled attackers, or anyone that is interested on knowing how much can someone know about a computer system just using passive and undetectable techniques. I think this is the most interesting security-related book I've read since Schneier's "Applied Cryptography".
Makes you ponder. 'Silence' is not a book about using the latest version of an IDS like Nessus, where you get tons of detail about all its abilities. Instead, Zalewski goes back to the basics of IP and TCP. Much of the book revolves around low level fields in the IP or TCP headers. And how different operating systems often have different policies about filling these fields. A Microsoft OS and a Unix OS would initialise a TTL with different values. So what? Well, a passive surveillance of traffic might give a reasonable guess as to the OS, based on observed TTLs coming from that machine. Other aspects also come under similar reductionist scrutiny. Some of you with a maths background might appreciate the book's analysis of the pseudo random number generators using in making sequence numbers. There are 3 dimensional plots of these outputs, which show very different shapes for different OSs. More importantly, most do not exhibit good randomness. Zalewski eloquently demonstrates these shortcomings.