Zalewski M. - Silence on the Wire. A Field Guide to Passive Reconnaissance and Indirect Attacks

Скачать

Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks

Год выпуска: 2005

Автор: Michal Zalewski

Издательство: No Starch Press

ISBN: 1593270461

Формат: CHM

Качество: OCR без ошибок

Количество страниц: 312

Описание: Written by a well-respected, well-known information security researcher, this fascinating narrative explores some unique, uncommon and often quite elegant security challenges that defy classification and eschew the traditional attacker-victim model.

Доп. информация: This is an unconventional book. It is not a compendium of problems or a guide to securing your systems. It begins with an attempt to follow the story of a piece of information, from the moment your hands touch the keyboard, all the way to the remote party on the other end of the wire. It covers the technology and its security implications, focusing on problems that cannot be qualified as bugs, with no attacker, no flaw to be analyzed and resolved, or no detectable attack (or at least not one that we can distinguish from legitimate activity). The goal of this book is to demonstrate that the only way to understand the Internet is to have the courage to go beyond the specifications or read between the lines.

contents

Код:

FOREWORD

by Solar Designer

INTRODUCTION

A Few Words about Me

About This Book

PART I: THE SOURCE

On the problems that surface long before one sends any information over the network

CHAPTER 1: I CAN HEAR YOU TYPING

Where we investigate how your keystrokes can be monitored from far, far away

The Need for Randomness

Automated Random Number Generation

The Security of Random Number Generators

I/O Entropy: This Is Your Mouse Speaking

Delivering Interrupts: A Practical Example

One-Way Shortcut Functions

The Importance of Being Pedantic

Entropy Is a Terrible Thing to Waste

Attack: The Implications of a Sudden Paradigm Shift

A Closer Look at Input Timing Patterns

Immediate Defense Tactics

Hardware RNG: A Better Solution?

Food for Thought

Remote Timing Attacks

Exploiting System Diagnostics

Reproducible Unpredictability

CHAPTER 2: EXTRA EFFORTS NEVER GO UNNOTICED

Where we learn how to build a wooden computer and how to obtain information from watching a real computer run

Boole's Heritage

Toward the Universal Operator

DeMorgan at Work

Convenience Is a Necessity

Embracing the Complexity

Toward the Material World

A Nonelectric Computer

A Marginally More Popular Computer Design

Logic Gates

From Logic Operators to Calculations

From Electronic Egg Timer to Computer

Turing and Instruction Set Complexity

Functionality, at Last

Holy Grail: The Programmable Computer

Advancement through Simplicity

Split the Task

Execution Stages

The Lesser Memory

Do More at Once: Pipelining

The Big Problem with Pipelines

Implications: Subtle Differences

Using Timing Patterns to Reconstruct Data

Bit by Bit...

In Practice

Early-Out Optimization

Working Code-Do It Yourself

Prevention

Food for Thought

CHAPTER 3: TEN HEADS OF THE HYDRA

Where we explore several other tempting scenarios that occur very early on in the process of communications

Revealing Emissions: TEMPEST in the TV

Privacy, Limited

Tracking the Source: "He Did It!"

"Oops" Exposure: *_~1q'@@... and the Password Is...

CHAPTER 4: WORKING FOR THE COMMON GOOD

Where a question of how the computer may determine the intent of its user is raised and left unanswered

PART II: SAFE HARBOR

On the threats that lurk in between the computer and the Internet

CHAPTER 5: BLINKENLIGHTS

Where we conclude that pretty can also be deadly, and we learn to read from LEDs

The Art of Transmitting Data

From Your Email to Loud Noises... Back and Forth

The Day Today

Sometimes, a Modem Is Just a Modem

Collisions Under Control

Behind the Scenes: Wiring Soup and How We Dealt with It

Blinkenlights in Communications

The Implications of Aesthetics

Building Your Own Spy Gear...

...And Using It with a Computer

Preventing Blinkenlights Data Disclosure-and Why It Will Fail

Food for Thought

CHAPTER 6: ECHOES OF THE PAST

Where, on the example of a curious Ethernet flaw, we learn that it is good to speak precisely

Building the Tower of Babel

The OSI Model

The Missing Sentence

Food for Thought

CHAPTER 7: SECURE IN SWITCHED NETWORKS

Or, why Ethernet LANs cannot be quite fixed, no matter how hard we try

Some Theory

Address Resolution and Switching

Virtual Networks and Traffic Management

Attacking the Architecture

CAM and Traffic Interception

Other Attack Scenarios: DTP, STP, Trunks

Prevention of Attacks

Food for Thought

CHAPTER 8: US VERSUS THEM

What else can happen in the local perimeter of "our" network? Quite a bit!

Logical Blinkenlights and Their Unusual Application

Show Me Your Typing, and I Will Tell You Who You Are

The Unexpected Bits: Personal Data All Around

Wi-Fi Vulnerabilities

PART III: OUT IN THE WILD

Once you are on the Internet, it gets dirty

CHAPTER 9: FOREIGN ACCENT

Passive fingerprinting: subtle differences in how we behave can help others tell, who we are

The Language of the Internet

Naive Routing

Routing in the Real World

The Address Space

Fingerprints on the Envelope

Internet Protocol

Protocol Version

The Header Length Field

The Type of Service Field (Eight Bits)

The Total Packet Length (16 Bits)

The Source Address

The Destination Address

The Fourth Layer Protocol Identifier

Time to Live (TTL)

Flags and Offset Parameters

Identification Number

Checksum

Beyond Internet Protocol

User Datagram Protocol

Introduction to Port Addressing

UDP Header Summary

Transmission Control Protocol Packets

Control Flags: The TCP Handshake

Other TCP Header Parameters

TCP Options

Internet Control Message Protocol Packets

Enter Passive Fingerprinting

Examining IP Packets: The Early Days

Initial Time to Live (IP Layer)

The Don't Fragment Flag (IP Layer)

The IP ID Number (IP Layer)

Type of Service (IP Layer)

Nonzero Unused and Must Be Zero Fields (IP and TCP Layers)

Source Port (TCP Layer)

Window Size (TCP Layer)

Urgent Pointer and Acknowledgment Number Values (TCP Layer)

Options Order and Settings (TCP Layer)

Window Scale (TCP Layer, Option)

Maximum Segment Size (TCP Layer, Option)

Time-Stamp Data (TCP Layer, Option)

Other Passive Fingerprinting Venues

Passive Fingerprinting in Practice

Exploring Passive-Fingerprinting Applications

Collecting Statistical Data and Incident Logging

Content Optimization

Policy Enforcement

Poor Man's Security

Security Testing and Preattack Assessment

Customer Profiling and Privacy Invasion

Espionage and Covert Reconnaissance

Prevention of Fingerprinting

Food for Thought: The Fatal Flaw of IP Fragmentation

Breaking TCP into Fragments

CHAPTER 10: ADVANCED SHEEP-COUNTING STRATEGIES

Where we dissect the ancient art of determining network architecture and computer's whereabouts

Benefits and Liabilities of Traditional Passive Fingerprinting

A Brief History of Sequence Numbers

Getting More Out of Sequence Numbers

Delayed Coordinates: Taking Pictures of Time Sequences

Pretty Pictures: TCP/IP Stack Gallery

Attacking with Attractors

Back to System Fingerprinting

ISNProber-Theory in Action

Preventing Passive Analysis

Food for Thought

CHAPTER 11: IN RECOGNITION OF ANOMALIES

Or what can be learned from subtle imperfections of network traffic

Packet Firewall Basics

Stateless Filtering and Fragmentation

Stateless Filtering and Out-of-Sync Traffic

Stateful Packet Filters

Packet Rewriting and NAT

Lost in Translation

The Consequences of Masquerading

Segment Size Roulette

Stateful Tracking and Unexpected Responses

Reliability or Performance: The DF Bit Controversy

Path MTU Discovery Failure Scenarios

The Fight against PMTUD, and Its Fallout

Food for Thought

CHAPTER 12: STACK DATA LEAKS

Where you will find a yet another short story on where to find what we did not intend to send out at all

Kristjan's Server

Surprising Findings

Revelation: Phenomenon Reproduced

Food for Thought

CHAPTER 13: SMOKE AND MIRRORS

Or how to disappear with grace

Abusing IP: Advanced Port Scanning

Tree in the Forest: Hiding Yourself

Idle Scanning

Defense against Idle Scanning

Food for Thought

CHAPTER 14: CLIENT IDENTIFICATION: PAPERS, PLEASE!

Seeing through a thin disguise may come in handy on many occasions

Approaching the Problem

Towards a Solution

A (Very) Brief History of the Web

A HyperText Transfer Protocol Primer

Making HTTP Better

Latency Reduction: A Nasty Kludge

Content Caching

Managing Sessions: Cookies

When Cookies and Caches Mix

Preventing the Cache Cookie Attack

Uncovering Treasons

A Trivial Case of Behavioral Analysis

Giving Pretty Pictures Meaning

Beyond the Engine...

...And Beyond Identification

Prevention

Food for Thought

CHAPTER 15: THE BENEFITS OF BEING A VICTIM

In which we conclude that approaching life with due optimism may help us track down the attacker

Defining Attacker Metrics

Protecting Yourself: Observing Observations

Food for Thought

PART IV: THE BIG PICTURE

Our legal department advised us not to say "the network is the computer" here

CHAPTER 16: PARASITIC COMPUTING, OR HOW PENNIES ADD UP

Where the old truth that having an army of minions is better than doing the job yourself is once again confirmed

Nibbling at the CPU

Practical Considerations

Parasitic Storage: The Early Days

Making Parasitic Storage Feasible

Applications, Social Considerations, and Defense

Food for Thought

CHAPTER 17: TOPOLOGY OF THE NETWORK

On how the knowledge of the world around us may help track down rogue attackers

Capturing the Moment

Using Topology Data for Origin Identification

Network Triangulation with Mesh-Type Topology Data

Network Stress Analysis

Food for Thought

CHAPTER 18: WATCHING THE VOID

When looking down the abyss, what does not kill us makes us stronger

Direct Observation Tactics

Attack Fallout Traffic Analysis

Detecting Malformed or Misdirected Data

Food for Thought

CLOSING WORDS

Where the book is about to conclude

BIBLIOGRAPHIC NOTES

INDEX

Скачать