Silence On The Wire
Some months ago a fellow KPLUGger won the book "Silence On The Wire" at a raffle. The book publishers are very kind and send us books as long as we provide feedback in the form of a review. My friend wasn't so into security books so he gave it to me having noticed it was on my Amazon.com wishlist.
At first glance, "Silence on the Wire : A Field Guide to Passive Reconnaissance and Indirect Attacks" by Michael Zalewski does not look like a book on computer security. All black, not too flashy. What the heck is passive reconnaissance and indirect attacks anyway? But it's from No Starch Press so it should be something cool. I would say this is a different kind of computer security book. This book does not give you the standard advice such as avoid buffer overflows and turn off unnecessary services, etc. It takes a more fundamental look at our hardware, software, and protocols and examined the problem from the lowest level working up. The book basically focuses on how to get information out of a system in ways the designers did not anticipate. Not through any sort of brute force "hacking" (in the negative sense of the word) but by much more subtle means such as observation from a distance without ever letting the target know what is going on through the use of various sorts of data leaks and covert channels. Information is an interesting thing. Lack of information is indeed information itself. All of these things are examined and explained.
The book consists of 18 chapters and 281 pages and I think that is just the right length to cover some of the more interesting ground that others have not covered a thousand times before. Rather than summarize the book let me tell you about a few of the parts that I found interesting.
The information presented on timing attacks and entropy etc. was all very interesting but then in chapter 2 we encounter around 20 pages about boolean logic, logic gates, basic machine architecture etc. This information, while interesting, left me wondering where the author was going with all of this. 20 pages is a bit long to leave the reader in the dark. We ultimately find out how the hardware relates to timing attacks and computational effort analysis.
I found the in-depth discussion of the OSI model and the byte-level dissection of the various protocols that make up the protocol stack in our networks to be very interesting. I have read Richard W Steven's book on networking (a long time ago) but this was a very nice review. During the explanation of the various protocols and layers we learn a few things about the quirks of each of these layers and how they can reveal information. We find out how the RFC's (the standards which specify the protocols/languages which computers use), while specific enough to allow different machines to talk to each other, are often not completely without ambiguity and leave room for variance in the various different implementations. These variances can be observed and used to determine what OS a machine is running among other things.
Page 109 in chapter 8 is particularly interesting to me. Imagine my surprise when, just sitting in bed reading along one night, I came across my own name in a computer security book! It turns out the author ran across my work in "war-flying" back in 2002 and found it interesting enough to include in his book.
During the section discussing TCP we learn about TCP sequence numbers and the need for solid entropy in their generation. Some pretty pictures are presented which show the probability distribution of the generated TCP sequence numbers for various different OS's. I remember seeing these pictures and reading the paper back in 2001 when the author first published them. You can actually determine what OS a machine is running by looking at a picture of the distribution of the TCP sequence numbers it generates. This relates back to the passive OS fingerprinting. The TCP specification says sequence numbers are to be used but says nothing about what algorithm to use to generate them.
Overall I found the book quite satisfying and it clued me into a number of areas of information leakage that I had not been aware of and techniques which can be used to exploit them. I liked how the author presents several real life stories from his own personal experience where something very strange and interesting was discovered. This is the only real computer security book I own. Most other books just seem too cheesy or unoriginal or out of date to bother with. This book is not only original but it focuses on fundamental ideas that will continue to be valid for many years to come.