Overview
The #1 menace for computer systems worldwide, network hacking can result in mysterious server crashes, data loss, and other problems that are not only costly to fix but difficult to recognize. Author John Chirillo knows how these can be prevented, and in this book he brings to the table the perspective of someone who has been invited to break into the networks of many Fortune 1000 companies in order to evaluate their security policies and conduct security audits. He gets inside every detail of the hacker's world, including how hackers exploit security holes in private and public networks and how network hacking tools work. As a huge value-add, the author is including the first release of a powerful software hack attack tool that can be configured to meet individual customer needs.
Synopsis
Beat hackers at their own game - The world of a hacker revealed by a corporate hack master
Hack Attacks Revealed
Take a technogothic journey inside the world of a hacker as seen by security expert John Chirillo. Drawing on his own experience as a hacking consultant for Fortune 1000 companies, Chirillo shows how hackers can exploit network security holes and how you can recognize an oncoming threat to your security. The book features details of the powerful Tiger Box(r) system, used by hackers to penetrate vulnerable networks, and teaches you how to use that same tool to your advantage.
In this highly provocative work, you'll discover:
• The hacker's perspective on networking protocols and communication technologies
• A complete hacker's technology handbook, illustrating techniques used by hackers, crackers, phreaks, and cyberpunks
• Information discovery and scanning tools for hacking into known and unknown ports and service vulnerabilities
• Detailed instructions for customizing the Tiger Box for your needs and using it to search hack attacks
Booknews
An internetworking engineer with an Illinois technology management company, Chirillo details how network hacking can exploit network security holes, and how to recognize an oncoming threat to security. He also describes the Tiger Box system used by hackers to penetrate vulnerable networks, and how to use the same tool<-->provided on the disk<-->to protect against them. Annotation c. Book News, Inc., Portland, OR (booknews.com)
Editorials
From Barnes & Noble
The Barnes & Noble Review"I'm going to make a virtuous hacker guru out of you."
That's how John Chirillo begins his "challenging technogothic journey," Hack Attacks Revealed. And whoever "you" are -- sysadmin, internetworking engineer, or hacker (disaffected or otherwise), you'll find that Chirillo is selling authentic goods. (He's been hired by many Fortune 1000 companies to break into their networks.) This book offers a systematic tour of network vulnerabilities, hacking tools and techniques, and a whole lot more.
Be warned: "This book is sold for information purposes only. Without written consent from the target company, most of these procedures are illegal in the United States and many other countries as well. Neither the author nor the publisher will be held accountable for the use and misuse of the information contained in this book."
Whew. Now that we've got that out of the way, let's see what's really in here...
The first section of Hack Attacks Revealed reintroduces each of today's communications protocols from a hacker's point of view. For example, it's one thing to know that when IP datagrams traveling in frames cross networks with different size limits, the routers must sometimes fragment the datagrams. It's another to recognize that this introduces a potential vulnerability to both passive and intrusive attacks. It's one thing to know that Address Resolution Protocol (ARP) broadcasts packets to all the hosts attached to a physical network, which store this information for later use; it's another to recognize that this represents an opportunity for a spoofing attack.
In Part II, Chirillo moves on to the communications media that tie workstations into LANs, LANs into WANs, and WANs into internets -- Ethernet, Token Ring, FDDI, ISDN, xDSL, point-to-point links, and frame relay. Then, it's on to start attacking the most vulnerable of those 65,000 ports into your computer.
Chirillo starts with Port 7, echo, explaining echo overloads, Ping of Death attacks, and Ping flooding, which takes advantage of a computer's responsiveness by bombarding it with pings or ICMP echo requests. There's Port 19, chargen, vulnerable to a telnet connection that generates a string of characters with output redirected to a telnet connection. There's Port 53, domain, which leads to a discussion of how DNS caching servers can be spoofed, forwarding visitors to the wrong location.
And so it continues, through more than 50 vulnerable TCP and UDP ports, all the way up to Port 540, uucp, Port 543, klogin, and beyond. Chirillo exposes a veritable who's who of viruses, worms, and trojans: Executor, Cain & Abel, Satanz Backdoor, ServeU, ShadowPhyre, SubSeven Apocalypse, Voodoo Doll, Portal of Doom...
Next, you're introduced to scanning: IP, port, and service site scans, tools, and techniques -- including techniques that can penetrate or "stealth" their way past firewalls (a comforting thought).
There's detailed coverage of mail bombing, spamming, and spoofing; web page hacking, and vulnerabilities of specific *nix and Windows operating systems, as well as internetworking hardware (Cisco, 3Com, et al.). You'll find tons of useful charts (from common ports to Ethernet frame formats). There's even an introductory guide to the lingua franca of hacking, the C programming language.
The accompanying CD-ROM contains an extensive collection of security and hacking software, plus TigerSuite -- all you need to uncover, scan, penetrate, expose, control, spy, flood, spoof, sniff, infect, report, monitor, and generally prevent (or perform) all manner of havoc. We hope you'll use the software -- and the book -- for good, not evil. (Bill Camarda)
Bill Camarda is a consultant and writer with nearly 20 years' experience in helping technology companies deploy and market advanced software, computing, and networking products and services. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummiesยฎ, Second Edition.