Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aggressive Network Self-Defense

Posted by timothy on from the scenario-based dept.

nazarijo (Jose Nazario) writes "Continuing in the new theme of fiction and technical how-to, Aggressive Network Self-Defense brings together several authors to provide a wide range of material. Syngress' niche in this space seems to be breaking new ground -- and for the most part, it works. While you don't get as in-depth a treatment as a typical technical book gives you, there is an added dimension: namely, a more realistic scenario of how these tools fit together in a real, live series of actions." Read on for the rest of Nazario's review. Agressive Network Self-Defense author Neil Archibald, Seth Fogie, Chris Hurley, Dan Kaminsky, Johnny Long, Haroon Meer, Bruce Potter, Roelof Temmingh, Neil R. Wyler, Timothy Mullen pages 416 publisher Syngress rating 8 reviewer Jose Nazario ISBN 193183625 summary take your security into your own hands to identify, target, and nullify your adversaries

Not being a big fan of most fiction (I tend to prefer history), it's hard to say definitively good or bad things about the quality of the writing. What I can say is that it's infinitely less irritating, and far more realistic, than Neal Stephenson's Cryptonomicon or Gibson's Neuromancer. No over-the-top smearing of adjectives to describe the mundane, and no unrealistic sequences of events. Then again, there's no character development and no real story progression, so it's not great fiction.

As a series of hacker vignettes, the book works just fine, and very well for the purposes at hand. Basically, what the authors want you to get from the book is two-fold: First, they want you to debate the issues around "strike back" attack methodologies. Several of the authors are open advocates of what are legal grey areas and open moral questions in the field of network security. Secondly, they want you to see how it's done, what you do when you actually use a tool to achieve a goal. Most books that do this, like Hacking Exposed, cover far more tools, but they usually do so without showing you each tool's use in a real-world scenario.

I won't bore you with a lengthy, detailed overview of the first part of the book. Like I said, it's a series of part fiction, part tutorial series of short stories. In them, you'll see tools like Metasploit, virus creation, some nmap, sniffers, and keystroke loggers, all in action, being used as an operator would use them, and achieving real goals. This is more valuable than a basic manual, and the stories themselves act as a nice setting. While not great fiction writers, the authors are decent enough at the job, and they write the technical material clearly.

The second part of the book is interesting. It makes up about a fifth of the book in volume, but a lot more in technical weight. The book bills this section as "The technologies and concepts behind network strike-back," and that's an accurate summary. It's a series of four unique perspectives and technical chapters that complement the rest of the book quite well.

The first introduces ADAM, the "Active Defense Algorithm and Model," which develops a methodology for network administrators to actively defend their networks against attacks. It's quite interesting, and brings together a number of risk models in an uncommon take. The authors are academic researchers from the University of Idaho, so it's a lot more academic than the previous material in Aggressive Network Self-Defense, but it formalizes a lot of the thinking that was present in the writing of the stories and techniques.

The second is Tim Mullen's classic "Defending your right to defend." This is the original position paper shared by Mullen with the information security community in 2002 or so. Here, Mullen makes a compelling case for actually striking back at worm infected hosts. After all, the position holds, someone should do something about them to help clean up the Internet. While it's a position I disagreed with at the time and still do, Mullen's writing is articulate and an important read. It really helps you understand a lot of the thinking that went into the book itself.

Dan Kaminsky wrote the next chapter, "MD5 to be considered harmful someday." Largely considered to be a follow-on to Joux and Wang's one-way hash function research, what it shows is how practical such an attack can be. Kaminsky never fails to come up with interesting ideas he puts into practice, and he adds another level of depth to this book.

Finally, Aggressive Network Self-Defense ends with an interesting paper, "When the tables turn: Passive strike-back." Like any good paper, it has a clear and thoughtful motivation, and really demonstrates the principles at play, namely building network resources that don't simply lure the attacker in, they trip her up. There are so many ways to do this, the authors show us, and ultimately it's almost fun. A good way to end the book.

An over-arching concern with the book that I have is the question of ethics. Mullen, in the foreword, states that he hopes the book stirs a debate about the ethics of the actions in the book. However, the book itself falls short in this area. Instead, sometimes the characters get busted, and sometimes they don't, but just because they didn't get caught doesn't mean some ethical lines weren't crossed. All too often the authors leave the ethical debate up in the air. While I prefer this to overt preaching or questions, the style leaves me wondering if this goal was achieved.

So, where do I stand on Aggressive Network Self-Defense? In the end, I like it, more so than a book like Hacking Exposed or other "hacking how-to" types. The style of presentation doesn't lend itself all that well to exploring a very wide number of tools, but it does give you a deeper context to see how they assemble into something larger. For many people I expect it will be a page turner, and I think the format has some utility, as shown here.

You can purchase Aggressive Network Self-Defense from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

128 comments

  1. Concise Review... by darth_MALL · · Score: 5, Funny

    Smith and Wesson.

    1. Re:Concise Review... by Effugas · · Score: 2, Insightful

      At least with guns, you know who you're shooting.

      It's much harder with networks. All you really know is that someone sent a message to someone sent a message to someone, and you received something because of it. How do you attack back in such an environment?

      The best way is to prevent a counterattack from working against anyone who's innocent of attacking you in the first place. Embedding a counterattack in a TCP session started by your enemy is one approach; if the session was spoofed, your malicious return payload will not be parsed by the recipient of your packets and they'll be left unharmed. Of course, what if your target was made into a member of a botnet? Then things get tricky -- they're liable for the damage their system is doing, but they acted without intent. And intent matters.

      Tricky scene, this strikeback. I hadn't looked into it that deeply until Grifter approached me...fascinating subject.

      --Dan

    2. Re:Concise Review... by idontgno · · Score: 2, Insightful
      At least with guns, you know who you're shooting.

      Oh, I don't know. Mere possession of a firearm doesn't give you IFF, x-ray low-light vision, or even basic good sight picture. If you want, you can blast away in the general direction of a perceived threat. In fact, aimed fire is pretty rare, even among law-enforcement professionals. And how many innocent cattle die each deer hunting season because "trained" hunters risk shots through cover at a barely-glimpsed "deer"? Hell, how many hunters are fired on under the same circumstances, in spite of mandatory high-visibility clothing?

      No, guns and "active network defense" are very similar, for very much the same reasons: everyone downrange is in the threat space, innocents get hit as easily as the "intended target", it's easy to reaction-fire on an innocent (non-actual) "threat", and the bad guys already know to duck or hide behind innocent "shields". And it doesn't take too much imagination of two different parties of armed personnel attacking the same "bad guy" and inadvertently engaging each other. The military has a few names for it: "fratricide", "friendly fire", "Blue-on-blue".

      No, the weapons analogy stretches pretty well in this case. "Active network defense" may be a wonderful idea or a terrible one, but it certainly has consequences comparable in kind (if not scope) to gunfights in the streets.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    3. Re:Concise Review... by Loligo · · Score: 1

      >"trained" hunters risk shots through cover at a barely-glimpsed "deer"

      I hate to break this one to you, but NO "trained hunter" would take a shot at a target he couldn't identify.

      Your "guns and 'active network defense'" analogy only applies when you're talking about UNtrained gun owners and poorly programmed automatic network defense mechanisms.

      Properly trained gun owners are safer with their guns than you will ever be with your car, and an actual trained professional network administrator operating those network defense mechanisms are infinitely safer and more accurate than any current programmed automatic defense response.

      Yes, I can point to dozens of examples of jackasses that have no business holding a gun blowing away their son or daughter because they didn't have a clue what they were doing. Likewise, this article and others like it can point to examples of poorly programmed automatic responses trashing networks that had nothing to do with the attacks they are responding to.

      But that doesn't change the facts.

      -l

    4. Re:Concise Review... by Grab · · Score: 1

      At least with guns, you know who you're shooting.

      Tell that to the relatives of Amadou Diallou, or the relatives of the victims of Bloody Sunday, or the relatives of the many civilians shot in Iraq by US/UK soldiers for no good reason (went past a checkpoint they didn't know was there/driving fast to get an family member to hospital/caught between US and Iraqi forces/etc).

      With guns, you know you're shooting at a person across the way. History shows that the shooter often doesn't know who the person is, can't see them clearly, doesn't know for sure they're a threat, and all-too-frequently is just acting out of reflex because the guy next too him got nervous and popped off a shot when he shouldn't have.

      So "shooting back in self-defense" actually is very likely to be "shooting at someone who never shot at you, for reasons you don't really know". In other words, it's almost identical to your network protection...

      Grab.

    5. Re:Concise Review... by idontgno · · Score: 1
      Oddly, I think we agree, except to the significance of what we're agreeing to. You cite training as if it were sufficient per se to prevent bad firearms handling. I believe that in many cases (probably not the majority, but a significant minority), safe hunter training fails to prevent stupid aiming choices.

      My point is that there are both enough both people with guns and enough people with the capacity to strike back on the network for whom no amount of training or good intentions can prevent from doing the wrong thing.

      My belief is essentially that any capability will be used by N members of a community (for values of N > 0) for stupid, careless, or simply mistaken reasons and innocents will get hurt. I'm not saying necessarily that that's a reason to take away all firearms or declaim blanket condemnation against aggressive network self-defense; I'm simply pointing out that we need to be ready for the costs.

      I think, ultimately, that your point is the optimistic theoretical part of this argument, while mine is the pessimistic realistic part of it.
      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
  2. You know your admin has read this by Timesprout · · Score: 4, Funny

    when you try to login and your network tells you

    "I know Kung Fu"

    --
    Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
    What truth?
    There is no dupe
    1. Re:You know your admin has read this by kyoko21 · · Score: 3, Funny

      "Show me."

    2. Re:You know your admin has read this by Wolfrider · · Score: 2, Funny

      "Do you _really_ think that's _air_ you're breathing, right now? Hmm."

      --
      .
      == WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
    3. Re:You know your admin has read this by Anonymous Coward · · Score: 3, Funny

      You know, I was browsing at -1 and got scared for a second thinking this "show me" is a response to this

  3. Integration is the real problem with security by ikewillis · · Score: 2, Insightful

    ...and it's great there's a book covering it. There are so very many security related tools available today, and the real problem nowadays is that few of them integrate in any usable manner. NIDS should integrate with each other and generate more comprehensive, multiperspective data about suspicious looking traffic. Networks should autoadapt to block malicious traffic.

  4. Let me be the first to say... by Anonymous Coward · · Score: 0, Redundant

    I, for one, welcome our new aggressive self-defending network overlords!

  5. Agressive by tcopeland · · Score: 4, Funny
    My compliments on this conservation of the letter 'g'. But why the duplicate 's'?
    [tom@hal ~]$ ruby -e "puts 'Aggressive'.squeeze"
    Agresive
    [tom@hal ~]$
    That's better!
    --
    The Army reading list
    1. Re:Agressive by Anonymous Coward · · Score: 0

      You could've saved keystrokes by hitting delete twice ;)

  6. Swatch, Snort, Portsentry by BJZQ8 · · Score: 2, Informative

    The only three programs you need to know.

    1. Re:Swatch, Snort, Portsentry by rob_squared · · Score: 0, Redundant

      For those too lazy to google:
      http://swatch.sourceforge.net/
      http://ww w.snort.org/
      http://sourceforge.net/projects/sent rytools/

      --
      I don't get it.
    2. Re:Swatch, Snort, Portsentry by Spy+der+Mann · · Score: 3, Informative

      For those too lazy to cut n paste:

      http://swatch.sourceforge.net/
      http://www.snort.org/
      http://sourceforge.net/projects/sentrytools/

    3. Re:Swatch, Snort, Portsentry by Anonymous Coward · · Score: 0

      Google would have been faster than copy/paste.

    4. Re:Swatch, Snort, Portsentry by grazzy · · Score: 1

      Yes, I learnt those three in daycare while developing a cure AIDS.

      Nowadays at my dayjob doing brainsurgery/rocket science/abstract math I often think back at those day peering thru endless manuals. Fun it was learning those jolly programs. Easy too!

    5. Re:Swatch, Snort, Portsentry by bcmm · · Score: 1

      Nmap.

      --
      # cat /dev/mem | strings | grep -i llama
      Damn, my RAM is full of llamas.
    6. Re:Swatch, Snort, Portsentry by Jack+Auf · · Score: 1

      I've been using portsentry, and to a lesser degree hostsentry and logwatch (all are/were from Psionic) for a long time.

      It's a damn shame that they've not been updated for years, and I've sent several emails to Psionic asking about taking them over but I haven't ever received a reply. (Portsentry still works fine, but logwatch and hostsentry need to be updated)

      --
      "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety" - BF
    7. Re:Swatch, Snort, Portsentry by PhraudulentOne · · Score: 1

      ethereal...

      --
      You create your own reality - Leave mine to me.
  7. Viability of recommendations. by crottsma · · Score: 4, Funny

    While his proposed recommendations for network defense appear viable, nothing is more effective for protecting your computer than sucker-punching a random script-kiddy in the groin at a local LAN party.

    1. Re:Viability of recommendations. by maotx · · Score: 1

      Just call him a cheater.

      --
      I'm a virgo and on Slashdot. Coincidence? Yes.
    2. Re:Viability of recommendations. by Anonymous Coward · · Score: 0

      Punch a groin? Just how short are you? I suggest steel-toe boots next time. Then reboot.

    3. Re:Viability of recommendations. by Frodo+Crockett · · Score: 1

      That's funny, but it looks staged.

      --
      "The newly born animals are then whisked off for a quick run through a giant baking oven." --heard on Food Network
    4. Re:Viability of recommendations. by WormholeFiend · · Score: 2, Funny

      or you could attend a hacker convention, and pretend to want to become friends with the virus/worm crowd.

      Then, when they least expect it, whip out your ASP baton, and start bashing anyone within reach yelling repeatedly "THIS IS YOUR COMPUTER BEING INFECTED!"

  8. So Dan Kaminski wrote the MD5 chapter... by tcopeland · · Score: 4, Interesting

    ...he's got some nifty visualizations of the MD5 attacks on his site; scroll down a page or so to see this and other images...

    --
    The Army reading list
    1. Re:So Dan Kaminski wrote the MD5 chapter... by dago · · Score: 1

      Warning : parent posted encrypted pr0n

      --
      #include "coucou.h"
  9. Agressive by jon855 · · Score: 0
    Connecting to 129.21.1.0
    Timed out...
    Reason for Timed out: Login not entered within a picosecond
    AUTODESTRUCT IN PROGRESS...
    5
    4
    3

    BOOM...

    --
    May /. rule the /.ing realm
  10. Re:Two G's, you fucking SPEDs! by Anonymous Coward · · Score: 1, Informative

    Pluralization does not need an apostrophe.

  11. Re:FP? by Anonymous Coward · · Score: 1, Funny

    Yep. Good job. *pat* *pat*

  12. automated responses to probes? by humankind · · Score: 4, Interesting

    One thing that really bothers me are things like this in my logs:

    Mar 2 22:42:37 inetd[32684]: refused connection from 210.29.1.3, service sshd (tcp)
    Mar 2 22:42:38 inetd[1534]: ssh from 210.29.1.3 exceeded counts/min (limit 1/min)
    Mar 2 22:43:09 last message repeated 38 times
    Mar 2 22:45:09 last message repeated 114 times
    Mar 2 22:55:10 last message repeated 644 times
    Mar 2 23:05:10 last message repeated 509 times

    I routinely run into foreign systems hitting my server at extraordinary rates. These seem to be bursts here and there, more looking to probe the system than DoS it but sometimes a DoS condition occurrs.

    I routinely to an IPWHOIS of these locales and send e-mail to the IP administrators, but some of the foreign ones are unresponsive. So what can you do?

    Are there any scripts out there that can automate the process of reporting system probes?

    Is there any recourse in taking aggressive counteraction against, for example, the hoards of chinese IPs that routinely probe and attack domestic hosts?

    1. Re:automated responses to probes? by jon855 · · Score: 1, Funny

      How about borrowing IBM's supercomputer and DoS the sh*t out of em? Do the whole government whil you're at it.

      --
      May /. rule the /.ing realm
    2. Re:automated responses to probes? by bobintetley · · Score: 4, Informative

      Is there any recourse in taking aggressive counteraction against, for example, the hoards of chinese IPs that routinely probe and attack domestic hosts?

      No, but I find the simplest thing to do is lookup the netblocks/ips for addresses I will be connecting to my SSH/OpenVPN from (in my case, work and my mobile phone GPRS provider) and then crafting a couple of iptables rules to only allow those addresses to connect. I find this cures half of the far east trying to connect :-)

    3. Re:automated responses to probes? by Stop+Error · · Score: 1

      Some of the larger ISP's will block entire countries subnets from ever reaching your firewall/router. You just have to get past the support desk to an engineer. I used to consult for a company that had all non-North American subnets filtered by their ISP.

      Not only did their Firewall logs quite down but the amount of Spam hitting their Exchange server dropped by a massive ammount.

      --
      No keyboard detected. Press any key to continue.
    4. Re:automated responses to probes? by Anonymous Coward · · Score: 1, Interesting

      You can use snort_inline to detect attacks like this and atumatically it places an iptables rules to block these subnets. You can also write a small script to be executed that mails the owner of the ip block along with blocking it.

    5. Re:automated responses to probes? by digitalchinky · · Score: 2, Informative

      Not sure if anyone has mentioned it yet, but port sentry with a little tweaking can clean up what you describe really well - automatically drops the results into a firewall or hosts.deny.

      Only problem is that it's not much of a user friendly program, can on rare occurances block IP addresses that were not intended to be blocked, so it takes a little bit of an active hands on approach.

      http://sourceforge.net/projects/sentrytools/

    6. Re:automated responses to probes? by digitalchinky · · Score: 1

      Sorry, two seconds after (or before) I post, 5 other people say the same thing. Mark me redundant, apologies.

    7. Re:automated responses to probes? by digitalchinky · · Score: 1

      The odd thing is - I live and work in the far east, have done for 5 years now, most of the attacks and probes I see come from the far west :-)

      I used to whine about the koreans way back, but a lot of the mail that makes it here into asia does tend to come from english speaking (often US netblocks) countries.

      Weird that.

    8. Re:automated responses to probes? by The+Barking+Dog · · Score: 1

      First off, I wouldn't run SSH from inetd because of things like this.

      I use swatch to look for these SSH probes. Two rules seems to catch most of these: 1) looking for illegal users (such as test, which occurs most frequently) and 2) looking for root login password failures. If you need to allow root logins, I'd recommend requiring that auth be key-based with the poorly-worded without-password option for PermitRootLogin. Then, there would be no situation in which a legit SSH root login would trigger the rule.

    9. Re:automated responses to probes? by Rattencremesuppe · · Score: 1
      Some of the larger ISP's will block entire countries subnets from ever reaching your firewall/router. You just have to get past the support desk to an engineer. I used to consult for a company that had all non-North American subnets filtered by their ISP.

      It's even better when you disconnect from the Internet and only use your local network. Firewall logs and spam traffic will immediately go to zero in most cases.

      SCNR

    10. Re:automated responses to probes? by humankind · · Score: 1

      Thanks for the info... I've been looking at portsentry. Is there any sample info available for demonstrating how to integrate this into hosts.allow?

      One issue is that I've already mass-blocked most of the offending foreign IP space in hosts.allow, but this doesn't stop them from consuming inetd resources while probing. In some cases I have router access, and on other servers I don't, so I can't always count on using hardware firewalls.

      This is one reason why i ultimately think that the future of computer security is more of a political/jurisdictional issue than a technological one. They will come up with new probes, and we will come up with new solutions and we keep going around in circles until the backbone providers agree to hold networks that harbor these criminals responsible.

      I think that the top level backbones should offer the option of filtering large chunks of rogue IP space. I think most of China and Korea should just be stripped at the backbone level. This would cut spam and hacking activity in half. As a customer of Worldcom and Sprint and other providers, I'd like to see them offer top-level filtering of source IP traffic before its even metered on my networks.

    11. Re:automated responses to probes? by myov · · Score: 1

      They're automated probes and the ISP's don't care. You're not paying them.

      I get false SSH login attempts all the time even with a very threatening ssh banner. (untilI firewalled it off)

      --
      I use Macs to up my productivity, so up yours Microsoft!
    12. Re:automated responses to probes? by Stop+Error · · Score: 1

      You run into that little problem of usability when you do that.

      --
      No keyboard detected. Press any key to continue.
    13. Re:automated responses to probes? by Obliviously · · Score: 1

      In the event you are hosting services for the anonymous public you will unfortunately always have to deal with attempted intrusions. If you keep your system up to date and configure it with security in mind then there is nothing to really worry about.

      If you are concerned malicious activity and brute force attacks on you ssh service then simply use public key authentication to login, disable passwords and disable root login (login as user and su to root).

      I have found swatch to be an excellent log monitoring tool that can execute custom scripts to automate many security responses and provide alerts via pretty much any means: pager, sms, email, etc...

      Another option is to simply block all inbound connections, except for from a handful of source ip's/subnets.

      Alternatively you can implement a simple port knocking system via iptables, swatch and some simple shell/perl scripts. I use such a setup to ssh to my home network and then tunnel whatever protocols i need over the ssh connection. An elegant hack that has its critics but can prove useful

    14. Re:automated responses to probes? by p38 · · Score: 2, Informative
      Add a rate limit to your incoming ssh syn connections and drop the ones that go over the rate limit. Also, remove password authentication and only allow rsa authentication. With these together, ssh attacks will disappear from your logs.

      For example:
      $IPTABLES -A tcp_packets -p TCP -s 0/0 -d $INET_IP --dport 22 -j allowed
      $IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
      $IPTABLES -A allowed -p TCP --syn -m limit --limit 3/minute --limit-burst 3 -j ACCEPT
      $IPTABLES -A allowed -p TCP -j LOG --log-level "NOTICE" --log-prefix '[DROP:RATE_LIMIT] '
      $IPTABLES -A allowed -p TCP -j REJECT
      Note. Only turn on the output to log when you want to see what is going on. Otherwise, just comment out that line.
    15. Re:automated responses to probes? by ahodgson · · Score: 1

      I think most of China and Korea should just be stripped at the backbone level. This would cut spam and hacking activity in half

      Yep. Throw the US in there and that should go up to about 90%.

    16. Re:automated responses to probes? by Sinus0idal · · Score: 1

      I have had mild successes before by not attacking them, but just 'letting them know I'm watching'. Often addresses will be spoofed, so there is no point in retaliating by trying to break into or DoS the IP address you have.. but I have had long term probes stop several times by just running an nmap against the probing IP, or running a few ssh connection attempts..

    17. Re:automated responses to probes? by Daengbo · · Score: 1

      I don't know about that. My logs in Korea are a terrible mess. In fact, much of my web traffic can be attributed to attacks. ;)

      --
      Put identity in the browser.
    18. Re:automated responses to probes? by Daengbo · · Score: 1

      I have taken your "disable root login" to the next level and created a dummy user account with no real privs, a difficult username, and a random password, from which I must su to a regular user, and then again to root. I feel much safer now.

      --
      Put identity in the browser.
  13. Where's the help? by RM6f9 · · Score: 1

    Seems like this only verges on the edge of a how-to for network vigilantism - is there such a work?

    --
    Take the 90-Day Challenge! http://rwmurker.bodybyvi.com/
  14. Re:Two G's, you fucking SPEDs! by kicken18 · · Score: 0

    ROFL nice one

    --
    Visit My Blog at http://spaces.msn.com/members/chrisharries
  15. Here is an md5 hash of the book content... by Anonymous Coward · · Score: 3, Informative

    7f2c83031b3e693a86e2b0cc25df7ef7

    1. Re:Here is an md5 hash of the book content... by Anonymous Coward · · Score: 0
      $ echo -n "the book content..." | md5sum
      4c0e0229ff61b924bcac7f24209aeb3e *-
    2. Re:Here is an md5 hash of the book content... by Anonymous Coward · · Score: 0


      7f2c83031b3e693a86e2b0cc25df7ef7

      Huh? An AC can print an irreversible MD5 hash and get it modded informative?

      Sweet! Hey, mods, check this out:

      bd9038580890f6fd9d24fe0635ff94d8 - +5 insightful!
      d9db373e15da9b0c63583867b6c0b12d - +4 funny!
      ebd6d1d665d820a24f014251c18cb658 - ok, I'm trolling

      Weee, look at my karma go. Fucking dickholder gimp mods...

  16. character development by Anonymous Coward · · Score: 2, Interesting

    Then again, there's no character development and no real story progression, so it's not great fiction.

    Character development is massively overrated in lit. I'm not sure if this refers to how fleshed out a character is or how much he changes during the course of the story but in either case it saddens me to think that some people think this is the point of fiction.

    1. Re:character development by Anonymous Coward · · Score: 0

      Actually, character development has more to do with the idea that, "When stuff happens to a character, the character reacts." Calls of poor character development are usually leveled against stories that topple the world, and yet the characters involved don't change a whit. Most people would consider that to be wildly unrealistic, which tends to detract some of the enjoyment for your average reader. Most readers will accept limited development in shorter works, but something novel-sized should definitely show some sort of character development if the story isn't going to be rejected as blatantly unrealistic. With regards to my personal opinion, I also find stories that develop the characters to just be plain more interesting. The opposite would be a story that develops anything but the characters, like the environment (even then, some people would probably go as far as to consider calling the environment a character!). Obviously, a story that doesn't develop anything is just plain friggin' boring (not to mention completely lacking in plot).

  17. You know, I thought of that. by Grendel+Drago · · Score: 0, Troll

    But then I realized that the usage is largely discretionary, and can be used either way. I also realized that whichever variant I went with, I would attract this sort of nonsense. So I picked one and stuck with it.

    I also am not asking for money for my services.

    Dick.

    --grendel drago

    --
    Laws do not persuade just because they threaten. --Seneca
    1. Re:You know, I thought of that. by Anonymous Coward · · Score: 0, Troll

      Dick.

      You seem to be signing your name with each post. But I dont understand the line below it.

      --grendel drago

      ??

  18. Network Security App Name by Shadow+Wrought · · Score: 0

    Don't you think that Digital Rottweiler would be a great name for an aggresive network security app?

    --
    If brevity is the soul of wit, then how does one explain Twitter?
    1. Re:Network Security App Name by rob_squared · · Score: 2, Funny

      I think InterSlice sounds more frightening.

      --
      I don't get it.
    2. Re:Network Security App Name by Anonymous Coward · · Score: 0

      Removing "Digital" makes it tighter and more effective, I think. Afterall, they didn't call it "Digital Carnivore", did they?

  19. Rethorical question? by Anonymous Coward · · Score: 0

    When will the SlashDot crowd realize this kind of jokes aren't funny?

    ( ) Never!
    ( ) I laugh because CowboyNeal does.
    (.) Breasts!

    Oh, and if that was a rethorical question, these are just rethorical answers.

    1. Re:Rethorical question? by eviloverlordx · · Score: 0, Offtopic

      Breasts!

      --
      'Loose' is when your pants are three sizes too big. 'Lose' is when you misuse 'loose'.
    2. Re:Rethorical question? by Anonymous Coward · · Score: 0
      "Rethorical"? You mean where the Norse god returns to...

      Ehhh, screw it -- I'm not funny either....

    3. Re:Rethorical question? by Anonymous Coward · · Score: 0

      (.) Breasts!

      I think you mean

      ( . ) ( . ) Breasts!

  20. Aggressive Network Self-Defense by Anonymous Coward · · Score: 1, Funny

    Hey thats kinda like my network...

    If someone attacks my network, it attacks them right back. You scaning my network ? then all my machines scans you right back. It also ddoses random webservers just for practice.

    1. Re:Aggressive Network Self-Defense by bpfinn · · Score: 1
      <Sean Connery>
      That's the Chicago way!
      </Sean Connery>
  21. Excellent! by Grendel+Drago · · Score: 2, Informative

    Excellent work, editors, fixing the title like that. The "we're a bunch of whores" referrer link is still misspelled, with only one copy of the oh-so-precious letter g.

    So close, and yet so far!

    --grendel drago

    --
    Laws do not persuade just because they threaten. --Seneca
  22. Interesting... by bad_outlook · · Score: 1

    I'm going to implement spamd (the tarpit), that's about as proactive I am at going out of my way on offence with my network. Up till now it's all be defense. What else can I do from a FreeBSD server, or an OpenBSD pf firewall box?

    bo

    --
    bad_outlook
    --
    Is this vague enough for you?
  23. Author of ADAM by scaltagi_the_pirate · · Score: 5, Informative

    I am an author of ADAM (Ch 9) in the book, with Deb Frincke. I would like to point out that more information and resources on the topic of active defense and active response can be found at: http://www.activeresponse.org

  24. Re:So Dan Kaminsky wrote the MD5 chapter... by Effugas · · Score: 1

    Heh, thanks :)

    As long as we're discussing the MD5 stuff:

    Slashdot
    E-Print of the original paper
    Vlastimil Kilma's research on the topic
    The finally released paper by Xiaoyun Wang, the original discoverer of this attack

    Enjoy!

    --Dan

  25. Ugh. by Sheepdot · · Score: 0, Flamebait

    What I can say is that it's infinitely less irritating, and far more realistic, than Neal Stephenson's Cryptonomicon or Gibson's Neuromancer.

    I always hear these two books mentioned when people talk about computers in science fiction(aside only from 2001:A Space Odessey).

    I have yet to read Cryptonomicon, so I cannot comment on that. I have, however, read Neuromancer.

    The book is utter crap. The main character is unbelievable, and acts contrary to what his own mind and desires would be. The other characters lack personality and a solid basis for the actions they as well.

    The story is mediocre and flaky at best. We're supposed to believe that the characters in the story are working for Armitage, but aren't, but really are. Their reasons for doing as he asks? The reader is left to assume it is because they are completely inept and gullible, and too afraid to turn to any reasonable educated person on the conditions they are in. In other words, the characters don't really think.

    Granted, the environment, and the computer culture, and all the cyberpunkness *is* there, but that alone doesn't make a good story. And keep in mind that Blade Runner PRE-DATED this book by 2 years. The marriage of science fiction and computer crime was bound to happen eventually, Gibson is no saint for being arguably the first.

    Anyway, I just wanted to propose an alternate view on Neuromancer so no one else gets duped into buying it. When you see geeks talk about it, don't let them sucker you into thinking it's something that you'll enjoy, it creates a world, but then it fails to give a story. There's been better work since.

    1. Re:Ugh. by Anonymous Coward · · Score: 0

      WTF does it have to do with these novels anyway, except that in order to drum up business security consultants like to pose as as bad muthas from SF novels, "yeh I have lots of teh haxx0r stuff and I like guns and I SHOOT FOR THE HEAD!" Sheesh. Most security consulting is, like, "I ran SATAN on your net and found 123,363 open ports. Wheres my check? OBTW you don't have WEP turned on. You lamer!"

    2. Re:Ugh. by adavies42 · · Score: 1

      Most of Gibson is crap. If you want interesting, *thoughtful* computer-related SF, read Vinge. He invented virtual reality with his short story "True Names", and has been ahead of just about everyone else ever since.

      --
      Media that can be recorded and distributed can be recorded and distributed.
      -kfg
    3. Re:Ugh. by Anonymous Coward · · Score: 0

      I find it astonishing that you're criticizing Cryptonomicon and grouping it with Neuromancer without even having read it. :) I haven't read Neuromancer, but Cryptonomicon was a decent read. Half of the book is about WW2, and the other half is contemporary and quite believable, not some whacked-out futuristic cyberpunk thing. Snow Crash, another decent read, better than Cryptonomicon in some respects IMHO, is probably closer to Neuromancer in topic. Stephenson has his faults (for one thing, he doesn't seem to believe in endings), but I think he's a superior writer to Gibson, at the very least on the entertainment measure (which is what I read fiction for, I dunno about you).

    4. Re:Ugh. by Sheepdot · · Score: 1

      Awesome, thanks! I was also told to read Snowcrash for good SF.

    5. Re:Ugh. by wintermute42 · · Score: 1

      One cannot reasonably argue that an opinion is wrong. Opinions, as they say, are like assholes, everyone has one. As a William Gibson "fan boy" you could say that I don't share your view of Neuromancer. In my opinion Gibson is one of the best writers of this century.

    6. Re:Ugh. by adavies42 · · Score: 1

      Yes, Stephenson kicks Gibson's ass.

      --
      Media that can be recorded and distributed can be recorded and distributed.
      -kfg
    7. Re:Ugh. by TurtlesAllTheWayDown · · Score: 1
      Most of Gibson is crap. If you want interesting, *thoughtful* computer-related SF, read Vinge.

      Thoughtful characterizes the man indeed- in his writing and his person. I've had the fortune to meet Vinge, and a dozen or so other prominent writers, at conventions and other events, and Vinge stands out in his demeanor and presence. When not speaking, or being spoken to, he rarely seems to make eye contact, but scribbles and scratches in his notes, furitively glancing around him. His voice is soft and tentative, almost every statement he makes is qualified by "I'm not sure, but this is what I see happening..."

      From a casual meeting, you wouldn't think of him as authoritative, for lack of self-aggrandisment. I've met several of his former students in the area, who've gushed about how difficult, but rewarding it was to work with him- they're surprised to hear he's a SF writer.

      It will be interesting to see where his fiction goes, now that he's moved on from the churn of Academic computer science. Will he continue to be "ahead of just about everyone else"? Perhaps. I suspect that he will continue to be *thoughtful*.

    8. Re:Ugh. by Master+of+Transhuman · · Score: 1


      Thank you for your concise and interesting review.

      Now fuck off.

      You're the moron who comes out of EVERY movie theater I've ever been in saying, loudly, so everyone in the lobby can hear, "Well, THAT SUCKED!"

      Nobody gives a shit what you think.

      Besides which, your review is crap because you obviously have no fucking clue what the story was about because you have no fucking clue why the characters did what they did.

      Take your no fucking clueless self elsewhere.

      --
      Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
    9. Re:Ugh. by Sheepdot · · Score: 1

      Actually I hate the people that talk loudly after watching the movie like they are arrogant too. But I keep seeing Neuromancer mentioned in geek circles as if it's on the level of Foundation, Mote in God's Eye, Stranger in a Strange Land, and other Science Fiction novels. It's a REALLY bad story. I hope Gibson has improved since, but no part of me cares to read anymore to find out.

    10. Re:Ugh. by Sheepdot · · Score: 1

      And your username would indicate so. :)

      I just don't see what the hoopla is. I keep seeing Neuromancer mentioned in geek circles as if it's on the level of Foundation, Mote in God's Eye, Stranger in a Strange Land, and other Science Fiction novels. It's a REALLY bad story, but beautiful world and environment.

      I hope Gibson has improved since, but no part of me cares to read anymore of his work to find out.

    11. Re:Ugh. by Sheepdot · · Score: 1

      No, I'm not criticizing Cryptonomicon. I said I haven't read it so I can't speak about it. But Neuromancer is ALWAYS mentioned as some SF masterpiece when the story itself wasn't good, but the world and environment were.

    12. Re:Ugh. by wintermute42 · · Score: 1

      Diversity of opinion is what makes the world interesting. So I respect the fact that you don't like Gibson.

      Obviously my take on things is different. In my opinion Stranger in a Strange Land is a work that would appeal only to teenagers. I liked Mote in God's Eye but I don't find it more than entertaining.

      In contrast there are parts of Neuromancer that fascinate me. The description of Tessier-Ashpool as a wasp like organism.

      Perhaps Neuromancer is a generational thing. My parents generation love On the Road by Jack Kerouac which I hate.

    13. Re:Ugh. by Sheepdot · · Score: 1

      lol, I love "On the Road"! Well, I take that back cause I never read the whole thing. But his descriptions of events and travelogues in general fascinate me. It's the book that defines the beatniks, so your parents must have loved the free life that existed then.

  26. Re:So Dan Kaminsky wrote the MD5 chapter... by tcopeland · · Score: 1

    We meet again! :-)

    --
    The Army reading list
  27. Punish em' by PenGun · · Score: 0

    Any serious network attack involves a chain of ownwed boxes to attack from. The best response is to take those owned boxes from them.

    After determining the source of the attack alert the people who have been owned and help em' get their box back, teach em' a little hardening too ;). It's not that hard to take network machines but it does hurt to have em' taken back.

    PenGun
    Do What Now ??? ... Standards and Practices !

  28. I've often *thought* of doing this, but... by Anonymous Coward · · Score: 0

    then I consider that a lot of these systems are merely victims themselves. Do I really WANT to take down someone's core router or mail server because they've allowed it to fall into michievious hands?

    I suppose with snort, nmap, some very short scripts to do the nasties, you could thump probing systems in an automated fashion. I just haven't felt comfortable doing that lest I pounce on someone who's already a victim.

    Cheers,

    1. Re:I've often *thought* of doing this, but... by KlomDark · · Score: 1

      Yes, take it down, just don't trash it. Some of these people will never suspect a problem unless their equipment gets knocked out. They'll then notice, hopefully take a look at some logs, and deduce that they've been messed with, and hopefully do something to fix the problem.

      If not, then keep thumping them to keep their infected shit off the net and from bothering others.

  29. Excerpt from book by WilliamsA · · Score: 1

    I worked on the book. Anyone interested in checking out a chapter can go to http://www.syngress.com/catalog/?pid=3190

    1. Re:Excerpt from book by LocalH2O · · Score: 1

      If the Syngress server falls over...you can always get the sample chapter from the SensePost site here!

  30. Re:Two G's, you fucking SPEDs! by adavies42 · · Score: 0, Offtopic

    Actually, plurals of single letters are one of the few cases where using an apostrophe is allowed. Plurals of numerals (e.g. "How many 1's are in this byte?") is the primary other one.

    --
    Media that can be recorded and distributed can be recorded and distributed.
    -kfg
  31. My checklist by Sheepdot · · Score: 5, Interesting

    In order (somewhat):

    1. NMAP the offender.

    2. NSLookup, Whois, etc. I even go so far as to use GeoIP to get city, state, ISP, etc. Get email addresses to send to.

    3. Look for open proxies on the address in the case of SPAM. If so, just drop the search there.

    4. Nessus check for potential vulns that might have been exploited by common/known worms. Essentially, find how they were exploited, and if there is no known reason, assume they are malicious.

    5. Take necessary actions to blacklist or block the IP on the offending protocol, or in some rare cases, kill the IP altogether. (rarer cases, the subnet)

    6. Google. You'd be amazed at what I can do here. I put in the direct IP, I put in email addresses I've collected to find out where the person posts, etc. I get to know the individual, who they are, and further deduce if they are malicious. I used to even go so far as to imiate someone of the opposite sex their age and talk to them on their favorite IM and ask them if they are a h4x0r and can help me "get back at my brother, the bully at school, the girl that stole my boyfriend" etc. (never assume the gender of a /. poster)

    7. Email at a minimum 5 people, including Incident Response (https://forms.us-cert.gov/report/), the offending ISP, any emails off of the website of the IP in question, etc. Half the emails I CC just so that the individuals take the email seriously. Occasionally these will contain logs, IM logs, who the person is, what they do in their spare time, what forums they visit, their picture (if any) and etc. I do this from a TOR-accessed Hushmail account, so no one knows who the hell it is. One time I sent the email to the offender's mother. He sure thanked me with some profanities on that one (which were subsequently forwarded to his mother).

    There's ways of "attacking back" in such a way that script kiddies die out, but you have to totally overwhelm them with your sheer capability to outsmart them.

    Let's face it, we're all guilty of being lax in our network activity and leave IP trails on logs that Google indexes. It makes no sense to sit back and complain about script kiddies when it's quite obvious that we're unwilling to take them to task when they probe. The information is there, you just gotta do some digging and learn how to use Google's Advanced features. It's important to make your response to their actions overwhelming, so they are never tempted to turn back to random probing again.

    1. Re:My checklist by scaltagi_the_pirate · · Score: 1

      Thats a good list of some active response actions, a potential taxonomy of actions to begin with is presented in my west point paper, here is the short version:

      No Action: A threat is detected, but no action is taken.

      Internal Notification: Using the organizational structure to notify the designated responder(s) of an active response situation.

      Internal Response: Applying active response actions within the domain over which the responder has authority (e.g. close a threat vector's associated port).

      External Cooperative Response: Employing entities external to the responding organization to mitigate a threat.

      Non-cooperative Intelligence Gathering: Using external services (e.g. finger, nmap, netstat, etc.) to gather intelligence on the threat. Sometimes referred to as ``look but don't touch.''

      Non-cooperative `Cease and Desist': Stopping harmful and unauthorized services (e.g. zombie control processes) without compromising legitimate usability.

      Counter-strike: An external action to reduce or deny the capabilities of an attacker to continue the attack.

      Preemptive Defense: With knowledge of a forthcoming attack, execute active defense actions to preempt (and disable) the upcoming attack.

    2. Re:My checklist by Anonymous Coward · · Score: 0

      You are a blackhat and a dickwad.

    3. Re:My checklist by Anonymous Coward · · Score: 0

      Add this to your checklist.

      8. Meet a girl.

  32. Don't use the standard port by wowbagger · · Score: 1

    One way to help thin this sort of thing down a bit is to use a non-standard high port (above 1024) for your SSH daemon.

    This keeps the 5|<r1p7 |<1dd3z from being able to trivially find you SSH server.

    Ideally, you want to do this in combination with code that watches for a port-scan and adds a firewall rule to block the scanning address.

    Yes, this won't completely stop abuses of your SSH server - there's always a chance that somebody will stumble across it, so you should keep it up to date on security patches and disable password login (in other words REQUIRE a keypair to access). But this greatly reduces the amount of crap

    --
    www.eFax.com are spammers
  33. Not hard to set up snort+iptables by wsanders · · Score: 1

    Not hard to set up snort+iptables to automatically set up entries to DROP packets from probing hosts. Response is not instantaneous if you're just getting scanned quickly by random lusers from some backwoods Chinese technical college (probably their idea of a lab assignment). Of somewhat limited use for ports inside firewall, but a lot of firewalls these days have snort-like capabilities anyway.

    Port scans are part of the business. I don't care who scans me - only port 22, 80, and 443 are open, so what?

    --
    Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
  34. three words... by forum__32 · · Score: 0, Offtopic

    Wax on.....Wax Off

  35. IP DATABASE! by humankind · · Score: 1

    This brings us to an issue I've wondered about for a long, long time.

    Where are the detailed IP databases? Who is compiling them? (You know some intelligence and other agencies are surely generating these database, but are there any that are public other than the search engines?)

    Google would be great if you could put in an IP and get a list of all the things that IP searched on. Imagine the possibilities in tracking people down. Yes, a huge security issue, but you know it's being done. A few select corporations and government agencies probably have the means to profile IP addresses. It's just a matter of time before this information is more widely accessible in an organized format.

    1. Re:IP DATABASE! by Anonymous Coward · · Score: 0

      This seems an awesome possibility only to those who don't realise the preponderance of dynamically (and temporarily) assigned IP addresses.

      Even genuinely "static, permanent" IP addresses change hands sometimes and such changes of ownership of individual addresses are not passed on by the owners of IP blocks. While IPv4 lasts, there's nothing to worry about.

  36. Counter-argument by Slendro · · Score: 2, Informative

    I wrote an article back in 2002 (http://www.securityfocus.com/guest/16531), which was published on SecurityFocus, in response to Mullen's initial SecurityFocus article.

    Not having read the book, I can't be sure, but according to the review there didn't seem to be much of a dissenting opinion in the book on the question of whether aggressive tactics are desirable (or effective).

    That's unfortunate, since as you'll see in my article, I think a good argument can be made that aggressive network defense is both morally bankrupt and ultimately ineffective.

    --
    God is my Palm Pilot.
    1. Re:Counter-argument by RM6f9 · · Score: 1

      You might wish to read item 4 in your own article again, especially "disabling your opponent's attack" - if it is possible to remove the "weapon" from the attacker's "hand" (read "malware" and "computer"), is it wise to then return it to them?

      --
      Take the 90-Day Challenge! http://rwmurker.bodybyvi.com/
    2. Re:Counter-argument by scaltagi_the_pirate · · Score: 1

      I would strongly disagree, read ADAM in the book for a legally and ethically thorough argument for active response. To generally disregard active response is a mistake and shows that the topic is miscategorized to only include strike-back and hack-back methodologies. An argument can be made that aggressive tactics are ethically and legally questionable in certain situations - but not in ALL scenarios (e.g. air traffic control threats, national security/life/safety critical systems). Active response has a much broader definition than what you are eluding too.

    3. Re:Counter-argument by Thor+(Hammer+of+God) · · Score: 1

      No, what's unfortunate is that you didn't bother reading my strikeback white-paper before writing your SF piece... Just like you didn't bother reading any of the book before posting this response. My strikeback concept and code for the associated neutralizing agents were *never* self propagating or worm-like, yet you go out of your way to make it seem like they were... Not only is guidance offered, but a framework proposed that specifically addresses the questions of when, where, and how to strikeback, yet you say I offer "no boundaries of acceptable behavior" in your response piece. What is really frustrating is that these questions were answered before you even asked them, and that the white paper, its references, and my articles were all available at the time of your column, yet you didn't even bother reading them, or you would have known that. I also take it that you were not on hand for the BH conference you reference, as I went over it there as well... The white-paper and original articles are also in the book. About the only thing I agree with in your SF guest feature is that a security professional must have integrity. To me, integrity includes due diligence in researching subject matter before one purports to be an authority on it, particularly when you endeavor to be a critic. Timothy Mullen

    4. Re:Counter-argument by Slendro · · Score: 1

      Having reread your BH presentation, and read the white paper (which I, frankly, somehow didn't find at the time) I have to say: you're right and I'm wrong! I do have a caveat, but first: some public self-flagellation.

      I honestly don't recall how I could have missed the final few slides of your presentation, where you indeed answer the questions that I posed in my SF article, i.e. you set limits on what should be done. I have to say that my paper was way too harsh considering that fact.

      If it seemed like I was suggesting that your idea was to create a self-propagating countermeasure, then I am sorry for that. I can see now how you might think that from my sloppy wording, but that was not my intent, and I was aware that you were not suggesting that.

      I did read the Blackhat presentation, but I was unable to attend Blackhat because the company I worked for at the time couldn't pay the high fees.

      As far as not having read the book yet, I did say that up front--the only reason I decided to comment before reading the book was because (a) your BH presentation was cited as inspiration for the book and (b) Slashdot posts have a limited life, and commenting much later would have been pretty much useless. Since I have now embarassed myself more than you, I am sure you'll forgive me for speaking hastily.

      However, while your proposed method is indeed more "moral" than I suggested (amounting only to a host-specific network DoS rather than the more malicious options I listed), I think you still end up blurring the lines of acceptable behavior in a way that can be utilized by malicious parties. It makes it difficult to differentiate between those attacks which are authorized/acceptable and those which are not. Having a policy that _any_ unauthorized use is illegal is much simpler to enforce.

      In any case, I did indeed overlook some essential points of your argument when writing the SF article, and I'm sorry for that. That was inexcusably sloppy of me.

      --
      God is my Palm Pilot.
  37. I was disappointed with it. by Anonymous Coward · · Score: 0

    There was hardly any actual content about what to do to for "Aggressive Network Self-Defense". Just minor stuff in one chapter like changing the banner, and the only thing interesting I learned was about screwterm. A client side attack you can do when someone connects to a port you can trick them into executing a malicious command string. That's it.

  38. Usability? by Anonymous Coward · · Score: 0

    But blocking everything but the US isn't a problem?
    This won't work for most companies; after all this is a/the world wide web?

  39. Actually, they fought to a draw: by JimmytheGeek · · Score: 1

    http://interviews.slashdot.org/article.pl?sid=04/1 0/20/1518217&tid=192&tid=214&tid=126&tid=11

    4) Who would win? (Score:5, Funny) - by Call Me Black Cloud

    In a fight between you and William Gibson, who would win?

    Neal:

    You don't have to settle for mere idle speculation. Let me tell you how it came out on the three occasions when we did fight.

    The first time was a year or two after SNOW CRASH came out. I was doing a reading/signing at White Dwarf Books in Vancouver. Gibson stopped by to say hello and extended his hand as if to shake. But I remembered something Bruce Sterling had told me. For, at the time, Sterling and I had formed a pact to fight Gibson. Gibson had been regrown in a vat from scraps of DNA after Sterling had crashed an LNG tanker into Gibson's Stealth pleasure barge in the Straits of Juan de Fuca. During the regeneration process, telescoping Carbonite stilettos had been incorporated into Gibson's arms. Remembering this in the nick of time, I grabbed the signing table and flipped it up between us. Of course the Carbonite stilettos pierced it as if it were cork board, but this spoiled his aim long enough for me to whip my wakizashi out from between my shoulder blades and swing at his head. He deflected the blow with a force blast that sprained my wrist. The falling table knocked over a space heater and set fire to the store. Everyone else fled. Gibson and I dueled among blazing stacks of books for a while. Slowly I gained the upper hand, for, on defense, his Praying Mantis style was no match for my Flying Cloud technique. But I lost him behind a cloud of smoke. Then I had to get out of the place. The streets were crowded with his black-suited minions and I had to turn into a swarm of locusts and fly back to Seattle.

    The second time was a few years later when Gibson came through Seattle on his IDORU tour. Between doing some drive-by signings at local bookstores, he came and devastated my quarter of the city. I had been in a trance for seven days and seven nights and was unaware of these goings-on, but he came to me in a vision and taunted me, and left a message on my cellphone. That evening he was doing a reading at Kane Hall on the University of Washington campus. Swathed in black, I climbed to the top of the hall, mesmerized his snipers, sliced a hole in the roof using a plasma cutter, let myself into the catwalks above the stage, and then leapt down upon him from forty feet above. But I had forgotten that he had once studied in the same monastery as I, and knew all of my techniques. He rolled away at the last moment. I struck only the lectern, smashing it to kindling. Snatching up one jagged shard of oak I adopted the Mountain Tiger position just as you would expect. He pulled off his wireless mike and began to whirl it around his head. From there, the fight proceeded along predictable lines. As a stalemate developed we began to resort more and more to the use of pure energy, modulated by Red Lotus incantations of the third Sung group, which eventually to the collapse of the building's roof and the loss of eight hundred lives. But as they were only peasants, we did not care.

    Our third fight occurred at the Peace Arch on the U.S./Canadian border between Seattle and Vancouver. Gibson wished to retire from that sort of lifestyle that required ceaseless training in the martial arts and sleeping outdoors under the rain. He only wished to sit in his garden brushing out novels on rice paper. But honor dictated that he must fight me for a third time first. Of course the Peace Arch did not remain standing for long. Before long my sword arm hung useless at my side. One of my psi blasts kicked up a large divot of earth and rubble, uncovering a silver metallic object, hitherto buried, that seemed to have been crafted by an industrial designer. It was a nitro-veridian device that had been buried there by Sterling. We were able to fly clear before it detonated. The blast caused a seismic rupture that split off a sizable part of Ca

    1. Re:Actually, they fought to a draw: by Ryosen · · Score: 1

      Ahhhh, thanks for the memories!

      I'll second the notion of Gibson is crap. I've read several of his books and they were boring, contrived and incoherent. Stephenson was riveting, intelligent and didn't cheat. I haven't read the Baroque Cycle yet, but Cryptonomicron was fantastic.

      I've only heard two complaints levied against Stephenson. One, that his endings can be abrupt. I would have loved for Snow Crash to go on for another 20 pages. Second, that he has a large number of characters, as he does in Cryptonomicron. I chalk that complaint up to those who don't like to be challenged. Or read.

      I highly recommend Stephenson's works. But then, again, I also like Neil Gaiman, so who am I to judge?

      --

      Ryosen
      One man's "Troll, +1" is another man's "Insightful, +1".
    2. Re:Actually, they fought to a draw: by JimmytheGeek · · Score: 1

      I LOVE Neuromancer, but I haven't been able to finish some of the others.

      I've dug everything Stephenson wrote except Big U - he was still learning. Some nice ideas, but a little too easy, somehow. I may not get through Baroque Cycle. The first was o.k., but didn't grab me nearly as much as Cryptonomicon. I was looking forward to it, too. Mmmm...5000 pages of stephenson...I think part of my problem was in placing stephensonisms in a historical context. When people acted a little post-modern in the 1930s-40s in Cryptonomicon, they were still anatomically modern humans. Also, ODD anatomically modern humans, so grant the author latitude to describe odd behavior. Going back an extra 400 years, well, it took me out of the world of the story. You can be glib about total catastrophe if EVERYTHING is subject to glib, ironic detachment. But the seige of Vienna was too real, and to have characters react to that like they would to situations in Snow Crash - hmm. Couldn't buy it, I guess.

      Gaiman also can rock hard.

  40. Dshield! by JimmytheGeek · · Score: 2, Informative

    http://www.dshield.org/

  41. Script-fu by amcdiarmid · · Score: 0

    I deal with a graphics department: Login disclaimer:

    Lookout
    I know Script-fu

  42. Help..... Me..... by PooR_IndiaN · · Score: 1

    Can someone 'out there(As In - The US)' please get Syngress to "Force Replicate" this book to Local(As In - In~dia) Publishers cause i've read the sample chapter and boy, does it sound interesting... On a more serious note... Waiting for this book to hit the shelves in India (P.S. And if you're wondering, No, I'm not from Bangalore[If you know what I mean!])

    1. Re:Help..... Me..... by WilliamsA · · Score: 1

      I am the Publisher for Syngress. We are currently in negoatioations to have the book published in India. I will let you know as soon as soon as we have a deal in place and expected publication date.

    2. Re:Help..... Me..... by PooR_IndiaN · · Score: 1

      Well, Thank you for that!!! I'm new to slashdot and the reason i posted here is because of the book review. I've read (and OWN!) both the 'Stealing the Network' books and have constantly visited my local bookstore to check for other Syngress titles, but mostly to no avail, and don't get me started on the local publishers website(BTW, I DID NOT say that!).