Slashdot Mirror
Aggressive Network Self-Defense
Not being a big fan of most fiction (I tend to prefer history), it's hard to say definitively good or bad things about the quality of the writing. What I can say is that it's infinitely less irritating, and far more realistic, than Neal Stephenson's Cryptonomicon or Gibson's Neuromancer. No over-the-top smearing of adjectives to describe the mundane, and no unrealistic sequences of events. Then again, there's no character development and no real story progression, so it's not great fiction.
As a series of hacker vignettes, the book works just fine, and very well for the purposes at hand. Basically, what the authors want you to get from the book is two-fold: First, they want you to debate the issues around "strike back" attack methodologies. Several of the authors are open advocates of what are legal grey areas and open moral questions in the field of network security. Secondly, they want you to see how it's done, what you do when you actually use a tool to achieve a goal. Most books that do this, like Hacking Exposed, cover far more tools, but they usually do so without showing you each tool's use in a real-world scenario.
I won't bore you with a lengthy, detailed overview of the first part of the book. Like I said, it's a series of part fiction, part tutorial series of short stories. In them, you'll see tools like Metasploit, virus creation, some nmap, sniffers, and keystroke loggers, all in action, being used as an operator would use them, and achieving real goals. This is more valuable than a basic manual, and the stories themselves act as a nice setting. While not great fiction writers, the authors are decent enough at the job, and they write the technical material clearly.
The second part of the book is interesting. It makes up about a fifth of the book in volume, but a lot more in technical weight. The book bills this section as "The technologies and concepts behind network strike-back," and that's an accurate summary. It's a series of four unique perspectives and technical chapters that complement the rest of the book quite well.
The first introduces ADAM, the "Active Defense Algorithm and Model," which develops a methodology for network administrators to actively defend their networks against attacks. It's quite interesting, and brings together a number of risk models in an uncommon take. The authors are academic researchers from the University of Idaho, so it's a lot more academic than the previous material in Aggressive Network Self-Defense, but it formalizes a lot of the thinking that was present in the writing of the stories and techniques.
The second is Tim Mullen's classic "Defending your right to defend." This is the original position paper shared by Mullen with the information security community in 2002 or so. Here, Mullen makes a compelling case for actually striking back at worm infected hosts. After all, the position holds, someone should do something about them to help clean up the Internet. While it's a position I disagreed with at the time and still do, Mullen's writing is articulate and an important read. It really helps you understand a lot of the thinking that went into the book itself.
Dan Kaminsky wrote the next chapter, "MD5 to be considered harmful someday." Largely considered to be a follow-on to Joux and Wang's one-way hash function research, what it shows is how practical such an attack can be. Kaminsky never fails to come up with interesting ideas he puts into practice, and he adds another level of depth to this book.
Finally, Aggressive Network Self-Defense ends with an interesting paper, "When the tables turn: Passive strike-back." Like any good paper, it has a clear and thoughtful motivation, and really demonstrates the principles at play, namely building network resources that don't simply lure the attacker in, they trip her up. There are so many ways to do this, the authors show us, and ultimately it's almost fun. A good way to end the book.
An over-arching concern with the book that I have is the question of ethics. Mullen, in the foreword, states that he hopes the book stirs a debate about the ethics of the actions in the book. However, the book itself falls short in this area. Instead, sometimes the characters get busted, and sometimes they don't, but just because they didn't get caught doesn't mean some ethical lines weren't crossed. All too often the authors leave the ethical debate up in the air. While I prefer this to overt preaching or questions, the style leaves me wondering if this goal was achieved.
So, where do I stand on Aggressive Network Self-Defense? In the end, I like it, more so than a book like Hacking Exposed or other "hacking how-to" types. The style of presentation doesn't lend itself all that well to exploring a very wide number of tools, but it does give you a deeper context to see how they assemble into something larger. For many people I expect it will be a page turner, and I think the format has some utility, as shown here.
You can purchase Aggressive Network Self-Defense from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
The only three programs you need to know.
Pluralization does not need an apostrophe.
7f2c83031b3e693a86e2b0cc25df7ef7
Is there any recourse in taking aggressive counteraction against, for example, the hoards of chinese IPs that routinely probe and attack domestic hosts?
No, but I find the simplest thing to do is lookup the netblocks/ips for addresses I will be connecting to my SSH/OpenVPN from (in my case, work and my mobile phone GPRS provider) and then crafting a couple of iptables rules to only allow those addresses to connect. I find this cures half of the far east trying to connect :-)
Excellent work, editors, fixing the title like that. The "we're a bunch of whores" referrer link is still misspelled, with only one copy of the oh-so-precious letter g.
So close, and yet so far!
--grendel drago
Laws do not persuade just because they threaten. --Seneca
I am an author of ADAM (Ch 9) in the book, with Deb Frincke. I would like to point out that more information and resources on the topic of active defense and active response can be found at: http://www.activeresponse.org
Not sure if anyone has mentioned it yet, but port sentry with a little tweaking can clean up what you describe really well - automatically drops the results into a firewall or hosts.deny.
Only problem is that it's not much of a user friendly program, can on rare occurances block IP addresses that were not intended to be blocked, so it takes a little bit of an active hands on approach.
http://sourceforge.net/projects/sentrytools/
I wrote an article back in 2002 (http://www.securityfocus.com/guest/16531), which was published on SecurityFocus, in response to Mullen's initial SecurityFocus article.
Not having read the book, I can't be sure, but according to the review there didn't seem to be much of a dissenting opinion in the book on the question of whether aggressive tactics are desirable (or effective).
That's unfortunate, since as you'll see in my article, I think a good argument can be made that aggressive network defense is both morally bankrupt and ultimately ineffective.
God is my Palm Pilot.
For example:Note. Only turn on the output to log when you want to see what is going on. Otherwise, just comment out that line.
http://www.dshield.org/