Slashdot Mirror
Aggressive Network Self-Defense
Not being a big fan of most fiction (I tend to prefer history), it's hard to say definitively good or bad things about the quality of the writing. What I can say is that it's infinitely less irritating, and far more realistic, than Neal Stephenson's Cryptonomicon or Gibson's Neuromancer. No over-the-top smearing of adjectives to describe the mundane, and no unrealistic sequences of events. Then again, there's no character development and no real story progression, so it's not great fiction.
As a series of hacker vignettes, the book works just fine, and very well for the purposes at hand. Basically, what the authors want you to get from the book is two-fold: First, they want you to debate the issues around "strike back" attack methodologies. Several of the authors are open advocates of what are legal grey areas and open moral questions in the field of network security. Secondly, they want you to see how it's done, what you do when you actually use a tool to achieve a goal. Most books that do this, like Hacking Exposed, cover far more tools, but they usually do so without showing you each tool's use in a real-world scenario.
I won't bore you with a lengthy, detailed overview of the first part of the book. Like I said, it's a series of part fiction, part tutorial series of short stories. In them, you'll see tools like Metasploit, virus creation, some nmap, sniffers, and keystroke loggers, all in action, being used as an operator would use them, and achieving real goals. This is more valuable than a basic manual, and the stories themselves act as a nice setting. While not great fiction writers, the authors are decent enough at the job, and they write the technical material clearly.
The second part of the book is interesting. It makes up about a fifth of the book in volume, but a lot more in technical weight. The book bills this section as "The technologies and concepts behind network strike-back," and that's an accurate summary. It's a series of four unique perspectives and technical chapters that complement the rest of the book quite well.
The first introduces ADAM, the "Active Defense Algorithm and Model," which develops a methodology for network administrators to actively defend their networks against attacks. It's quite interesting, and brings together a number of risk models in an uncommon take. The authors are academic researchers from the University of Idaho, so it's a lot more academic than the previous material in Aggressive Network Self-Defense, but it formalizes a lot of the thinking that was present in the writing of the stories and techniques.
The second is Tim Mullen's classic "Defending your right to defend." This is the original position paper shared by Mullen with the information security community in 2002 or so. Here, Mullen makes a compelling case for actually striking back at worm infected hosts. After all, the position holds, someone should do something about them to help clean up the Internet. While it's a position I disagreed with at the time and still do, Mullen's writing is articulate and an important read. It really helps you understand a lot of the thinking that went into the book itself.
Dan Kaminsky wrote the next chapter, "MD5 to be considered harmful someday." Largely considered to be a follow-on to Joux and Wang's one-way hash function research, what it shows is how practical such an attack can be. Kaminsky never fails to come up with interesting ideas he puts into practice, and he adds another level of depth to this book.
Finally, Aggressive Network Self-Defense ends with an interesting paper, "When the tables turn: Passive strike-back." Like any good paper, it has a clear and thoughtful motivation, and really demonstrates the principles at play, namely building network resources that don't simply lure the attacker in, they trip her up. There are so many ways to do this, the authors show us, and ultimately it's almost fun. A good way to end the book.
An over-arching concern with the book that I have is the question of ethics. Mullen, in the foreword, states that he hopes the book stirs a debate about the ethics of the actions in the book. However, the book itself falls short in this area. Instead, sometimes the characters get busted, and sometimes they don't, but just because they didn't get caught doesn't mean some ethical lines weren't crossed. All too often the authors leave the ethical debate up in the air. While I prefer this to overt preaching or questions, the style leaves me wondering if this goal was achieved.
So, where do I stand on Aggressive Network Self-Defense? In the end, I like it, more so than a book like Hacking Exposed or other "hacking how-to" types. The style of presentation doesn't lend itself all that well to exploring a very wide number of tools, but it does give you a deeper context to see how they assemble into something larger. For many people I expect it will be a page turner, and I think the format has some utility, as shown here.
You can purchase Aggressive Network Self-Defense from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Smith and Wesson.
when you try to login and your network tells you
"I know Kung Fu"
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
...and it's great there's a book covering it. There are so very many security related tools available today, and the real problem nowadays is that few of them integrate in any usable manner. NIDS should integrate with each other and generate more comprehensive, multiperspective data about suspicious looking traffic. Networks should autoadapt to block malicious traffic.
The Army reading list
The only three programs you need to know.
While his proposed recommendations for network defense appear viable, nothing is more effective for protecting your computer than sucker-punching a random script-kiddy in the groin at a local LAN party.
...he's got some nifty visualizations of the MD5 attacks on his site; scroll down a page or so to see this and other images...
The Army reading list
Pluralization does not need an apostrophe.
Yep. Good job. *pat* *pat*
One thing that really bothers me are things like this in my logs:
Mar 2 22:42:37 inetd[32684]: refused connection from 210.29.1.3, service sshd (tcp)
Mar 2 22:42:38 inetd[1534]: ssh from 210.29.1.3 exceeded counts/min (limit 1/min)
Mar 2 22:43:09 last message repeated 38 times
Mar 2 22:45:09 last message repeated 114 times
Mar 2 22:55:10 last message repeated 644 times
Mar 2 23:05:10 last message repeated 509 times
I routinely run into foreign systems hitting my server at extraordinary rates. These seem to be bursts here and there, more looking to probe the system than DoS it but sometimes a DoS condition occurrs.
I routinely to an IPWHOIS of these locales and send e-mail to the IP administrators, but some of the foreign ones are unresponsive. So what can you do?
Are there any scripts out there that can automate the process of reporting system probes?
Is there any recourse in taking aggressive counteraction against, for example, the hoards of chinese IPs that routinely probe and attack domestic hosts?
Seems like this only verges on the edge of a how-to for network vigilantism - is there such a work?
Take the 90-Day Challenge! http://rwmurker.bodybyvi.com/
7f2c83031b3e693a86e2b0cc25df7ef7
Then again, there's no character development and no real story progression, so it's not great fiction.
Character development is massively overrated in lit. I'm not sure if this refers to how fleshed out a character is or how much he changes during the course of the story but in either case it saddens me to think that some people think this is the point of fiction.
Hey thats kinda like my network...
If someone attacks my network, it attacks them right back. You scaning my network ? then all my machines scans you right back. It also ddoses random webservers just for practice.
Excellent work, editors, fixing the title like that. The "we're a bunch of whores" referrer link is still misspelled, with only one copy of the oh-so-precious letter g.
So close, and yet so far!
--grendel drago
Laws do not persuade just because they threaten. --Seneca
I'm going to implement spamd (the tarpit), that's about as proactive I am at going out of my way on offence with my network. Up till now it's all be defense. What else can I do from a FreeBSD server, or an OpenBSD pf firewall box?
bo
bad_outlook
--
Is this vague enough for you?
I am an author of ADAM (Ch 9) in the book, with Deb Frincke. I would like to point out that more information and resources on the topic of active defense and active response can be found at: http://www.activeresponse.org
Heh, thanks :)
As long as we're discussing the MD5 stuff:
Slashdot
E-Print of the original paper
Vlastimil Kilma's research on the topic
The finally released paper by Xiaoyun Wang, the original discoverer of this attack
Enjoy!
--Dan
We meet again! :-)
The Army reading list
I think InterSlice sounds more frightening.
I don't get it.
Most of Gibson is crap. If you want interesting, *thoughtful* computer-related SF, read Vinge. He invented virtual reality with his short story "True Names", and has been ahead of just about everyone else ever since.
Media that can be recorded and distributed can be recorded and distributed.
-kfg
I worked on the book. Anyone interested in checking out a chapter can go to http://www.syngress.com/catalog/?pid=3190
In order (somewhat):
/. poster)
1. NMAP the offender.
2. NSLookup, Whois, etc. I even go so far as to use GeoIP to get city, state, ISP, etc. Get email addresses to send to.
3. Look for open proxies on the address in the case of SPAM. If so, just drop the search there.
4. Nessus check for potential vulns that might have been exploited by common/known worms. Essentially, find how they were exploited, and if there is no known reason, assume they are malicious.
5. Take necessary actions to blacklist or block the IP on the offending protocol, or in some rare cases, kill the IP altogether. (rarer cases, the subnet)
6. Google. You'd be amazed at what I can do here. I put in the direct IP, I put in email addresses I've collected to find out where the person posts, etc. I get to know the individual, who they are, and further deduce if they are malicious. I used to even go so far as to imiate someone of the opposite sex their age and talk to them on their favorite IM and ask them if they are a h4x0r and can help me "get back at my brother, the bully at school, the girl that stole my boyfriend" etc. (never assume the gender of a
7. Email at a minimum 5 people, including Incident Response (https://forms.us-cert.gov/report/), the offending ISP, any emails off of the website of the IP in question, etc. Half the emails I CC just so that the individuals take the email seriously. Occasionally these will contain logs, IM logs, who the person is, what they do in their spare time, what forums they visit, their picture (if any) and etc. I do this from a TOR-accessed Hushmail account, so no one knows who the hell it is. One time I sent the email to the offender's mother. He sure thanked me with some profanities on that one (which were subsequently forwarded to his mother).
There's ways of "attacking back" in such a way that script kiddies die out, but you have to totally overwhelm them with your sheer capability to outsmart them.
Let's face it, we're all guilty of being lax in our network activity and leave IP trails on logs that Google indexes. It makes no sense to sit back and complain about script kiddies when it's quite obvious that we're unwilling to take them to task when they probe. The information is there, you just gotta do some digging and learn how to use Google's Advanced features. It's important to make your response to their actions overwhelming, so they are never tempted to turn back to random probing again.
One way to help thin this sort of thing down a bit is to use a non-standard high port (above 1024) for your SSH daemon.
This keeps the 5|<r1p7 |<1dd3z from being able to trivially find you SSH server.
Ideally, you want to do this in combination with code that watches for a port-scan and adds a firewall rule to block the scanning address.
Yes, this won't completely stop abuses of your SSH server - there's always a chance that somebody will stumble across it, so you should keep it up to date on security patches and disable password login (in other words REQUIRE a keypair to access). But this greatly reduces the amount of crap
www.eFax.com are spammers
Awesome, thanks! I was also told to read Snowcrash for good SF.
One cannot reasonably argue that an opinion is wrong. Opinions, as they say, are like assholes, everyone has one. As a William Gibson "fan boy" you could say that I don't share your view of Neuromancer. In my opinion Gibson is one of the best writers of this century.
Not hard to set up snort+iptables to automatically set up entries to DROP packets from probing hosts. Response is not instantaneous if you're just getting scanned quickly by random lusers from some backwoods Chinese technical college (probably their idea of a lab assignment). Of somewhat limited use for ports inside firewall, but a lot of firewalls these days have snort-like capabilities anyway.
Port scans are part of the business. I don't care who scans me - only port 22, 80, and 443 are open, so what?
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
This brings us to an issue I've wondered about for a long, long time.
Where are the detailed IP databases? Who is compiling them? (You know some intelligence and other agencies are surely generating these database, but are there any that are public other than the search engines?)
Google would be great if you could put in an IP and get a list of all the things that IP searched on. Imagine the possibilities in tracking people down. Yes, a huge security issue, but you know it's being done. A few select corporations and government agencies probably have the means to profile IP addresses. It's just a matter of time before this information is more widely accessible in an organized format.
I wrote an article back in 2002 (http://www.securityfocus.com/guest/16531), which was published on SecurityFocus, in response to Mullen's initial SecurityFocus article.
Not having read the book, I can't be sure, but according to the review there didn't seem to be much of a dissenting opinion in the book on the question of whether aggressive tactics are desirable (or effective).
That's unfortunate, since as you'll see in my article, I think a good argument can be made that aggressive network defense is both morally bankrupt and ultimately ineffective.
God is my Palm Pilot.
Yes, take it down, just don't trash it. Some of these people will never suspect a problem unless their equipment gets knocked out. They'll then notice, hopefully take a look at some logs, and deduce that they've been messed with, and hopefully do something to fix the problem.
If not, then keep thumping them to keep their infected shit off the net and from bothering others.
Yes, Stephenson kicks Gibson's ass.
Media that can be recorded and distributed can be recorded and distributed.
-kfg
Thoughtful characterizes the man indeed- in his writing and his person. I've had the fortune to meet Vinge, and a dozen or so other prominent writers, at conventions and other events, and Vinge stands out in his demeanor and presence. When not speaking, or being spoken to, he rarely seems to make eye contact, but scribbles and scratches in his notes, furitively glancing around him. His voice is soft and tentative, almost every statement he makes is qualified by "I'm not sure, but this is what I see happening..."
From a casual meeting, you wouldn't think of him as authoritative, for lack of self-aggrandisment. I've met several of his former students in the area, who've gushed about how difficult, but rewarding it was to work with him- they're surprised to hear he's a SF writer.
It will be interesting to see where his fiction goes, now that he's moved on from the churn of Academic computer science. Will he continue to be "ahead of just about everyone else"? Perhaps. I suspect that he will continue to be *thoughtful*.
http://interviews.slashdot.org/article.pl?sid=04/1 0/20/1518217&tid=192&tid=214&tid=126&tid=11
4) Who would win? (Score:5, Funny) - by Call Me Black Cloud
In a fight between you and William Gibson, who would win?
Neal:
You don't have to settle for mere idle speculation. Let me tell you how it came out on the three occasions when we did fight.
The first time was a year or two after SNOW CRASH came out. I was doing a reading/signing at White Dwarf Books in Vancouver. Gibson stopped by to say hello and extended his hand as if to shake. But I remembered something Bruce Sterling had told me. For, at the time, Sterling and I had formed a pact to fight Gibson. Gibson had been regrown in a vat from scraps of DNA after Sterling had crashed an LNG tanker into Gibson's Stealth pleasure barge in the Straits of Juan de Fuca. During the regeneration process, telescoping Carbonite stilettos had been incorporated into Gibson's arms. Remembering this in the nick of time, I grabbed the signing table and flipped it up between us. Of course the Carbonite stilettos pierced it as if it were cork board, but this spoiled his aim long enough for me to whip my wakizashi out from between my shoulder blades and swing at his head. He deflected the blow with a force blast that sprained my wrist. The falling table knocked over a space heater and set fire to the store. Everyone else fled. Gibson and I dueled among blazing stacks of books for a while. Slowly I gained the upper hand, for, on defense, his Praying Mantis style was no match for my Flying Cloud technique. But I lost him behind a cloud of smoke. Then I had to get out of the place. The streets were crowded with his black-suited minions and I had to turn into a swarm of locusts and fly back to Seattle.
The second time was a few years later when Gibson came through Seattle on his IDORU tour. Between doing some drive-by signings at local bookstores, he came and devastated my quarter of the city. I had been in a trance for seven days and seven nights and was unaware of these goings-on, but he came to me in a vision and taunted me, and left a message on my cellphone. That evening he was doing a reading at Kane Hall on the University of Washington campus. Swathed in black, I climbed to the top of the hall, mesmerized his snipers, sliced a hole in the roof using a plasma cutter, let myself into the catwalks above the stage, and then leapt down upon him from forty feet above. But I had forgotten that he had once studied in the same monastery as I, and knew all of my techniques. He rolled away at the last moment. I struck only the lectern, smashing it to kindling. Snatching up one jagged shard of oak I adopted the Mountain Tiger position just as you would expect. He pulled off his wireless mike and began to whirl it around his head. From there, the fight proceeded along predictable lines. As a stalemate developed we began to resort more and more to the use of pure energy, modulated by Red Lotus incantations of the third Sung group, which eventually to the collapse of the building's roof and the loss of eight hundred lives. But as they were only peasants, we did not care.
Our third fight occurred at the Peace Arch on the U.S./Canadian border between Seattle and Vancouver. Gibson wished to retire from that sort of lifestyle that required ceaseless training in the martial arts and sleeping outdoors under the rain. He only wished to sit in his garden brushing out novels on rice paper. But honor dictated that he must fight me for a third time first. Of course the Peace Arch did not remain standing for long. Before long my sword arm hung useless at my side. One of my psi blasts kicked up a large divot of earth and rubble, uncovering a silver metallic object, hitherto buried, that seemed to have been crafted by an industrial designer. It was a nitro-veridian device that had been buried there by Sterling. We were able to fly clear before it detonated. The blast caused a seismic rupture that split off a sizable part of Ca
http://www.dshield.org/
Thank you for your concise and interesting review.
Now fuck off.
You're the moron who comes out of EVERY movie theater I've ever been in saying, loudly, so everyone in the lobby can hear, "Well, THAT SUCKED!"
Nobody gives a shit what you think.
Besides which, your review is crap because you obviously have no fucking clue what the story was about because you have no fucking clue why the characters did what they did.
Take your no fucking clueless self elsewhere.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Actually I hate the people that talk loudly after watching the movie like they are arrogant too. But I keep seeing Neuromancer mentioned in geek circles as if it's on the level of Foundation, Mote in God's Eye, Stranger in a Strange Land, and other Science Fiction novels. It's a REALLY bad story. I hope Gibson has improved since, but no part of me cares to read anymore to find out.
And your username would indicate so. :)
I just don't see what the hoopla is. I keep seeing Neuromancer mentioned in geek circles as if it's on the level of Foundation, Mote in God's Eye, Stranger in a Strange Land, and other Science Fiction novels. It's a REALLY bad story, but beautiful world and environment.
I hope Gibson has improved since, but no part of me cares to read anymore of his work to find out.
No, I'm not criticizing Cryptonomicon. I said I haven't read it so I can't speak about it. But Neuromancer is ALWAYS mentioned as some SF masterpiece when the story itself wasn't good, but the world and environment were.
Diversity of opinion is what makes the world interesting. So I respect the fact that you don't like Gibson.
Obviously my take on things is different. In my opinion Stranger in a Strange Land is a work that would appeal only to teenagers. I liked Mote in God's Eye but I don't find it more than entertaining.
In contrast there are parts of Neuromancer that fascinate me. The description of Tessier-Ashpool as a wasp like organism.
Perhaps Neuromancer is a generational thing. My parents generation love On the Road by Jack Kerouac which I hate.
lol, I love "On the Road"! Well, I take that back cause I never read the whole thing. But his descriptions of events and travelogues in general fascinate me. It's the book that defines the beatniks, so your parents must have loved the free life that existed then.
Can someone 'out there(As In - The US)' please get Syngress to "Force Replicate" this book to Local(As In - In~dia) Publishers cause i've read the sample chapter and boy, does it sound interesting... On a more serious note... Waiting for this book to hit the shelves in India (P.S. And if you're wondering, No, I'm not from Bangalore[If you know what I mean!])