Hackers Beware (NewRiders -2002).pdf

Hackers Beware

Eric Cole

Publisher: New Riders Publishing

First Edition August 13, 2001

ISBN: 0-7357-1009-0, 800 pages

A good defense starts with a thorough understanding

of your opponent’s offense. Hackers Beware teaches

you how hackers think, what tools they use, and the

techniques they utilize to compromise a machine. Eric

Cole, a leading expert in information security, shows

you not only how to detect these attacks, but what

you can do to protect yourself against them. When it

comes to securing your site, knowledge is power. This

book gives you the knowledge to build a proper

defense against attackers.

FIRST EDITION: August, 2001

in any form or by any means, electronic or mechanical, including

photocopying, recording, or by any information storage and retrieval

system, without written permission from the publisher, except for the

inclusion of brief quotations in a review.

Library of Congress Catalog Card Number: 00102952

06 05 04 03 02 7 6 5 4 3 2 1

Interpretation of the printing code: The rightmost double-digit number is

the year of the book’s printing; the right-most single-digit number is the

number of the book’s printing. For example, the printing code 02-1 shows

that the first printing of the book occurred in 2002.

Composed in Bembo and MCPdigital by New Riders Publishing

Printed in the United States of America

Trademarks

All terms mentioned in this book that are known to be trademarks or

service marks have been appropriately capitalized. New Riders Publishing

cannot attest to the accuracy of this information. Use of a term in this

book should not be regarded as affecting the validity of any trademark or

service mark.

“ Hackers Beware “ New Riders Publishing

Warning and Disclaimer

This book is designed to provide information about computer security.

Every effort has been made to make this book as complete and as

accurate as possible, but no warranty or fitness is implied.

The information is provided on an as-is basis. The authors and New Riders

Publishing shall have neither liability nor responsibility to any person or

entity with respect to any loss or damages arising from the information

contained in this book or from the use of the discs or programs that may

accompany it.

Credits

Publisher

David Dwyer

Associate Publisher

Al Valvano

Executive Editor

Stephanie Wall

Managing Editor

Kristy Knoop

Product Marketing Manager

Stephanie Layton

Publicity Manager

Susan Nixon

Acquisitions Editor

Jeff Riley

Development Editors

Katherine Pendergast

Joell Smith

“ Hackers Beware “ New Riders Publishing

Project Editor

Sean Monkhouse

Copy Editors

Kelli Brooks

Sarah Cisco

Indexer

Christine Karpeles

Manufacturing Coordinator

Jim Conway

Book Designer

Louisa Klucznik

Cover Designer

Aren Howell

Proofreaders

Katherine Shull

Mitch Stark

Composition

Amy Parker

Rebecca Harmon

I would like to dedicate this book to my wonderful son, Jackson. He is a

blessing to me and brings joy and happiness to me every day.

Hackers Beware

About the Author

About the Technical Reviewers

Acknowledgments

“ Hackers Beware “ New Riders Publishing

Tell Us What You Think

Introduction

1. Introduction

The Golden Age of Hacking

How Bad Is the Problem?

What Are Companies Doing?

What Should Companies Be Doing?

Defense in Depth

Purpose of This Book

Legal Stuff

What’s Covered In This Book

Summary

2. How and Why Hackers Do It

What Is an Exploit?

The Attacker’s Process

The Types of Attacks

Categories of Exploits

Routes Attackers Use to Get In

Goals Attackers Try to Achieve

Summary

3. Information Gathering

Steps for Gathering Information

Information Gathering Summary

Red Teaming

Summary

4. Spoofing

Why Spoof?

Types of Spoofing

Summary

5. Session Hijacking

Spoofing versus Hijacking

Types of Session Hijacking

TCP/IP Concepts

Detailed Description of Session Hijacking

ACK Storms

Programs That Perform Hijacking

Dangers Posed by Hijacking

Protecting Against Session Hijacking

Summary

6. Denial of Service Attacks

What Is a Denial of Service Attack?

What Is a Distributed Denial of Service Attack?

Why Are They Difficult to Protect Against?

Types of Denial of Service Attacks

Tools for Running DOS Attacks

Tools for Running DDOS Attacks

Preventing Denial of Service Attacks

Preventing Distributed Denial of Service Attacks

Summary

“ Hackers Beware “ New Riders Publishing

7. Buffer Overflow Attacks

What Is a Buffer Overflow?

How Do Buffer Overflows Work?

Types of Buffer Overflow Attacks

Why Are So Many Programs Vulnerable?

Sample Buffer Overflow

Protecting Our Sample Application

Ten Buffer Overflow Attacks

Protection Against Buffer Overflow Attacks

Summary

8. Password Security

Typical Attack

The Current State of Passwords

History of Passwords

Future of Passwords

Password Management

Password Attacks

Summary

9. Microsoft NT Password Crackers

Where Are Passwords Stored in NT?

How Does NT Encrypt Passwords?

All Passwords Can Be Cracked (NT Just Makes It Easier)

NT Password-Cracking Programs

Comparison

Extracting Password Hashes

Protecting Against NT Password Crackers

Summary

10. UNIX Password Crackers

Where Are the Passwords Stored in UNIX?

How Does UNIX Encrypt Passwords?

UNIX Password-Cracking Programs

Comparison

Protecting Against UNIX Password Crackers

Summary

11. Fundamentals of Microsoft NT

Overview of NT Security

Availability of Source Code

NT Fundamentals

Summary

12. Specific Exploits for NT

Exploits for NT

Summary

13. Fundamentals of UNIX

Linux

Vulnerable Areas of UNIX

UNIX Fundamentals

Summary

14. Specific Exploits for UNIX

“ Hackers Beware “ New Riders Publishing

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: