View Larger Image	Ed Skoudis, Tom Liston Prentice Hall, Paperback, 2nd edition, Published December 2005, 784 pages, ISBN 0131481045
	List Price: $59.99 Our Price: $37.95 You Save: $22.04 (37% Off)
	Availability: Out-Of-Stock

Read an excerpt: Phase 3: Gaining Access Using Application and Operating System Attacks       Excerpt provided courtesy of Prentice-Hall PTR. Copyright © Pearson Education, Prentice Hall PTR. Written permission from the publisher is required for any use of this material.

People who purchase this book frequently purchase:

• Certified Ethical Hacker Exam Prep (Exam 312-50); Michael Gregg, $29.95, 46% Off!
• Hacking Exposed: Network Security Secrets & Solutions, 5th Edition; Joel Scambray, et al, $30.50, 39% Off!
• Real Digital Forensics: Computer Security and Incident Response; Keith J. Jones, et al, $37.95, 37% Off!
• Rootkits: Subverting the Windows Kernel; Greg Hoglund, et al, $34.50, 37% Off!

• Enterprise Computing : Security

• Prentice Hall

"I finally get it! I used to hear words like rootkit, buffer overflow, and idle scanning, and they just didn't make any sense. I asked other people and they didn't seem to know how these things work, or at least they couldn't explain them in a way that I could understand. Counter Hack Reloaded is the clearest explanation of these tools I have ever seen. Thank you!"
-- Stephen Northcutt, CEO, SANS Institute

"Ed Skoudis does it again! With this new edition, Ed takes a phenomenal work to the next level! This book is a "must-have" and a "must-read" for anyone remotely associated with computers and computer security."
-- Harlan Carvey, CISSP, author of Windows Forensics and Incident Recovery

"Ed Skoudis is a rare individual. He knows the innards of all the various systems, knows all the latest exploits and defenses, and yet is able to explain everything at just the right level. The first edition of Counter Hack was a fascinating read. It's technically intriguing and very clear. . . . A book on vulnerabilities, though, will get out of date, and so we definitely needed this updated and significantly rewritten second edition. This book is a wonderful overview of the field."
-- From the Foreword by Radia Perlman, series editor, The Radia Perlman Series in Computer Networking and Security; author of Interconnections; and coauthor of Network Security: Private Communications in a Public World

"What a great partnership! Ed Skoudis and Tom Liston share an uncanny talent for explaining even the most challenging security concepts in a clear and enjoyable manner. Counter Hack Reloaded is an indispensable resource for those who want to improve their defenses and understand the mechanics of computer attacks."
-- Lenny Zeltser, coauthor of Malware: Fighting Malicious Code

"In addition to having breadth of knowledge about and probing insights into network security, Ed Skoudis's real strength is in his ability to show complex topics in an understandable form. By the time he's done, what started off as a hopeless conglomeration of acronyms starts to sound comfortable and familiar. This book is your best source for understanding attack strategies, attack tools, and the defenses against both."
-- William Stearns, network security expert, www.stearns.org

"This book is a must-have for anyone in the Internet security game. It covers everything from the basic principles to the fine details of online attack methods and counter-strategies and is very engagingly written."
-- Warwick Ford, coauthor of Secure Electronic Commerce

For years, Counter Hack has been the primary resource for every network/system administrator and security professional who needs a deep, hands-on understanding of hacker attacks and countermeasures. Now, leading network security expert Ed Skoudis, with Tom Liston, has thoroughly updated this best-selling guide, showing how to defeat today's newest, most sophisticated, and most destructive attacks.

For this second edition, more than half the content is new and updated, including coverage of the latest hacker techniques for scanning networks, gaining and maintaining access, and preventing detection. The authors walk you through each attack and demystify every tool and tactic. You'll learn exactly how to establish effective defenses, recognize attacks in progress, and respond quickly and effectively in both UNIX/Linux and Windows environments.

Important features of this new edition include

• All-new "anatomy-of-an-attack" scenarios and tools
• An all-new section on wireless hacking: war driving, wireless sniffing attacks, and more
• Fully updated coverage of reconnaissance tools, including Nmap port scanning and "Google hacking"
• New coverage of tools for gaining access, including uncovering Windows and Linux vulnerabilities with Metasploit
• New information on dangerous, hard-to-detect, kernel-mode rootkits

Table of Contents

Foreword xxi

Preface Reloaded xxiii

About the Authors xxxi

Chapter 1: Introduction 1

The Computer World and the Golden Age of Hacking 2

Why This Book? 4

The Threat: Never Underestimate Your Adversary 7

A Note on Terminology and Iconography 12

Caveat: These Tools Could Hurt You 15

Organization of Rest of the Book 19

Summary 23

Chapter 2: Networking Overview: Pretty Much Everything You Need to Know About Networking to Follow the Rest of This Book 25

The OSI Reference Model and Protocol Layering 26

How Does TCP/IP Fit In? 28

Understanding TCP/IP 32

Transmission Control Protocol (TCP) 33

User Datagram Protocol (UDP) 41

Internet Protocol (IP) and Internet Control Message Protocol (ICMP) 44

ICMP 51

Other Network-Level Issues 53

Don’t Forget About the Data Link and Physical Layers! 66

Security Solutions for the Internet 75

Conclusion 86

Summary 87

Chapter 3: Linux and UNIX Overview: Pretty Much Everything You Need to Know About Linux and UNIX to Follow the Rest of This Book 91

Introduction 91

Architecture 95

Accounts and Groups 107

Linux and UNIX Permissions 110

Linux and UNIX Trust Relationships 115

Common Linux and UNIX Network Services 119

Conclusion 124

Summary 124

Chapter 4: Windows NT/2000/XP/2003 Overview: Pretty Much Everything You Need to Know About Windows to Follow the Rest of This Book 127

Introduction 127

A Brief History of Time 128

The Underlying Windows Operating System Architecture 133

How Windows Password Representations Are Derived 137

Kernel Mode 139

From Service Packs and Hotfixes to Windows Update and Beyond 141

Accounts and Groups 142

Privilege Control 147

Policies 149

Trust 152

Auditing 154

Object Access Control and Permissions 156

Network Security 160

Windows 2000 and Beyond: Welcome to the New Millennium 162

Conclusion 177

Summary 177

Chapter 5: Phase 1: Reconnaissance 183

Low-Technology Reconnaissance: Social Engineering, Caller ID Spoofing, Physical Break-In, and Dumpster Diving 184

Search the Fine Web (STFW) 195

Whois Databases: Treasure Chests of Information 212

The Domain Name System 220

General-Purpose Reconnaissance Tools 230

Conclusion 235

Summary 235

Chapter 6: Phase 2: Scanning 239

War Driving: Finding Wireless Access Points 240

War Dialing: Looking for Modems in All the Right Places 252

Network Mapping 261

Determining Open Ports Using Port Scanners 268

Vulnerability-Scanning Tools 307

Intrusion Detection System and Intrusion Prevention System Evasion 319

Conclusion 335

Summary 335

Chapter 7: Phase 3: Gaining Access Using Application and Operating System Attacks 339

Script Kiddie Exploit Trolling 339

Pragmatism for More Sophisticated Attackers 340

Buffer Overflow Exploits 342

Password Attacks 377

Web Application Attacks 406

Exploiting Browser Flaws 431

Conclusion 435

Summary 435

Chapter 8: Phase 3: Gaining Access Using Network Attacks 439

Sniffing 439

IP Address Spoofing 470

Session Hijacking 482

Netcat: A General-Purpose Network Tool 491

Conclusion 510

Summary 510

Chapter 9: Phase 3: Denial-of-Service Attacks 513

Locally Stopping Services 515

Locally Exhausting Resources 517

Remotely Stopping Services 518

Remotely Exhausting Resources 523

Conclusion 543

Summary 544

Chapter 10: Phase 4: Maintaining Access: Trojans, Backdoors, and Rootkits ... Oh My! 547

Trojan Horses 547

Backdoors 548

The Devious Duo: Backdoors Melded into Trojan Horses 553

Nasty: Application-Level Trojan Horse Backdoor Tools 555

Also Nasty: The Rise of the Bots 568

Additional Nastiness: Spyware Everywhere! 578

Defenses Against Application-Level Trojan Horse Backdoors, Bots, and Spyware 581

Even Nastier: User-Mode Rootkits 587

Defending Against User-Mode Rootkits 604

Nastiest: Kernel-Mode Rootkits 608

Defending Against Kernel-Mode Rootkits 616

Conclusion 623

Summary 623

Chapter 11: Phase 5: Covering Tracks and Hiding 627

Hiding Evidence by Altering Event Logs 628

Defenses Against Log and Accounting File Attacks 637

Creating Difficult-to-Find Files and Directories 641

Hiding Evidence on the Network: Covert Channels 647

Defenses Against Covert Channels 665

Conclusion 668

Summary 668

Chapter 12: Putting It All Together: Anatomy of an Attack 671

Scenario 1: Crouching Wi-Fi, Hidden Dragon 673

Scenario 2: Death of a Telecommuter 685

Scenario 3: The Manchurian Contractor 696

Conclusion 708

Summary 709

Chapter 13: The Future, References, and Conclusions 711

Where Are We Heading? 711

Keeping Up to Speed 715

Final Thoughts ... Live Long and Prosper 721

Summary 722

Index 723

About the Authors

Ed Skoudis is a founder and senior security consultant for the Washington, D.C.-based network security consultancy, Intelguardians Network Intelligence, LLC. His expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed numerous security assessments, designed information security governance and operations teams for Fortune 500 companies, and responded to computer attacks for clients in financial, high technology, health care, and other industries. Ed has demonstrated hacker techniques for the U.S. Senate and is a frequent speaker on issues associated with hacker tools and defenses. He was also awarded 2004 and 2005 Microsoft MVP awards for Windows Server Security and is an alumnus of the Honeynet Project. Prior to Intelguardians, Ed served as a security consultant with International Network Services (INS), Predictive Systems, Global Integrity, SAIC, and Bell Communications Research (Bellcore).

Tom Liston is a senior analyst for the Washington, D.C.-based network security consultancy, Intelguardians Network Intelligence, LLC. He is the author of the popular open source network tarpit, LaBrea, for which he was a finalist for eWeek and PC Magazine’s Innovations In Infrastructure (i3) award in 2002. He is one of the handlers at the SANS Institute’s Internet Storm Center, where he deals daily with cutting edge security issues and authors a popular series of articles under the title “Follow the Bouncing Malware.” Mr. Liston resides in the teeming metropolis of Johnsburg, Illinois, and has four beautiful children (who demanded to be mentioned): Mary, Maggie, Erin, and Victoria.

Forgot your password? FAQs Shipping Options Returns Your Orders Your Account