Cover image for Silence on the Wire

Book description

There are many ways that a potential attacker can intercept information, or learn more about the sender, as the information travels over a network. Silence on the Wire uncovers these silent attacks so that system administrators can defend against them, as well as better understand and monitor their systems.

Silence on the Wire dissects several unique and fascinating security and privacy problems associated with the technologies and protocols used in everyday computing, and shows how to use this knowledge to learn more about others or to better defend systems. By taking an indepth look at modern computing, from hardware on up, the book helps the system administrator to better understand security issues, and to approach networking from a new, more creative perspective. The sys admin can apply this knowledge to network monitoring, policy enforcement, evidence analysis, IDS, honeypots, firewalls, and forensics.

Table of Contents

  1. Silence on the Wire
  2. Foreword
  3. Introduction
    1. A Few Words about Me
    2. About This Book
  4. I. The Source
    1. 1. I Can Hear You Typing
      1. The Need for Randomness
        1. Automated Random Number Generation
      2. The Security of Random Number Generators
      3. I/O Entropy: This Is Your Mouse Speaking
        1. Delivering Interrupts: A Practical Example
        2. One-Way Shortcut Functions
        3. The Importance of Being Pedantic
      4. Entropy Is a Terrible Thing to Waste
      5. Attack: The Implications of a Sudden Paradigm Shift
        1. A Closer Look at Input Timing Patterns
        2. Immediate Defense Tactics
        3. Hardware RNG: A Better Solution?
      6. Food for Thought
        1. Remote Timing Attacks
        2. Exploiting System Diagnostics
        3. Reproducible Unpredictability
    2. 2. Extra Efforts Never Go Unnoticed
      1. Boole’s Heritage
      2. Toward the Universal Operator
        1. DeMorgan at Work
        2. Convenience Is a Necessity
        3. Embracing the Complexity
      3. Toward the Material World
      4. A Nonelectric Computer
      5. A Marginally More Popular Computer Design
        1. Logic Gates
      6. From Logic Operators to Calculations
      7. From Electronic Egg Timer to Computer
      8. Turing and Instruction Set Complexity
        1. Functionality, at Last
        2. Holy Grail: The Programmable Computer
        3. Advancement through Simplicity
        4. Split the Task
        5. Execution Stages
        6. The Lesser Memory
        7. Do More at Once: Pipelining
        8. The Big Problem with Pipelines
      9. Implications: Subtle Differences
        1. Using Timing Patterns to Reconstruct Data
        2. Bit by Bit . . .
      10. In Practice
        1. Early-Out Optimization
        2. Working Code—Do It Yourself
      11. Prevention
      12. Food for Thought
    3. 3. Ten Heads of the Hydra
      1. Revealing Emissions: TEMPEST in the TV
      2. Privacy, Limited
        1. Tracking the Source: “He Did It!”
        2. “Oops” Exposure: *_~1q'@@ . . . and the Password Is . . .
    4. 4. Working for the Common Good
  5. II. Safe Harbor
    1. 5. Blinkenlights
      1. The Art of Transmitting Data
        1. From Your Email to Loud Noises . . . Back and Forth
        2. The Day Today
        3. Sometimes, a Modem Is Just a Modem
        4. Collisions Under Control
        5. Behind the Scenes: Wiring Soup and How We Dealt with It
        6. Blinkenlights in Communications
      2. The Implications of Aesthetics
      3. Building Your Own Spy Gear . . .
      4. . . . And Using It with a Computer
      5. Preventing Blinkenlights Data Disclosure—and Why It Will Fail
      6. Food for Thought
    2. 6. Echoes of the Past
      1. Building the Tower of Babel
        1. The OSI Model
      2. The Missing Sentence
      3. Food for Thought
    3. 7. Secure in Switched Networks
      1. Some Theory
        1. Address Resolution and Switching
        2. Virtual Networks and Traffic Management
      2. Attacking the Architecture
        1. CAM and Traffic Interception
        2. Other Attack Scenarios: DTP, STP, Trunks
      3. Prevention of Attacks
      4. Food for Thought
    4. 8. Us versus Them
      1. Logical Blinkenlights and Their Unusual Application
        1. Show Me Your Typing, and I Will Tell You Who You Are
      2. The Unexpected Bits: Personal Data All Around
      3. Wi-Fi Vulnerabilities
  6. III. Out in the Wild
    1. 9. Foreign Accent
      1. The Language of the Internet
        1. Naive Routing
        2. Routing in the Real World
        3. The Address Space
        4. Fingerprints on the Envelope
      2. Internet Protocol
        1. Protocol Version
        2. The Header Length Field
        3. The Type of Service Field (Eight Bits)
        4. The Total Packet Length (16 Bits)
        5. The Source Address
        6. The Destination Address
        7. The Fourth Layer Protocol Identifier
        8. Time to Live (TTL)
        9. Flags and Offset Parameters
        10. Identification Number
        11. Checksum
      3. Beyond Internet Protocol
      4. User Datagram Protocol
        1. Introduction to Port Addressing
        2. UDP Header Summary
      5. Transmission Control Protocol Packets
        1. Control Flags: The TCP Handshake
        2. Other TCP Header Parameters
        3. TCP Options
      6. Internet Control Message Protocol Packets
      7. Enter Passive Fingerprinting
        1. Examining IP Packets: The Early Days
        2. Initial Time to Live (IP Layer)
        3. The Don’t Fragment Flag (IP Layer)
        4. The IP ID Number (IP Layer)
        5. Type of Service (IP Layer)
        6. Nonzero Unused and Must Be Zero Fields (IP and TCP Layers)
        7. Source Port (TCP Layer)
        8. Window Size (TCP Layer)
        9. Urgent Pointer and Acknowledgment Number Values (TCP Layer)
        10. Options Order and Settings (TCP Layer)
        11. Window Scale (TCP Layer, Option)
        12. Maximum Segment Size (TCP Layer, Option)
        13. Time-Stamp Data (TCP Layer, Option)
        14. Other Passive Fingerprinting Venues
      8. Passive Fingerprinting in Practice
      9. Exploring Passive-Fingerprinting Applications
        1. Collecting Statistical Data and Incident Logging
        2. Content Optimization
        3. Policy Enforcement
        4. Poor Man’s Security
        5. Security Testing and Preattack Assessment
        6. Customer Profiling and Privacy Invasion
        7. Espionage and Covert Reconnaissance
      10. Prevention of Fingerprinting
      11. Food for Thought: The Fatal Flaw of IP Fragmentation
        1. Breaking TCP into Fragments
    2. 10. Advanced Sheep-Counting Strategies
      1. Benefits and Liabilities of Traditional Passive Fingerprinting
      2. A Brief History of Sequence Numbers
      3. Getting More Out of Sequence Numbers
      4. Delayed Coordinates: Taking Pictures of Time Sequences
      5. Pretty Pictures: TCP/IP Stack Gallery
      6. Attacking with Attractors
      7. Back to System Fingerprinting
        1. ISNProber—Theory in Action
      8. Preventing Passive Analysis
      9. Food for Thought
    3. 11. In Recognition of Anomalies
      1. Packet Firewall Basics
        1. Stateless Filtering and Fragmentation
        2. Stateless Filtering and Out-of-Sync Traffic
        3. Stateful Packet Filters
        4. Packet Rewriting and NAT
        5. Lost in Translation
      2. The Consequences of Masquerading
      3. Segment Size Roulette
      4. Stateful Tracking and Unexpected Responses
      5. Reliability or Performance: The DF Bit Controversy
        1. Path MTU Discovery Failure Scenarios
        2. The Fight against PMTUD, and Its Fallout
      6. Food for Thought
    4. 12. Stack Data Leaks
      1. Kristjan’s Server
      2. Surprising Findings
      3. Revelation: Phenomenon Reproduced
      4. Food for Thought
    5. 13. Smoke and Mirrors
      1. Abusing IP: Advanced Port Scanning
        1. Tree in the Forest: Hiding Yourself
        2. Idle Scanning
      2. Defense against Idle Scanning
      3. Food for Thought
    6. 14. Client Identification: Papers, Please!
      1. Camouflage
        1. Approaching the Problem
        2. Towards a Solution
      2. A (Very) Brief History of the Web
      3. A HyperText Transfer Protocol Primer
      4. Making HTTP Better
        1. Latency Reduction: A Nasty Kludge
        2. Content Caching
        3. Managing Sessions: Cookies
        4. When Cookies and Caches Mix
        5. Preventing the Cache Cookie Attack
      5. Uncovering Treasons
        1. A Trivial Case of Behavioral Analysis
        2. Giving Pretty Pictures Meaning
        3. Beyond the Engine . . .
        4. . . . And Beyond Identification
      6. Prevention
      7. Food for Thought
    7. 15. The Benefits of Being a Victim
      1. Defining Attacker Metrics
      2. Protecting Yourself: Observing Observations
      3. Food for Thought
  7. IV. The Big Picture
    1. 16. Parasitic Computing, or How Pennies Add Up
      1. Nibbling at the CPU
      2. Practical Considerations
      3. Parasitic Storage: The Early Days
      4. Making Parasitic Storage Feasible
      5. Applications, Social Considerations, and Defense
      6. Food for Thought
    2. 17. Topology of the Network
      1. Capturing the Moment
      2. Using Topology Data for Origin Identification
      3. Network Triangulation with Mesh-Type Topology Data
      4. Network Stress Analysis
      5. Food for Thought
    3. 18. Watching the Void
      1. Direct Observation Tactics
      2. Attack Fallout Traffic Analysis
      3. Detecting Malformed or Misdirected Data
      4. Food for Thought
  8. A. Closing Words
  9. B. Bibliographic Notes
        1. Chapter 1
        2. Chapter 2
        3. Chapter 3
        4. Chapter 5
        5. Chapter 6
        6. Chapter 7
        7. Chapter 8
        8. Chapter 9
        9. Chapter 10
        10. Chapter 11
        11. Chapter 13
        12. Chapter 14
        13. Chapter 15
        14. Chapter 16
        15. Chapter 17
        16. Chapter 18
  10. Index
  11. Updates