Silence on the Wire

A Field Guide to Passive Reconnaissance and Indirect Attacks

by Michal Zalewski

April 2005, 312 pp.

ISBN-13:

9781593270469

Download Chapter 5: Blinkenlights

Author Michal Zalewski has long been known and respected in the hacking and security communities for his intelligence, curiosity and creativity, and this book is truly unlike anything else out there. In Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks, Zalewski shares his expertise and experience to explain how computers and networks work, how information is processed and delivered, and what security threats lurk in the shadows. No humdrum technical white paper or how-to manual for protecting one's network, this book is a fascinating narrative that explores a variety of unique, uncommon and often quite elegant security challenges that defy classification and eschew the traditional attacker-victim model.

Author Bio

Michal Zalewski is a security researcher who has worked on topics ranging from hardware and OS design principles to networking. He has published research on many security topics and has worked for the past eight years in the InfoSec field for a number of reputable companies, including two major telecommunications firms. His website is available here.

Table of contents

FOREWORD
by Solar Designer

INTRODUCTION

PART I: THE SOURCE
On the problems that surface long before one sends any information over the network

CHAPTER 1: I CAN HEAR YOU TYPING
Where we investigate how your keystrokes can be monitored from far, far away

CHAPTER 2: EXTRA EFFORTS NEVER GO UNNOTICED
Where we learn how to build a wooden computer and how to obtain information from watching a real computer run

CHAPTER 3: TEN HEADS OF THE HYDRA
Where we explore several other tempting scenarios that occur very early on in the process of communications

CHAPTER 4: WORKING FOR THE COMMON GOOD
Where a question of how the computer may determine the intent of its user is raised and left unanswered

PART II: SAFE HARBOR
On the threats that lurk in between the computer and the Internet

CHAPTER 5: BLINKENLIGHTS
Where we conclude that pretty can also be deadly, and we learn to read from LEDs

CHAPTER 6: ECHOES OF THE PAST
Where, on the example of a curious Ethernet flaw, we learn that it is good to speak precisely

CHAPTER 7: SECURE IN SWITCHED NETWORKS
Or, why Ethernet LANs cannot be quite fixed, no matter how hard we try

CHAPTER 8: US VERSUS THEM
What else can happen in the local perimeter of "our" network? Quite a bit!

PART III: OUT IN THE WILD
Once you are on the Internet, it gets dirty

CHAPTER 9: FOREIGN ACCENT
Passive fingerprinting: subtle differences in how we behave can help others tell who we are

CHAPTER 10: ADVANCED SHEEP-COUNTING STRATEGIES
Where we dissect the ancient art of determining network architecture and computer's whereabouts

CHAPTER 11: IN RECOGNITION OF ANOMALIES
Or what can be learned from subtle imperfections of network traffic

CHAPTER 12: STACK DATA LEAKS
Where you will find yet another short story on where to find what we did not intend to send out at all

CHAPTER 13: SMOKE AND MIRRORS
Or how to disappear with grace

CHAPTER 14: CLIENT IDENTIFICATION: PAPERS, PLEASE!
Seeing through a thin disguise may come in handy on many occasions

CHAPTER 15: THE BENEFITS OF BEING A VICTIM
In which we conclude that approaching life with due optimism may help us track down the attacker

PART IV: THE BIG PICTURE
Our legal department advised us not to say "the network is the computer" here

CHAPTER 16: PARASITIC COMPUTING, OR HOW PENNIES ADD UP
Where the old truth that having an army of minions is better than doing the job yourself is once again confirmed

CHAPTER 17: TOPOLOGY OF THE NETWORK
On how the knowledge of the world around us may help track down rogue attackers

CHAPTER 18: WATCHING THE VOID
When looking down the abyss, what does not kill us makes us stronger

CLOSING WORDS
Where the book is about to conclude

BIBLIOGRAPHIC NOTES

INDEX

Reviews

"What Good Technical Books Adorn Your Library?" posting cites Silence on the Wire and Hacking: The Art of Exploitation.
—Slashdot, November 15, 2006 (Read more)

"Definitely not the everyday security book for everyday problems. You're in the target audience if you enjoy the fun of the unexpected . . . You'll have fun with this book."
—Technocrat, April 18, 2006 (Read more)

Included in roundup of "Books on the latest hardware and software programs for technology directors and IT staff"
—District Administration, March 2006 (Read more)

"Overall, I enjoyed reading the book, I found much of the information presented to be fascinating (and a bit scary)."
—Larry Osterman blog, March 10, 2006 (Read more)

"There's plenty to like in this book if you look for the details that interest you."
—Tao Security, March 16, 2006 (Read more)

"In this text the author is showing off visions and possibilities, drawing a sort of 'zen of security' that is a in-depth technical description of possible (or already started) scenarios."
—Neural Magazine, January 2006 (Read more)

Thumbs-up recommendation: "Thought-provoking... paints a sobering picture of just how hard it is to ensure any kind of privacy in the electronic age."
—Dr. Dobb’s Journal, November 2005 (Read more)

"Quite interesting for those who are interested in security whether it would be local security or network security."
—GNUMan.com, November 3, 2005 (Read more)

"If you are a 'hacker' type in the old sense of the word, fond of taking things apart to see how they work, and you have any interest in security, you will probably find significant portions of this book intriguing."
—;login:, October 2005 (Read more)

Included in feature on recommended security books. Five stars: "Packs in tons of information."
—CSO Magazine, September 2005 (Read more)

"Interesting reading for full-on paranoids, hackers, and people involved in coding and security."
—M Station, September 2005 (Read more)

Interview with Michal Zalewski
—ONLamp.com, August 25, 2005 (Read more)

"Informed and informative, thoughtful and though-provoking… enthusiastically recommended to the attention of technophiles."
—Reviewer’s Bookwatch in Midwest Book Review, August 2005 (Read more)

"The amount of detail is stunning for such a small volume and the examples are amazing... You will definitely think different after reading this title."
—INSecure Magazine, August 2005, plus an interview with author Michal Zalewski (Read more)

"It isn’t dry and pedantic–it’s juicy and enticing. The more you read, the more you want to know… This is a marvelous book for the active mind of the intellectually curious."
—Tuscon Computer Society, July/August 2005 (Read more)

Solar Designer, the book’s technical reviewer, posted "A tribute to ‘Silence on the Wire’" on The Openwall Project's site. (Read more)

Article about IE browser flaw discovered by Zalewski
—The Inquirer UK, July 19, 2005 (Read more)

Book reviewed by host
—Usual Suspects Radio Show, July 12, 2005 (Read more)

"For the pure information security specialist this book is pure gold… I
could also see this being an excellent supplementary text for a
university-level course in information security."
—Windows Security, July 5, 2005 (Full review)

"Totally rises head and shoulders above other such security-related title… It’s hard to find a work to compare in any field of computational study, let alone security."
—Linux User & Developer, July 2005 (Full review)

"An out-of-the-box, thought-provoking book that escapes the everyday
standard security practice discussions of firewalls and social
engineering… This is the stuff of spy novels and CIA and NSA legend."
—asp.netPRO, July 2005 (Full review)

"Excellent! This is one that I would dub a "must read" for anyone
working directly with network security."
—About.com, July 2005 (Full review)

"A whirlwind of deep technical information that gets to the very
underpinning of computer security… makes you think about serious
security problems that you never thought of before, or were even aware
existed. Read it and get ready to be humbled."
—UNIX Review, July 2005 (Full review)

"Deserves the widest possible readership for its powerful message on
computer vulnerabilities in a today's computer-oriented society."
—Midwest Book Review, July 2005 (Full review)

"It is not a security text, by any means, but rather a series of
explorations that take our ‘professional paranoid’ mentality and examine
some issues we seldom consider."
—Internet Review Project, July 2005 (Full review)

"A very good introduction to the intricacies of certain security
problems and a very extensive guide to passive reconnaissance."
—Flavio’s TechnoTalk, June 24, 2005 (Full review)

Article entitled, "Analyzing esoteric attacks highlights where security
can succeed and how secure devices can fail in unforeseen ways;"
"Do-it-yourself ethos pervades the book… this broad mindset can uncover
major security flaws — but not where you’d think to look."
—Enterprise Systems, June 22, 2005 (Full review)

Included in book roundup in Tech Talk column: "offers true insight into
the top high-tech concern of our times."
—St. Louis Post-Dispatch, June 17, 2005 (Full review)

"Read this to expand your horizons, not to solve today's issue… The book
is well produced. In contrast to many of today's publications, it is
mercifully free of typos and well organized."
—Beryllium Sphere, June 13, 2005 (Full review)

Q&A with Michal Zalewski; follow up to book review from previous week
—TechIMO, June 13, 2005 (Full review)

"A refreshing departure from most technical books… demonstrates how to
look at things in a new light and find connections that aren't
immediately obvious: not only thinking outside the box, but twisting the
box, shaking it, and finding a way to exploit it."
—WatchGuard Wire, June 13, 2005 (Full review)

9/10 ranking: "Adds an innovative twist to otherwise boring aspects of network security... The descriptions of indirect attacks that can be waged on computer systems or networks alone are worth the cost, as they will provide hours of enjoyable reading for any self-proclaimed security enthusiast."
—TechIMO, June 3, 2005 (Full review)

"What makes this book a must-read for sysadmins are the clear explanations and practical insights into the technologies that we manage. What makes it a joy to read are the author's appealing humility,
sense of humor and vast knowledge."
—Open.ITWorld.com, June 1, 2005 (Full review)

Silence on the Wire "has fundamentally changed the way I look at many things in my day-to-day computing existence."
—ngdev, June 1, 2005 (Full review)

"I was hooked… I give this book a 7 out of 10 for an interesting read."
—Edmonton Linux User Group, June 2005 (Full review)

"Zalewski's explanations make it clear that he's tops in the industry."
—Computerworld, May 30, 2005 (Full review)

"This unconventional book follows the story of a piece of information from the first key-press all the way to the remote party at the other end of the wire."
—Book News UK, May 17, 2005 (Full review)

"The discovery of a technical book in this style is cool... Getting in the head of someone who knows how to do [passive reconnaissance] can be a challenge unless they choose to reveal how they think and observe. This book is one of the rare opportunities to peek inside."
—IEEE Cipher, May 14, 2005 (Full review)

"[Zalewski] takes you on a tour that is enlightening and fun. You'll learn a boatload of stuff that people rarely cover, and you'll find that this opens up new avenues for you."
—Blog of Jose Nazario, security expert and administrator of infosecdaily.net, May 10, 2005 (Full review)

"Always good-natured in its attempt to show the relationship between mathematical theory and methods of attack."
— Week, May 9, 2005(Full review)

"An eye-opening technical look at what sophisticated analysis can reveal about the wild, wild Net and the people who use and abuse it."
—Netsurfer Digest, May 3, 2005 (Full review)

"Points out where the electronic dust bunnies are hiding under the computer bed. I bookmarked the heck out of SotW, and you will too."
—MacCompanion, May 2005 (Full review)

"A thoughtful, clever analysis of how things work... If you're a security type, you don't want to miss this one."
—Books-on-Line, April 25, 2005 (Full review)

"If you work in information warfare, this should be mandatory reading! If you are responsible for very high value targets... it is imperative that you read Zalewski's work page by page."
—Amazon.com review, posted by director of training & certification for SANS Institute, April 25, 2005 (Full review)

"You'll definitely treasure this volume... fills a gap in the security library that most people don't even realize exists."
—Duffbert's Random Musings, April 24, 2005 (Full review)

"Author Michal Zalewski has long been known and respected in the hacking and security communities for his intelligence, curiosity and creativity, and this book is truly unlike anything else out there."
—Markecek.kup.to, April 2005 (Read more)

"What I particularly liked is the author's attention to detail. I'd start reading a chapter and think, 'Yeah, I know this,' but then realize that he was just leading me through the basics because he had something important and interesting to say that I probably did NOT know... and that was usually true."
—A.P. Lawrence, Information and Resources for Unix and Linux Systems, April 2005 (Full review)

"More narrative than reference work, this book will be riveting reading for security professionals and students as well as technophiles interested in learning about how computer security fits into the big picture and high-level hackers seeking to broaden their understanding of their craft."
—IT Observer, March 29, 2005 (Read more)

"This book will be riveting reading for security professionals and students as well as technophiles interested in learning about how computer security fits into the big picture and high-level hackers seeking to broaden their understanding of their craft."
—Lockergnome, Dec. 15, 2004 (Read more)

Updates

Page 24:
Disregard the statement, "(T stands for a true statement, and F stands for false)" and the associated footnote. Equations that follow this paragraph should read (changes in bolded):

NOT a NAND(a, a)
AND(a, b) NOT NAND(a, b) NAND(NAND(a, b), NAND(a, b))
OR(a, b) NAND(NOT a, NOT b) NAND(NAND(a, a), NAND(b, b))

and

NOT a NOR(a,a)
OR(a, b) NOT NOR(a, b) NOR(NOR(a, b), NOR(a, b))
AND(a, b) NOR(NOT a, NOT b) NOR(NOR(a, a), NOR(b, b))

Please note that in the second sequence of equations, lines beginning with AND and OR were swapped to match the previous set, so that the ordering of both sequences is NOT-AND-OR.

Page 31:
The symbol used on Figure 2-4 for rightmost gate ("OR") is actually a graphical symbol of "XOR". The picture should be updated to remove the curved line on the left side of that gate, to match "OR" shown on Figure 2-2.

Page 32:
The second line reads "(see Figure 2-4)". This should be "(see Figure 2-4, leftmost portion)"

Page 171:
The mention of "Joe Steward" and in the index should actually be "Joe Stewart."

Page 148:
"Point of Presence" should be "Post Office Protocol version 3."

Page 116:
The number "3241036664" should actually be "3279225659."

Page 169:
The author of ISNProber is Tom Vandepoel, not Toni.

Page 228:
In section "Nibbling at the CPU," references to "non-polynomial" problems should be "non-deterministic polynomial."