Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks explores the uncharted territories of computer and network security, developing novel, but perhaps limited, attack methodologies.
Some of the attack methods might be familiar (password disclosure via SSH keystroke timing, remotely reading data from LED traffic activity lights on modems), while others won't be. Author Michal Zalewski's contribution -- the open-source "p0f," a passive OS-fingerprinting utility -- adopts a subtle approach to identifying a remote host's operating system; instead of blasting the host with packets and analyzing the responses, it stealthily gathers the packets naturally transmitted by the target. Of course, this requires more strategy and patience from the attacker, and, ultimately, the practical utility of the tool is hampered.
The highlight of Silence is deep in the final chapters. Zalewski shows how Internet protocols can be exploited -- literally stretched beyond their intended use -- to create functional equivalents of fundamental computing resources. For example, the SMTP mail service can be used as nonpersistent data storage by sending mail to a nonexistent host, which will typically be returned to the sender for up to seven days. The possibility is fascinating.
The format of each short chapter is largely the same: a long background section, eventually delivering the punch line -- one of the extraordinarily clever hacks or attack methods. Unfortunately, the climaxes of the chapters often fizzle, with Zalewski briefly sketching some of the possible attack methods without details or confirmation of the probability of the approach. Instead, he overtly encourages the reader to pursue the research on his own.
Although the attack sketches are captivating (e.g., tricking Web-indexing search engines such as Google into following specially crafted URLs resulting in anonymous Web attacks), often the partial development of the concept leaves the reader wanting more. Although some of the methods may be feasible and have some lasting impact in the field, the impact of many of the others is probably negligible.
Ultimately, Silence is an interesting compendium of security curios. The presentation is breezy and irreverent, perhaps making this good beach reading for security geeks who aren't afraid of the sun.
This was first published in October 2005