Mike Schiffman | Mike Schiffman
1 The open source security scene needs more books like this
Books on hacking, cracking, exploiting, and breaking software seem to get all of the attention in the security world. However, we need more works like Mike Schiffman's 'Building Open Source Network Security Tools' (BOSNST). I regret having waited so long to read BOSNST, but I'm glad I did. Schiffman's book is for people who want to build, not break, software, and the way he describes how to create tools is enlightening.
The major theme I captured from BOSNST was the importance of creating useful code libraries. Six of the book's 12 chapters focus on libraries which provide functions for application programmers. While not all have gained the same amount of fame or use, the author's approach remains sound. Libraries are the building blocks around which numerous tools can and should be built.
This theme helped me understand the evolution of RFP's Whisker CGI scanner, released in Oct 1999 and deprecated in May 2003. Whisker lives on as a library, Libwhisker, in the Nikto Web server scanner. Similarly, Schiffman's chapter on Libsf mentions the utility of creating a library offering the functionality of the popular Nmap scanning tool. (Unfortunately, I haven't seen progress on this. Nmap author Fyodor last mentioned 'Libnmap' in his 2003 Nmap features survey, and it's not apparent in the tool's latest version.)
I found the six library chapters to be helpful. Some of the code has stagnated since 2002 (Libnids, Libsf), while some has continued to evolve (Libpcap, Libdnet, OpenSSL). Schiffman provides good explanations of buffer overflow and format string attacks in ch 10, and I thought his state machine-based port scan detector (Descry) in ch 11 was innovative.
One of the strongest sections of BOSNST is ch 12, where the author provides a 25-page code walkthrough of his Firewalk tool. This chapter is the model for anyone seeking to explain tool internals. Schiffman offers flowcharts, context charts, and explanations of code snippets. He doesn't simply dump page after page of C code in front of the reader. (Most chapters of BOSNST do conclude with the full source code for sample tools, however.)
I have no real complaints with BOSNST. I found minor errors in two diagrams (p 220, 223 should show the SYN/ACK or RST reply coming from the target, not to the target). Schiffman's writing style is clear and engaging, which makes a difference when explaining functions in code.
Those who want to learn how to assemble their security expertise in the form code libraries should read BOSNST. Those who wish to use the libraries found in the book, or those with similar functionality, should also read BOSNST. I look forward to Schiffman's next book, where hopefully he will finally update his biography to say 'AFIWC' (for 'Air Force Information Warfare Center') instead of 'AFWIC' (aka the UN's 'AFrican Women In Crisis' program).
2 Perfect Reference for Network Programers
Very well structured book with clear examples. Serves good as a reference and starting point for network programers. Highly recommended book.
3 Excellent guide for the network administrator
This book was the perfect reference manual for the busy network administrator that needs to quickly create powerful tools to enforce and monitor network security. From concept to implementation Schiffman will give you a thorough understanding of why and how to create open-sourced security tools that you can start using immediately. Using this book as a reference I was able to create a customized network sniffer and a few vulnerability analysis tools. Another great addition to my library that I highly recommend.
4 Excellent guide for the network administrator
This book was the perfect reference manual for the busy network administrator that needs to quickly create powerful tools to enforce and monitor network security. From concept to implementation Schiffman will give you a thorough understanding of why and how to create open-sourced security tools that you can start using immediately. Using this book as a reference I was able to create a customized network sniffer and a few vulnerability analysis tools. Another great addition to my library that I highly recommend.
5 Man Page Reprint
If you don't read the man pages then this book is for you. After reading the glowing reviews I went out to purchase this book. I am extermely dissappointed. The lion-share of the book is merely API description. There are some neat examples in every chapter, but they are available on the internet... The end chapters of the book are well written concise summaries of known techniques and concepts (possibly the only redeeming component of the book)
After using libnet I was expecting something great from the man who wrote such an awesome library. Experienced programmers should use the man pages. If you're new to information security topics then you might find this book useful.
A newbie would be well served by this book.
6 Excellent security book
I found this book to be extrodinarily helpful. Easy to follow, but with very detailed code examples, I came away from this book with a much better understanding of the open source software libraries available to me.
I highly recommend this book to anybody who intends to use libnet, or libpcap, or any of the other open source libraries.
7 One of a kind!
This exclusive book by Mike Schiffman, a recognized security authority, will not make a good bedtime reading even for the majority of hardcore security professionals. However, the value of this book is not in how fun it is to read, but in the amazing depth and breadth of network security material.
Starting from interesting and original security tool taxonomy - attack, active recon, passive recon and defense -, the book takes the steep road uphill towards the descriptions of several popular security libraries (two written by the book author himself). Libnet (packet injection), libpcap (packet capture), libnids (network IDS development), libsf (OS fingerprinting), libdnet (network parameters manipulation) and openssl (crypto) are covered in the excruciating level of detail. Code and API walkthrough, all functions, variables and primitives are covered complete with usage notes for various platforms. Each chapter is topped off by a complete security tool example, designed and developed using the library. Many pages of superbly commented tool source code are included in the chapter end.
Complete code is also provided at the publisher download site. Experimenting with the code is a good part of the fun brought by the book, so download is highly suggested.
The book is most useful for those wishing to gain truly in-depth understanding of network security tools and for aspiring tool builders. After all, the book is much easier to read and understand then just plain source, even if well commented.
Another bonus is a comprehensive description of buffer overflow and format string exploits, provided in the chapter on attacks and vulnerabilities.
The book ends with painfully detailed "firewalk" recon tool description, created by Mike Schiffman. It starts with design (with flowcharts and diagrams) and goes onwards to implementation and code walkthrough. 2200 lines of tool source code conclude this mighty volume.
Anton Chuvakin, Ph.D., GCIA is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
8 Incredibly useful
It is rare to find that such an in depth book on coding is this easy to read and understand It's really encouraging me to get off my [butt] and to start doing some coding again.
9 Excellent resource for network security programmers
If you are a network security programmer this is the right book to read. For shure it helps you with good examples that you can use to test, learn and start building your own network security tools.
It offers you a very good overview about the most known packet contruction, modification and analizys libraries used in most widely network security tools.
Even though, if you are just curious about the way things work, this book still is a very good buy, because in a easy and clear way you will understand the way to use these libraries.
If you have any doubts, you can just send an email to the author, and guess what! He always reply to you!
To finish, I just want to say...Thanks Mike!
Keep up the good work!
10 Excellent Library reference for anyone writing network apps.
After purchasing "Building Open Source Network Security Tools" I was able to write a full featured libnet 1.1.x based utility for a work related project in four days. I had no previous experience with the libnet library and was extremely impressed with how easy it was to build the tcp/udp/icmp/igmp/ip packets that I needed. The sample programs were short enough (and commented well enough) that I was able to hit the ground running.
11 a great resource for security professionals
this is pretty much the book i've been looking to add to my library for a while. schiffman covers the major libraries in security (libnet, libdnet, libpcap, openssl, libsf, and libnids) in a smooth and excellent way, and then brings them together in several small apps and then firewalk 5.0. in this book we learn techniques to complement the tools we learn how to craft.
i was a bit let down in some of the details being left out of the libraries schiffman didn't write, such as pcap and ssl. these are really difficult to master libraries, some more attention could have been given here.
another reviewer noted that the book really ignores the windows developer, which is true to an extent. however, what schiffman doesn't say (and the reviewer doesn't state) is that several of the libraries (pcap, libnet, libdnet, openssl) work just fine on windows. it would have been helpful to have seen that covered more, but perhaps in the next edition.
all in all, a reccomended book. now infosec people will have no reason to say they can't write their own network attack apps. and hopefully it will inspire someone to write a better mousetrap, too. i'm still surprised it took so long to appear on the shelves!
12 Voice of Experience
If there's anyone who's anyone in the Open Source security tool world, it's Mr. Schiffman. This book is the closest thing to a definitive text on the subject that exists today, and is absolutely worth the read.
13 Great for new security programmers
I'm glad someone finally wrote a book on this subject. To my knowledge this is the first and only book to tackle the subject of teaching people to write their own security tools from publicly available resources. Before this book, people were forced to try and examine badly coded source code examples which arent't nearly as helpful as having someone to guide you through all the major componenets like this book does. I give this book 4.5 stars. Nice work.
14 Impressive
This was a great book that provided wonderful insight into the world of open-source security tools. This is the first book of Mike Schiffman's that I have read and I thoroughly enjoyed it. At times I felt that the technical jargon was a bit over my head, but it was very informative. I would highly recommend this book.
15 Sweet and To The Point
My review is much like the book, sweet and to the point! The chapters and sample code that go along with them are thoughfully put together and well written. This is by far the best security reference book I've gotten my grubby hands on! I also received that Libnet mailing and the request for positive feedback was obviously done in a humerous, tongue and cheek fashion. If you've ever read Phrack magazine, you'd understand the authors humor. Go out and buy this book, you won't be disappointed!
16 A timely book full of useful information
While Schiffman's second book is more of a reference manual than his first (Hacker's Challenge), it still maintains a high level of readability. Detailed diagrams and well written sample code highlight the subject matter, while descriptive explanations of functionality provide the foundation. Schiffman has been a contributor of source code and techniques to the computer security world for almost a decade and this book is the culmination of his tool writing. The chapters on libsf and passive reconnaissance are very useful.
I find this book to be an indespensible source of information.
17 No Windows developers
Prospective buyers should know that this book is UNIX-centric and won't benefit Windows developers much. I guess this is reasonable since Open Source is mostly a UNIX phenomenon.
18 Shill reviews?
I bought this book after reading reviews here and was deeply
disappointed. Mike Schiffman posted a request for positive
Amazon reviews to his Libnet mailing list on 10/19/02, and
some people may have been far too accommodating! The
Libdnet and OpenSSL chapters simply rehash API documentation
available via the project web sites and man pages. I would
rather go to the source for up-to-date docs. There is also
a whole chapter on LibSF, which seems to be a quick hack
created just in time for this book. Version "Beta 0.01" was
released on 7/28/02 and no updates have been made since. It
doesn't even compile on my FreeBSD or Solaris machines.
One bright spot is the coverage of Libnet, a packet building
library written by Schiffman. If you make heavy use of
Libnet, the extra insights may prove useful. But the man
page is quite sufficient and more convenient for casual use.
In addition, many (most?) people are moving to Dug
Song's Libdnet API instead, which is poorly covered in
chapter 6. Some folks may value the sample programs
included in each chapter, but I prefer to find and study
real applications online. If you really want the sample
code, it is available from the book web site.
19 Refreshing Networking Security material!
There are many security books on the shelves today. Most of them describe the same hacker tools and methods. They don't get very technical and once you've read one, you've read them all. Building Open Source Network Security Tools is a different breed of security book.
Building Open Source Network Security Tools , just as the name suggests, is about how to build network security tools. This is a technical book, so you are going to have a little knowledge of C and your networking principles. This is definitely not a managers book.
First the book describes some basic principles in developing security software. This is a quick primer in case you have never been involved in software development. Next the book goes on to describe several commonly used libraries like libnet and libpcap. For each library, the structures and functions are explained, then there is sample code. I have written programs using libpcap and libnet before and I still learned something. There is even a section on OpenSSL programming. OpenSSL is a rather large and cryptic, no pun intended, library (in my experience anyways). This book sheds some light on it! These chapters are a great reference to have when making a new security tool.
The author then goes on to explain the several techniques like attack and penetration and active reconnaissance. Not only does the author tell you how they would in a technical sense, he provides code that does it, and explains each piece. This is very useful since most tools in the wild aren't very well commented ;) There is also a chapter on buffer overflows and format string vulnerabilities. These chapters are very well done and do a good job in explaining how they work and how to write code to use them. It may sound like this is an offensive hacker book, but it also gives examples on how to write defensive programs, like a port scan detection tool. At the end of the book the author ties it all together with a large program that utilizes many of the techniques mention in the book.
I found this book to be very refreshing. I had been waiting for a good security programming reference, and this is it. As a part of the Honeynet Project, I have seen a large number of compromises and tools, and one thing I've found is that in order to truly know who your enemy is, and how they operate, you need to know how their tools work. I wish this book had been released years ago when I first became interested in network security. It would have saved me from stumbling around old web pages and dead links. If you're an information security professional, this book is a must have for your library.
20 route rules
Heehee, I haven't even read this book yet. BUT, I've played around with the software mentioned in the book, and I've been a fan of Mike Schiffman a.k.a. "route"/"daemon9" for years, since he was editor of Phrack magazine. I've played around with libnet and its pretty useful.. although you fancy-pants OO C++ coders may not like the old-school C coding. The libraries are effective, and definitely worth looking at if you're a C coder who needs to test network application security or stability.
Check out these sites to see what Schiffman has been up to now and in the past:
www.securityfocus.com
www.packetfactory.net
www.phrack.com
To summarize, Schiffman knows his stuff, and the security community knows it. This book isn't just written by some uninspired suit.. The author has credibility, as proven by the tools that he has written and continues to maintain.
21 A must read for all Security Programmers
This book is an excellent source for application programmers who want to quickly develop state of the art network security tools. The book was well-organized and provided sample programs to reinforce the key points of each chapter. More importantly than just the sample code is how clearly and detailed each chapter is laid out and illustrates the finer points to programming network security tools using the profiled components. One key point I found reading the book was the level of sophistication and knowledge the author possess in security was outstanding. I would definitely recommend this book to all programmers both new and old will learn a great deal from this book.
Jonathan C Fornaci
President and CEO IMG Universal
Jonathan has been a feature speaker on security at Interpol, within the US Government, and major corporations and has appeared on ABC, NBC, BBC, along with major publications including the Wall Street Journal, USA Today, Washington Post, IBD, CIO and Computerworld.
22 amazing..must have for anybody who writes networking code
Even if your focus isn't security, any coder that writes networking code would find this book interesting and hard to put down. In addition to the security information, the book provides in-depth information on low level networking that any coder would find useful. The examples presented shows the reader how to, in a quick and concise way, build almost any network security tool they could imagine. This means that Security professionals no longer need to rely on companies like eEye for their tools. Chapter 10, Attack and Penetration Techniques, is worth the price of the book alone. Anybody that is responsible for securing a large network is familiar with vulnerability scanning, this chapter helps the reader understand how these tools work, and how to write there own. This type of information is extremely useful to people who find themselves in the position of quickly searching a network for something that other scanners may not detect yet. An example of this would be a new rootkit that listens on port 80. A simple port scan of a network would make finding compromised machines hard because 80 is also a legitimate port for web servers. Applying the information Schiffman gives you, a person could construct a scanner in almost no time that can issuse a HTTP query to every open port and make note of those with a HTTP reply. There are a dozen more examples why this book is elite, but rapid development and extensibility of tools that are developed throughout the book makes it a must have for any security professional.
23 a must-have reference book
It looks like I can now pull down all the pcap and libnet source (and header) file printouts which are taped around my cube. This book is the reference book that I have been looking for. *The* definitive reference book for libnet, pcap, openssl, and more. Great book!
24 It is about time
Finally! I have needed this book for years. This book works as a good reference or a how to book for those who need custom network security tools. It helped me finish a tool that I have been working on for months. This will become a standard book for all security professionals.
