5

I am searching for good books and articles about TCP/IP, mainly the security aspects of TCP/IP protocols. I have TCP/IP Illustrated and the TCP Guide, but they kinda lack on description of 'classic' attacks and how the internals of protocols relate to those attacks.

PS: Seeing the first real answer made me remember to add that this is strictly for studying purposes, I have no intention of going black hat at this point, I am just preparing for job interviews :)

coredump
  • 12,713
  • 2
  • 36
  • 56

6 Answers6

4

I would suggest to check IBM book this is great book and would help you a lot. This has TCP/IP Security related chapter also.

http://www.redbooks.ibm.com/abstracts/gg243376.html?Open

Chris S
  • 77,945
  • 11
  • 124
  • 216
maniargaurav
  • 393
  • 1
  • 2
  • 8
2

Unfortunately I don't know of many references that talk about attacks in terms of how they interact with the protocol stack. I'd imagine following mailing lists like Bugtraq will keep you on top of current vulnerabilities, but it sounds like you're looking for more of a primer.

I've been told that Hacking Exposed is a good general reference for those interested in learning about attack vectors; it's on my reading list, but I haven't got around to it yet.

Building Internet Firewalls, though fairly old, still offers an excellent overview of how to think about security when designing your network.

Murali Suriar
  • 10,296
  • 8
  • 41
  • 62
  • You linked the wrong book, but Hacking Exposed seems to be the closest thing to what I am searching. This is the correct link: http://www.amazon.co.uk/Hacking-Exposed-Sixth-Edition/dp/B001NLKUMS/ – coredump Nov 19 '10 at 02:44
2

I really prefer this book:

http://www.amazon.com/Network-Security-Architectures-Sean-Convery/dp/158705115X

It is very detailed.

Some (good and free) white paper on secure design is available here: http://cisco.com/go/safe

cstamas
  • 6,707
  • 25
  • 42
1

I good (and free) resource from Cisco can be found here: ISP Security Issues in ISP Security Issues in today’s Internet

There is also the complete text to IOS Essentials in PDF format from Cisco Press along with several other documents available in the same FTP directory if you are interested in some best practices for Cisco gear. Both of these documents are from 2002.

Another good resource would be the Nmap Network Scanning book by Gordon “Fyodor” Lyon. If you understand how nmap does its thing, you will gain a much deeper understanding of networking and security.

Peter
  • 5,453
  • 1
  • 26
  • 32
0

There are a number of online resources - as nutty as it sounds setup a secondary PC - or use a vps and then browse a large number of the hacking websites on the web.

BlackHat conferences while a bit expensive, will teach you a large amount about TCP/IP...

Architecturally here are few things I can tell you regarding TCP/IP

  • Since TCP/IP identifies parties by addresses hacker's attempt to spoof addresses

  • Address resolution within TCP/IP, DNS and ARP are not authenticated

  • You can easily masquerade as some other person or node

  • ARP spoofing circumvents switches....

Some TCP/IP Explolits include:

  • MAC Layer (ethernet) TCP/IP exploits
  • TCP Session hijacking
  • TCP Session application peeking/viewing
  • TCP Password Monitoring
  • Various Back channels
  • DOS:
  • Packet Generation Attacks & Relays

These few things should help you get started in google searches ... I can post more on each - however truth to be told... I would rather not Teach Hacking in a public community

Glenn Kelley
  • 1,294
  • 6
  • 10
0

There is no good books, its just in which book you have got the information you are looking for!

Check out if this page gives you the correct info - http://goo.gl/CaR44

cyrilsebastian
  • 81
  • 2
  • 9