Customer Reviews: Hack Attacks Revealed: A Complete Reference with Custom Security Hacking Toolkit
Automotive Deals HPCC Amazon Fashion Learn more nav_sap_plcc_ascpsc Pink Floyd Fire TV Stick Subscribe & Save Handmade school supplies Shop-by-Room Amazon Cash Back Offer TarantinoCollection TarantinoCollection TarantinoCollection  Amazon Echo  Echo Dot  Amazon Tap  Echo Dot  Amazon Tap  Amazon Echo Introducing new colors All-New Kindle Oasis AutoRip in CDs & Vinyl Segway miniPro

Your rating(Clear)Rate this item

There was a problem filtering reviews right now. Please try again later.

on August 14, 2001
Many praise this book but may not recognize its shortcomings. Here is a sampling of specific excerpts of technically incorrect material. Any odd grammar is a result of directly quoting the book.
p. 28: "When a connection is established between two nodes during a TCP session, a three-way handshake is used. The process starts with a one-node TCP request by a SYN/ACK but, and the second node TCP response with a SYN/ACK bit. At this point, as described previously, communication between the two nodes will procede. When there is no more data to send, a TCP node may send a FIN bit, indicating a close control signal. At this intersection, both nodes will close simultaneously."
p. 93: "These first 1,024 ports are reserved for system services; as such, outgoing connections will have port numbers higher than 1023. This means that all incoming packets that communicate via ports higher than 1023 are replies to connections initiated by internal requests."
p. 97: "The crucial issue with port 7's echo service pertains to systems that attempt to process oversized packets... this problem is commonly referred to as the "Ping of Death" attack. Another common deviant to port 7 is known as "Ping Flooding."
p. 19: "Unfortunately, this service [chargen] is vulnerable to a telnet connection that can generate a string of characters with the output redirected to a telnet connection to, for example, port 53 (domain name service (DNS)). In this example, the flood of characters causes an access violation fault in the DNS service, which is then terminated, which, as a result, disrupts name resolution services."
p. 106: "As there are limitations in the development of a standard windows system for UNIX, the word from the Underground indicates that hackers are currently working on exploiting fundamental flaws of this service [news]."
p. 107: "When this port [exec] is active, or listening, more often than not the remote execution server is configured to start automatically. As a rule, this suggests that X-Windows is currently running."
p. 108: "Although this [talk, ntalk] seems harmless, many times it's not. Aside from the obvious -- knowing that this connection establishment sets up a TCP connection via random ports -- exposed these services to a number of remote attacks."
p. 109: "Without the necessary filtration techniques throughout the network span, these ports [klogin, kshell, kerberos] are vulnerable to several remote attacks, including buffer overflows, spoofs, masked sessions, and ticket hijacking."
p. 161: "A stealth scanner never completes the entire SYN/ACK process, therefore bypassing a firewall, and becoming concealed from scan detectors."
The book also offers:
p. 110- 147: 37 pages of trojan tool screenshots
p. 231 - 271: 40 pages on DOS (yes, Disk Operating System) commands
p. 373 - 405: 32 pages on DOS terminate and stay resident (TSR) programming, in case you need your circa 1991 x286 box to run your favorite text-based game
Beyond page 405, at least 250 pages (more than 25% of the book) are nothing more than printouts of C code.
The author says on p. xv: "The difference between this book and other technical manuscripts is that it is written from a hacker's perspective," and on p. xvi: "My goal is to help mold you become a virtuous hacker guru."
If this material is any indication, I have nothing to fear from the legions of "hacker gurus" who will learn from this book. I won't have any trouble weeding them out during technical interviews for job openings, either.
0Comment| 76 people found this helpful. Was this review helpful to you?YesNoReport abuse
on August 28, 2001
This book is an excellent reference for networking / protocols etc, with a few scant comments of how these protocols are vulnerable. Most of the info in the appendixes can be found in RFC's and has been pulled straight out. The extensive list of port references as an example. The tiger tool kit looked promising for the out of the box hacker but I was suprised to see that there was only a limited edition (limited by functionality) included. Some interesting scripts and a different approach than other books I have read which was nice. Made me brush up on the network stuff but nothing you cant learn from a good tcp/ip book. All in all interesting, well written but it seems the only way you are ever going to hack anything is to build your own lab and learn it yourself.
0Comment| 24 people found this helpful. Was this review helpful to you?YesNoReport abuse
on August 27, 2001
I've heard a lot of cliche's about this book, but the one that I found the most amusing is that it would 'spread like wildfire.' Well, weighing in at over 1300 pages, the first two Hack Attack books certainly could be used as excellent kindling. And this is the best use of these books. You will feel no remorse should you burn each and every page of these wretched books on a cold cold night. Have no pangs of guilt, there's nothing useful in these books at all. Don't be fooled by the thickness, it's very light on content, and heavy on screen shots and source code listings. You can find better references in one fifth the page count.
0Comment| 28 people found this helpful. Was this review helpful to you?YesNoReport abuse
on September 10, 2001
Hack Attacks revealed is a good starting point to understand the tools , methods and processes hackers use to attempt to penetrate networks. I would have liked to have seen more details on the descriptions of the attacks. I've just begun using TigerSuite to probe around on my network, but have to found of few of the tools to be quite useful already.
0Comment| 13 people found this helpful. Was this review helpful to you?YesNoReport abuse
on July 5, 2001
In this day and age, attacks against companies' internal networks are always a threat and virtually any business, government, or educational institution needs to protect itself against this threat. Firewalls offer an excellent protection against such attacks-but it's just not enough.
This new reference offers a lot of information even about veteran techniques. It describes different types of attacks, the tools (both software & hardware), and Internet services (World Wide Web, electronic mail and netnews, FTP, telnet, etc).
There's a lot of good common-sense information in here too, when it talks about how you go about deciding what you should and shouldn't do. I learned quite a bit from this book and anyone who needs to learn about security, even if you have no experience, should get a copy of this book if they already haven't.
Also recommended: Hack Attacks Denied, Hacking Exposed (2nd)
0Comment| 15 people found this helpful. Was this review helpful to you?YesNoReport abuse
on August 27, 2001
As a network administrator for an Internet Service Provider, I've witnessed numerous types of assaults on our clients as well as our own backbone. Hack Attacks Revealed not only clarified the modus operandi of these attacks but also helped me put a �honeypot� game plan in place to investigate them. I�m enormously grateful for the technology primers, especially the header details and sniffer snapshots. These were significant in my pinpointing the most critical attacks in the debug data. Priceless.
0Comment| 12 people found this helpful. Was this review helpful to you?YesNoReport abuse
on July 25, 2001
Hack Attacks Revealed is a comprehensive guide to security, hacking, and the underground. This is an amazing book, not only for its content but also its accompanying CD-Rom. There's a real sense, throughout the book, of the author's personality and programming prowess. Some introductory books will only talk about computer ports and exploits, but the focus on this one is to show you by example, tackling advanced issues. It teaches you how to network, internetwork, hack, and to think like a hacker, to really understand the sensitivity of these gurus. The wealth of experience of the author is contained within these pages, and is an invaluable learning tool. I highly recommend this book; this comprehensive guide is an excellent value, and a long lasting reference when working in the field today.
0Comment| 18 people found this helpful. Was this review helpful to you?YesNoReport abuse
on August 14, 2001
Anyone that is worried about securing there information, these books are a must have resource. These two books are essential information for knowing and understanding how a hacker thinks and how hacker gets into your network. I was truly amazed at the information and the way it is presented is where for both types of users, advanced and Novices.
Doesn�t matter if you�re new to this area of the IT industry or a veteran. These two books are a must have resources. It doesn�t matter if you�re a small business or a large IT firm. Hackers are trying to get anyone and everyone. It is best to be prepared.
There is a set of utilities that come with the book, which is great. The book has a lot of real life examples and plenty of resources on the CD...
0Comment| 8 people found this helpful. Was this review helpful to you?YesNoReport abuse
on September 13, 2001
Most of the security problems we fear are creatively illustrated in this up-and-coming blockbuster. Although I'm partial to operating systems, I focused my attention on port, socket and service vulnerabilities. In short, the example cases were nothing less than informative, and shocking. What would typically fall short of boring, the 80-page internetwork tutorial from a hacker's perspective was technically refreshing. The companion CD was all that the book said it would be, and more. Although some of the links in the Tiger Tool Repository are dead, the 14,000 or so valid resources are critically valuable for any user. Overall the best part about Hack Attacks Revealed is the down-to-earth, layman style the author uses to keep my attention.
0Comment| 8 people found this helpful. Was this review helpful to you?YesNoReport abuse
on September 9, 2001
Very well written technical book concerning Internet security and the inherent vunerablities of operating systems and the very structure of the Internet itself. Brings to light the tools and methodologies "hackers" use to locate, scan, probe, penetrate, and clear tracks on systems attached to the Internet and or to corporate LAN's. I use the term newbies, however, relatively speaking. To make the very most of this book and I HOPE this book's target audience being(security analysts/security enthusiasts), one should have a background in the C programming language, operating systems including but not limited to Windows and UNIX and detailed knowledge of the OSI stack coupled with intermediary network devices. To catch a thief one must think as a thief..., don't let this book slip through your fingers.
0Comment| 11 people found this helpful. Was this review helpful to you?YesNoReport abuse