| |
| |
Foreword | |
| |
| |
| |
Introduction | |
| |
| |
A Few Words about Me | |
| |
| |
About This Book | |
| |
| |
| |
The Source | |
| |
| |
| |
I can Hear You Typing | |
| |
| |
The Need for Randomness | |
| |
| |
Automated Random Number Generation | |
| |
| |
The Security of Random Number Generators | |
| |
| |
I/O Entropy: This Is Your Mouse Speaking | |
| |
| |
Delivering Interrupts: A Practical Example | |
| |
| |
One-Way Shortcut Functions | |
| |
| |
The Importance of Being Pedantic | |
| |
| |
Entropy Is a Terrible Thing to Waste | |
| |
| |
Attack: The Implications of a Sudden Paradigm Shift | |
| |
| |
A Closer Look at Input Timing Patterns | |
| |
| |
Immediate Defense Tactics | |
| |
| |
Hardware RNG: A Better Solution? | |
| |
| |
Food for Thought | |
| |
| |
Remote Timing Attacks | |
| |
| |
Exploiting System Diagnostics | |
| |
| |
Reproducible Unpredictability | |
| |
| |
| |
Extra Efforts Never Go Unnoticed | |
| |
| |
Boole's Heritage | |
| |
| |
Toward the Universal Operator | |
| |
| |
DeMorgan at Work | |
| |
| |
Convenience Is a Necessity | |
| |
| |
Embracing the Complexity | |
| |
| |
Toward the Material World | |
| |
| |
A Nonelectric Computer | |
| |
| |
A Marginally More Popular Computer Design | |
| |
| |
Logic Gates | |
| |
| |
From Logic Operators to Calculations | |
| |
| |
From Electronic Egg Timer to Computer | |
| |
| |
Turing and Instruction Set Complexity | |
| |
| |
Functionality, at Last | |
| |
| |
Holy Grail: The Programmable Computer | |
| |
| |
Advancement through Simplicity | |
| |
| |
Split the Task | |
| |
| |
Execution Stages | |
| |
| |
The Lesser Memory | |
| |
| |
Do More at Once: Pipelining | |
| |
| |
The Big Problem with Pipelines | |
| |
| |
Implications: Subtle Differences | |
| |
| |
Using Timing Patterns to Reconstruct Data | |
| |
| |
Bit by Bit | |
| |
| |
In Practice | |
| |
| |
Early-Out Optimization | |
| |
| |
Working Code-Do It Yourself | |
| |
| |
Prevention | |
| |
| |
Food for Thought | |
| |
| |
| |
Ten Heads of the Hydra | |
| |
| |
Revealing Emissions: TEMPEST in the TV | |
| |
| |
Privacy, Limited | |
| |
| |
Tracking the Source: "He Did It!" | |
| |
| |
"Oops" Exposure: *_[tilde]lq'@@...and the Password Is | |
| |
| |
| |
Working for the Common Good | |
| |
| |
| |
Safe Harbor | |
| |
| |
| |
Blinkenlights | |
| |
| |
The Art of Transmitting Data | |
| |
| |
From Your Email to Loud Noises ... Back and Forth | |
| |
| |
The Day Today | |
| |
| |
Sometimes, a Modem Is Just a Modem | |
| |
| |
Collisions Under Control | |
| |
| |
Behind the Scenes: Wiring Soup and How We Dealt with It | |
| |
| |
Blinkenlights in Communications | |
| |
| |
The Implications of Aesthetics | |
| |
| |
Building Your Own Spy Gear | |
| |
| |
... And Using It with a Computer | |
| |
| |
Preventing Blinkenlights Data Disclosure-and Why It Will Fail | |
| |
| |
Food for Thought | |
| |
| |
| |
Echoes of the Past | |
| |
| |
Building the Tower of Babel | |
| |
| |
The OSI Model | |
| |
| |
The Missing Sentence | |
| |
| |
Food for Thought | |
| |
| |
| |
Secure in Switched Networks | |
| |
| |
Some Theory | |
| |
| |
Address Resolution and Switching | |
| |
| |
Virtual Networks and Traffic Management | |
| |
| |
Attacking the Architecture | |
| |
| |
CAM and Traffic Interception | |
| |
| |
Other Attack Scenarios: DTP, STP, Trunks | |
| |
| |
Prevention of Attacks | |
| |
| |
Food for Thought | |
| |
| |
| |
Us Versus Them | |
| |
| |
Logical Blinkenlights and Their Unusual Application | |
| |
| |
Show Me Your Typing, and I Will Tell You Who You Are | |
| |
| |
The Unexpected Bits: Personal Data All Around | |
| |
| |
Wi-Fi Vulnerabilities | |
| |
| |
| |
Out in the Wild | |
| |
| |
| |
Foreign Accent | |
| |
| |
The Language of the Internet | |
| |
| |
Naive Routing | |
| |
| |
Routing in the Real World | |
| |
| |
The Address Space | |
| |
| |
Fingerprints on the Envelope | |
| |
| |
Internet Protocol | |
| |
| |
Protocol Version | |
| |
| |
The Header Length Field | |
| |
| |
The Type of Service Field (Eight Bits) | |
| |
| |
The Total Packet Length (16 Bits) | |
| |
| |
The Source Address | |
| |
| |
The Destination Address | |
| |
| |
The Fourth Layer Protocol Identifier | |
| |
| |
Time to Live (TTL) | |
| |
| |
Flags and Offset Parameters | |
| |
| |
Identification Number | |
| |
| |
Checksum | |
| |
| |
Beyond Internet Protocol | |
| |
| |
User Datagram Protocol | |
| |
| |
Introduction to Port Addressing | |
| |
| |
UDP Header Summary | |
| |
| |
Transmission Control Protocol Packets | |
| |
| |
Control Flags: The TCP Handshake | |
| |
| |
Other TCP Header Parameters | |
| |
| |
TCP Options | |
| |
| |
Internet Control Message Protocol Packets | |
| |
| |
Enter Passive Fingerprinting | |
| |
| |
Examining IP Packets: The Early Days | |
| |
| |
Initial Time to Live (IP Layer) | |
| |
| |
The Don't Fragment Flag (IP Layer) | |
| |
| |
The IP ID Number (IP Layer) | |
| |
| |
Type of Service (IP Layer) | |
| |
| |
Nonzero Unused and Must Be Zero Fields (IP and TCP Layers) | |
| |
| |
Source Port (TCP Layer) | |
| |
| |
Window Size (TCP Layer) | |
| |
| |
Urgent Pointer and Acknowledgment Number Values (TCP Layer) | |
| |
| |
Options Order and Settings (TCP Layer) | |
| |
| |
Window Scale (TCP Layer, Option) | |
| |
| |
Maximum Segment Size (TCP Layer, Option) | |
| |
| |
Time-Stamp Data (TCP Layer, Option) | |
| |
| |
Other Passive Fingerprinting Venues | |
| |
| |
Passive Fingerprinting in Practice | |
| |
| |
Exploring Passive-Fingerprinting Applications | |
| |
| |
Collecting Statistical Data and Incident Logging | |
| |
| |
Content Optimization | |
| |
| |
Policy Enforcement | |
| |
| |
Poor Man's Security | |
| |
| |
Security Testing and Preattack Assessment | |
| |
| |
Customer Profiling and Privacy Invasion | |
| |
| |
Espionage and Covert Reconnaissance | |
| |
| |
Prevention of Fingerprinting | |
| |
| |
Food for Thought: The Fatal Flaw of IP Fragmentation | |
| |
| |
Breaking TCP into Fragments | |
| |
| |
| |
Advanced Sheep-Counting Strategies | |
| |
| |
Benefits and Liabilities of Traditional Passive Fingerprinting | |
| |
| |
A Brief History of Sequence Numbers | |
| |
| |
Getting More Out of Sequence Numbers | |
| |
| |
Delayed Coordinates: Taking Pictures of Time Sequences | |
| |
| |
Pretty Pictures: TCP/IP Stack Gallery | |
| |
| |
Attacking with Attractors | |
| |
| |
Back to System Fingerprinting | |
| |
| |
ISNProber-Theory in Action | |
| |
| |
Preventing Passive Analysis | |
| |
| |
Food for Thought | |
| |
| |
| |
In Recognition of Anomalies | |
| |
| |
Packet Firewall Basics | |
| |
| |
Stateless Filtering and Fragmentation | |
| |
| |
Stateless Filtering and Out-of-Sync Traffic | |
| |
| |
Stateful Packet Filters | |
| |
| |
Packet Rewriting and NAT | |
| |
| |
Lost in Translation | |
| |
| |
The Consequences of Masquerading | |
| |
| |
Segment Size Roulette | |
| |
| |
Stateful Tracking and Unexpected Responses | |
| |
| |
Reliability or Performance: The DF Bit Controversy | |
| |
| |
Path MTU Discovery Failure Scenarios | |
| |
| |
The Fight against PMTUD, and Its Fallout | |
| |
| |
Food for Thought | |
| |
| |
| |
Stack Data Leaks | |
| |
| |
Kristjan's Server | |
| |
| |
Surprising Findings | |
| |
| |
Revelation: Phenomenon Reproduced | |
| |
| |
Food for Thought | |
| |
| |
| |
Smoke and Mirrors | |
| |
| |
Abusing IP: Advanced Port Scanning | |
| |
| |
Tree in the Forest: Hiding Yourself | |
| |
| |
Idle Scanning | |
| |
| |
Defense against Idle Scanning | |
| |
| |
Food for Thought | |
| |
| |
| |
Client Identification: Papers, Please! | |
| |
| |
Camouflage | |
| |
| |
Approaching the Problem | |
| |
| |
Towards a Solution | |
| |
| |
A (Very) Brief History of the Web | |
| |
| |
A HyperText Transfer Protocol Primer | |
| |
| |
Making HTTP Better | |
| |
| |
Latency Reduction: A Nasty Kludge | |
| |
| |
Content Caching | |
| |
| |
Managing Sessions: Cookies | |
| |
| |
When Cookies and Caches Mix | |
| |
| |
Preventing the Cache Cookie Attack | |
| |
| |
Uncovering Treasons | |
| |
| |
A Trivial Case of Behavioral Analysis | |
| |
| |
Giving Pretty Pictures Meaning | |
| |
| |
Beyond the Engine ... | |
| |
| |
... And Beyond Identification | |
| |
| |
Prevention | |
| |
| |
Food for Thought | |
| |
| |
| |
The Benefits of Being a Victim | |
| |
| |
Defining Attacker Metrics | |
| |
| |
Protecting Yourself: Observing Observations | |
| |
| |
Food for Thought | |
| |
| |
| |
The Big Picture | |
| |
| |
| |
Parasitic Computing, or How Pennies Add Up | |
| |
| |
Nibbling at the CPU | |
| |
| |
Practical Considerations | |
| |
| |
Parasitic Storage: The Early Days | |
| |
| |
Making Parasitic Storage Feasible | |
| |
| |
Applications, Social Considerations, and Defense | |
| |
| |
Food for Thought | |
| |
| |
| |
Topology of the Network | |
| |
| |
Capturing the Moment | |
| |
| |
Using Topology Data for Origin Identification | |
| |
| |
Network Triangulation with Mesh-Type Topology Data | |
| |
| |
Network Stress Analysis | |
| |
| |
Food for Thought | |
| |
| |
| |
Watching the Void | |
| |
| |
Direct Observation Tactics | |
| |
| |
Attack Fallout Traffic Analysis | |
| |
| |
Detecting Malformed or Misdirected Data | |
| |
| |
Food for Thought | |
| |
| |
Closing Words | |
| |
| |
Bibliographic Notes | |
| |
| |
Index | |