The chapter appropriately begins with an introduction to the layers of the OSI model. Although I have seen better introductions to the OSI model, this section of the chapter serves its purpose in giving a basic introduction to networking. The basics of programming with sockets are then covered, and are covered well. This then leads to a description of how a very basic web server can be written. After this is a segue into a description of the OSI model again, with more detailed descriptions of protocol layers. These layers are described using interesting and appropriate analogies. As an example, the data link layer is described as being analogous to interoffice mail, the physical layer is compared to the carts used to deliver the mail, whereas the network layer above these layers is compared to a worldwide postal system. It was also interesting to see the details of how TCP/IP connections are started, and to see why they are started using the “three-way handshake” method.

Next, sniffing of network traffic is explained. The libpcap library is described in detail, and code examples are given to explain how a sniffer can be written to display network traffic at three different levels. The examples of what gets sniffed may make those who read them want to conduct experiments. Some may want to see more about the data that would be transmitted, such as the SYN and ACK values in TCP/IP connections. It is later mentioned that sniffing cannot be done easily on switched networks. Then it is described how the way in which ARP is implemented easily allows both spoofing of ARP addresses as well as ARP cache poisoning, and how that can be done to sniff traffic on switched networks. While readers read through it, some of them might consider how to defend against this flaw inherent in ARP that allows cache poisoning. Some of them might also be entertained by the author’s cleverness, as the MAC address of the attacker in the ARP spoofing example is, appropriately enough, 00:00:00:FA:CA:DE. The libnet library is then described, as are the tools known as Nemesis and arpspoof that use this library. The author appropriately encourages readers to view the source code of software that uses these libraries so that they will be better able to learn about these libraries. Many code examples are given, and the author seems to understandably assume that readers will work with these examples. He often says that the code examples should make sense to readers.

Denial-of-service attacks are covered next. The author explains how the implementation of protocols can be exploited, in particular in the description of SYN floods. It is then explained that that attack and similar ones are unlikely to succeed now, as operating systems have been updated to prevent these attacks from happening. However, it is explained why these historical examples matter. The author mentions that while oversized ICMP packets will not crash computers anymore, some Bluetooth implementations are vulnerable to oversized ping packets. As the author says, it is often that “the same mistakes made in the past are repeated by early implementations of new products.”

In the next section of this chapter, the importance of being able to sniff network traffic is underscored. It is demonstrated how this sniffing is what needs to be done to be able to hijack TCP/IP connections. Prior to the explanation of how this hijacking is done, it is appropriately explained that this can be done when a one-time password is used to connect to a host. Next, port scanning and the different methods of it are covered. The author then explains how discovery of which ports are open can be prevented. This is done by creating the illusion that all ports are open, which is done by responding to any packets that are sent when ports are being scanned. As is the case with previous sections of the chapter, example source code is given to illustrate how this can be implemented.

What I consider the best part of the chapter is near the end of it, where it is explained how concepts from the previous chapter can be combined with concepts explained in this chapter. The reader is first given a second chance to look for a buffer overflow vulnerability in a code example given previously in the chapter on networking. It is then explained how this vulnerability can lead to shell-spawning code being run. Then, to make the attack more useful, it is demonstrated how port-binding shellcode can be used to open a port to which the attacker can connect and gain root access to a remote system. This combination of interesting concepts may have been awaited by readers as they read through the book. This combination of concepts makes these concepts more interesting than they were individually.

After reading this chapter, readers of it should understand that the implementation of network software can be, and historically has been, flawed and vulnerable to attacks. The author encourages readers to write software that implements the concepts that are explained, such as the “ping of death” attack. Readers of this book are understandably expected to understand the material well enough to be able to do that. Something else that readers should understand after reading that chapter is how concepts can be combined. The author does not explicitly say in this chapter that readers should understand this. However, readers who will get the most out of this book will see how that can be done. After the chapter ended with explanations of how shellcode can be more advanced, and how countermeasures against attacks can be implemented, readers will want to keep reading this book. The next two chapters cover the topics of shellcode and countermeasures, and I plan on reading and reviewing them once I find the time to do so.

This chapter of the book is quite informative. The explanations of concepts are clear, and are sometimes even entertaining. The clever sense of humour that the author has is quite evident in it. Those who try to fully understand the material and pay attention to detail will enjoy this chapter. Reviews of the next chapters of the book may appear here before long, as I continue to enjoy reading this book.

When programmers first learn about programming, they tend to focus on simply making the programs that they write appear to run properly. Once these inexperienced programmers find that their programs appear to be free of errors, they may think that they do not need to do anything else with the programs that they have written. However, programs that seem to run correctly may have issues that could lead to unintended consequences. A mistake that is sometimes made by those who teach programming is that of emphasizing getting programs to work in typical cases. The chapter in this book on programming puts much emphasis on going beyond viewing programs as a series of statements written in a high-level language to accomplish certain tasks. This is done for reasons that become quite evident in this chapter on program exploitation.

In this third chapter of the book, methods of taking advantage of certain programming practices that should be avoided are covered. This chapter is divided into sections in which concepts such as buffer overflows and format string vulnerabilities are explained. These sections are divided into subsections in which there are examples that illustrate how these vulnerabilities can be exploited. These examples progressively increase in complexity, efficiency, and effectiveness. For example, in the section on stack-based buffer overflows, an example is given that demonstrates how a buffer being overflowed can affect what is stored in other variables. Then the possible unintended consequence of overwriting a buffer that stores a boolean value on whether or not access is to be granted is illustrated. However, this situation is one that the author admits is contrived, as whether or not it will occur depends on where variables are located in memory. Later, it is demonstrated how the GNU debugger can be used to show where one can see the memory address to which the program is to be directed. And then it is shown how that address can be overwritten with an arbitrary address when the program has a buffer overflow vulnerability. Then an assembler dump is given to show which memory addresses to which a program can be pointed. Then it is shown how memory can be overwritten with instructions that contain shell-spawning code. Then it shown how shellcode can be stored in environment variables to make attacks more efficient.

After short sections on heap-based buffer overflows and overflowing of function pointers, format string vulnerabilities are explained. In the section on format string vulnerabilities, it is demonstrated how code that appears to do what it is supposed to do can have very serious problems. It is first demonstrated how memory on the stack frame, and then in any other location can be viewed when format parameters are missing from printf function calls. Then the techniques for writing to memory addresses through the use of direct parameter access and short writes are given. It is once again shown how overwriting of memory can lead to shellcode being run through the use of methods that are similar to those given in the section on buffer overflows. It is also demonstrated how .dtors and the global offset table can have their memory addresses overwritten so that shellcode can be executed.

The author does well in explaining concepts by giving examples of more basic attacks first, and then demonstrating how more complex attacks work by building on the concepts that were previously explained. Some concepts, however, are not clearly explained. However, when a code example or concept does not quite seem to be clear to readers, they can perform their own experiments by modifying the source code that is on the CD that came with the book. As I myself experimented with the source code, I wondered if it would have been a good idea for there to be exercises included in the book for the reader to complete, as if this book were a textbook. However, readers for whom the book was intended, the inquisitive individuals who truly are hackers, should be able to come up with their own exercises so that they can reinforce their knowledge of material taught in the book. Astute readers will also try to predict upcoming material, as they may see how the different concepts taught in the book fit together. For example, when the section on .dtors and the global offset table are covered, one can predict how the memory addresses to which a program’s execution jumps can be overwritten with addresses of environment variables that contain shellcode.

This chapter was very informative in explaining and demonstrating how these exploits work. I liked how simple concepts were explained, then more complex ones were explained that built on the more basic concepts. Perhaps some of the material could have been explained better. However, there is no substitute for the practical experience that one can gain by working with the many examples that are provided in this book and on the CD that came with it. And there are many code examples included so that those who want to get the most out of the book can easily do so. Explanations of concepts are given mostly in the lucid and detailed manner that I have come to expect when reading this book. I look forward to reading the next chapter of the book, which is the chapter on networking. I also look forward to reviewing it.

I should begin by noting that as you may have assumed, I have knowledge of the C programming language. I also had prior knowledge of some of the concepts mentioned in this section of the book, and reading about these concepts refreshed my memory about them. This book, however, assumes no prior knowledge of programming in any language at all, as it describes the concept of programming at first. Then the fundamentals of programming with C are explained. These concepts are covered in much detail, and the explanations of them are quite lucid. I believe that individuals new to the concept of programming would find that the explanations of these fundamentals are given about as well as they can be given.

Many of those who will read this book may already have knowledge of C, and those individuals can skip reading several of the first pages of the book. These individuals will want to skip ahead to where what actually happens when code is compiled is described, as that is where the more advanced concepts that are the basis for later sections of the book are described. When readers see the disassembly of the source code and other information that can be viewed via the GNU debugger, they will truly begin to understand what happens when code is compiled. Many books on C do not cover material such as this. One may not need to know what is done with C code after it is compiled in order to write C code correctly. However, the importance of not viewing programs written in C as a series of statements written in C is noted in this book. Many hackers take advantage of the fact that many programmers see C code as the instructions executed by the computer, when it is the machine language that is ultimately derived from that C code that actually is executed. And this section on programming gives readers an idea of what is actually happening when a program is running. That is what makes this section of the book the introduction to C programming that I wish I had when I first started learning C.

After the obligatory “Hello World” program is given and the assembly code of it is described in detail, concepts about C programming that are beyond the basics are mentioned. And these concepts are not described without giving much information about what goes on “behind the scenes” when code examples illustrating these concepts are described. The reader will see what kind of assembly code is used when a function is called, the importance of the EBP, ESP, and EIP registers, and other details I would have liked to have seen before I started reading this book. I took a course in university titled “Foundations of Sequential Programs” in which it was said by the best professor that I ever had that there would be no mysteries as to what happens when code is compiled after taking that course. In that course, concepts like those taught in the book were taught, although not in C and x86 assembly language. To be able to learn about concepts such as frames on the stack, sections of memory, and what data is stored in certain registers in the context of C and actual x86 assembly language was something that I wanted to do for a long time.

In addition, I liked the way that the book subtly pointed out common errors made by C programmers. As an example, the importance of type casting to avoid a certain “gotcha” in C programming can be seen in a code example. More importantly, the way the book is written rewards the reader for paying attention to detail. There are a number of sentences that include the phrase “as you may have noticed” or something similar after code examples are given. It is noted in the first chapter of the book that hackers tend to fully understand rules and the details about these rules. When one reads through the book, one should pay attention to details such as exactly what is contained in assembly language statements as well as why memory addresses are what they are. One should always be an active reader when trying to learn new material. However, when reading this book on hacking, it is highly important to pay more attention to detail. And the importance of hands-on experience of course, cannot be overemphasized. Therefore, it would not have made much sense for there to not be a CD included with the book with a full Linux environment in which one could experiment and reinforce knowledge of concepts explained in the book.

There were other aspects of the book that I liked. In the example program at the end of the chapter that uses the concepts of C programming that were covered in the chapter on programming is a set of games. In the last blog entry here, I mentioned the “Find the Ace” game and how it illustrates the sometimes counterintuitive concept of conditional probability. Despite the fact that it says in the book incorrectly that the probability of winning when one changes which card to select is 50% (as mentioned in the book errata here) I thought this was interesting. Another game in that program seems to try to illustrate another topic of interest to hackers, which is the birthday paradox, which is important to know about when considering a security issue known as the birthday attack.

Knowledge of hacking begins with much knowledge of fundamental concepts. And this chapter on programming gives lucid and detailed information about those concepts. The first part of the book also teaches why these concepts matter. If more C programmers read this part of the book, there would be fewer security holes in software. This book does well in teaching what hackers need to know and why they need to know the concepts taught in it. This book truly underscores the fact that hacking is what tends to happen when depth and breadth of knowledge meet creativity. And I also consider the programming section alone worth the price I had to pay for the book. I look forward to reading later sections of this book. And I may review these sections at a later time, even though I suggest buying the book for only the section of it that I reviewed.