In today's column, we're going to take a look at a fascinating book entitled "Silence on the Wire: a Field Guide to Passive Reconnaissance and Indirect Attacks" by Michal Zalewski and published this year by No Starch Press. This book takes a very unusual approach in explaining the nature of a type of threat that most of us would probably never have normally considered; that is -- how much information can be gleaned about our systems, our businesses and ourselves by a very patient individual who is doing little more than paying attention to subtle "leaks" of information that can be extracted from everyday system communications.

To warm you up to this idea, let's consider a possible analogy from everyday life. Passive reconnaissance in your hometown might involve what you can learn about a particular neighbor by watching the cars that stop by his house, noticing how long they stay and whether the same cars return or every car that stops appears to stop by only once.

Passive reconnaissance involves collecting information about a particular target without the target knowing and without anything being disrupted (or detected) in the process. Indirect attacks are a bit less passive. In these, the attacker takes some action to facilitate data collection, such as probing the system in some way which makes it likely that it will share more than it would ordinarily.

The book's approach to describing why these attack methods are possible and how they work starts with in-depth descriptions of systems, software and networking technology and then goes on to explain why each of these system or network components might allow someone to collect information that was not intended to be shared.

In early chapters, for example, we read about keyboard circuitry. We begin to see how the timing of key presses might be useful in inferring the text being typed. We also learn how the numeric basis of public key encryption depends on a particular system's ability to obtain unpredictable data from hardware or the "environment" (some activity on the system that cannot be predicted) and how the critical randomness of that data can be reduced if the entropy pool is run dry. We consider how some software packages may surreptitiously slip identifying information about the user of the package into documents that he creates.

In later chapters, we read that the padding on certain packets might contain chunks of data pulled from memory -- perhaps data of a sensitive nature that is being used or has been left in memory by some other process. We consider how the LEDs on many pieces of network equipment might reveal the information being transmitted.

We also learn how a switch, flooded with packets from many MAC addresses (presumably falsified) can run out of space in the table that it uses to keep track of the associations between these addresses and the ports through which these addresses appear to be reachable. When this happens, the switch reverts to what is referred to as "hub

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine