Rating: 
Summary: Excellent Library reference for anyone writing network apps.
Review: After purchasing "Building Open Source Network Security Tools" I was able to write a full featured libnet 1.1.x based utility for a work related project in four days. I had no previous experience with the libnet library and was extremely impressed with how easy it was to build the tcp/udp/icmp/igmp/ip packets that I needed. The sample programs were short enough (and commented well enough) that I was able to hit the ground running.
Rating: 
Summary: The open source security scene needs more books like this
Review: Books on hacking, cracking, exploiting, and breaking software seem to get all of the attention in the security world. However, we need more works like Mike Schiffman's 'Building Open Source Network Security Tools' (BOSNST). I regret having waited so long to read BOSNST, but I'm glad I did. Schiffman's book is for people who want to build, not break, software, and the way he describes how to create tools is enlightening.
The major theme I captured from BOSNST was the importance of creating useful code libraries. Six of the book's 12 chapters focus on libraries which provide functions for application programmers. While not all have gained the same amount of fame or use, the author's approach remains sound. Libraries are the building blocks around which numerous tools can and should be built.
This theme helped me understand the evolution of RFP's Whisker CGI scanner, released in Oct 1999 and deprecated in May 2003. Whisker lives on as a library, Libwhisker, in the Nikto Web server scanner. Similarly, Schiffman's chapter on Libsf mentions the utility of creating a library offering the functionality of the popular Nmap scanning tool. (Unfortunately, I haven't seen progress on this. Nmap author Fyodor last mentioned 'Libnmap' in his 2003 Nmap features survey, and it's not apparent in the tool's latest version.)
I found the six library chapters to be helpful. Some of the code has stagnated since 2002 (Libnids, Libsf), while some has continued to evolve (Libpcap, Libdnet, OpenSSL). Schiffman provides good explanations of buffer overflow and format string attacks in ch 10, and I thought his state machine-based port scan detector (Descry) in ch 11 was innovative.
One of the strongest sections of BOSNST is ch 12, where the author provides a 25-page code walkthrough of his Firewalk tool. This chapter is the model for anyone seeking to explain tool internals. Schiffman offers flowcharts, context charts, and explanations of code snippets. He doesn't simply dump page after page of C code in front of the reader. (Most chapters of BOSNST do conclude with the full source code for sample tools, however.)
I have no real complaints with BOSNST. I found minor errors in two diagrams (p 220, 223 should show the SYN/ACK or RST reply coming from the target, not to the target). Schiffman's writing style is clear and engaging, which makes a difference when explaining functions in code.
Those who want to learn how to assemble their security expertise in the form code libraries should read BOSNST. Those who wish to use the libraries found in the book, or those with similar functionality, should also read BOSNST. I look forward to Schiffman's next book, where hopefully he will finally update his biography to say 'AFIWC' (for 'Air Force Information Warfare Center') instead of 'AFWIC' (aka the UN's 'AFrican Women In Crisis' program).
Rating:
Summary: amazing..must have for anybody who writes networking code
Review: Even if your focus isn't security, any coder that writes networking code would find this book interesting and hard to put down. In addition to the security information, the book provides in-depth information on low level networking that any coder would find useful. The examples presented shows the reader how to, in a quick and concise way, build almost any network security tool they could imagine. This means that Security professionals no longer need to rely on companies like ISS for their tools. Chapter 10, Attack and Penetration Techniques, is worth the price of the book alone. Anybody that is responsible for securing a large network is familiar with vulnerability scanning, this chapter helps the reader understand how these tools work, and how to write there own. This type of information is extremely useful to people who find themselves in the position of quickly searching a network for something that other scanners may not detect yet. An example of this would be a new rootkit that listens on port 80. A simple port scan of a network would make finding compromised machines hard because 80 is also a legitimate port for web servers. Applying the information Schiffman gives you, a person could construct a scanner in almost no time. There are a dozen more examples why this book is elite, but rapid development and extensibility of tools that are developed throughout the book makes it a must have for any security professional.
Rating:
Summary: It is about time
Review: Finally! I have needed this book for years. This book works as a good reference or a how to book for those who need custom network security tools. It helped me finish a tool that I have been working on for months. This will become a standard book for all security professionals.
Rating:
Summary: route rules
Review: Heehee, I haven't even read this book yet. BUT, I've played around with the software mentioned in the book, and I've been a fan of Mike Schiffman a.k.a. "route"/"daemon9" for years, since he was editor of Phrack magazine. I've played around with libnet and its pretty useful.. although you fancy-pants OO C++ coders may not like the old-school C coding. The libraries are effective, and definitely worth looking at if you're a C coder who needs to test network application security or stability.
Check out these sites to see what Schiffman has been up to now and in the past:
www.securityfocus.com
www.packetfactory.net
www.phrack.com
To summarize, Schiffman knows his stuff, and the security community knows it. This book isn't just written by some uninspired suit.. The author has credibility, as proven by the tools that he has written and continues to maintain.
Rating: 
Summary: Shill reviews?
Review: I bought this book after reading reviews here and was deeply
disappointed. Mike Schiffman posted a request for positive
Amazon reviews to his Libnet mailing list on 10/19/02, and
some people may have been far too accommodating! The
Libdnet and OpenSSL chapters simply rehash API documentation
available via the project web sites and man pages. I would
rather go to the source for up-to-date docs. There is also
a whole chapter on LibSF, which seems to be a quick hack
created just in time for this book. Version "Beta 0.01" was
released on 7/28/02 and no updates have been made since. It
doesn't even compile on my FreeBSD or Solaris machines.One bright spot is the coverage of Libnet, a packet building
library written by Schiffman. If you make heavy use of
Libnet, the extra insights may prove useful. But the man
page is quite sufficient and more convenient for casual use.
In addition, many (most?) people are moving to Dug
Song's Libdnet API instead, which is poorly covered in
chapter 6. Some folks may value the sample programs
included in each chapter, but I prefer to find and study
real applications online. If you really want the sample
code, it is available from the book web site.
Rating:
Summary: Man Page Reprint
Review: I found this book to be extrodinarily helpful. Easy to follow, but with very detailed code examples, I came away from this book with a much better understanding of the open source software libraries available to me. I highly recommend this book to anybody who intends to use libnet, or libpcap, or any of the other open source libraries.
Rating:
Summary: Excellent security book
Review: I found this book to be extrodinarily helpful. Easy to follow, but with very detailed code examples, I came away from this book with a much better understanding of the open source software libraries available to me. I highly recommend this book to anybody who intends to use libnet, or libpcap, or any of the other open source libraries.
Rating:
Summary: Great for new security programmers
Review: I'm glad someone finally wrote a book on this subject. To my knowledge this is the first and only book to tackle the subject of teaching people to write their own security tools from publicly available resources. Before this book, people were forced to try and examine badly coded source code examples which arent't nearly as helpful as having someone to guide you through all the major componenets like this book does. I give this book 4.5 stars. Nice work.
Rating:
Summary: Voice of Experience
Review: If there's anyone who's anyone in the Open Source security tool world, it's Mr. Schiffman. This book is the closest thing to a definitive text on the subject that exists today, and is absolutely worth the read.
|
