Buy Used
+ £0.00 UK delivery
Used: Very Good | Details
Condition: Used: Very Good
Comment: Ships from the USA. Please allow 14-21 business days for delivery. Book has appearance of only minimal use. All pages are undamaged with no significant creases or tears. With pride from the Motor City.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Network Security Assessment: Know Your Network Paperback – 29 Mar 2004

5.0 out of 5 stars 3 customer reviews

See all 3 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
£25.59 £3.60

There is a newer edition of this item:

click to open popover

What other items do customers buy after viewing this item?

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone

To get the free app, enter your mobile phone number.

All Amazon Original Books on Sale
Browse a selection of over 160+ Kindle Books currently on sale. Learn more

Product details

  • Paperback: 400 pages
  • Publisher: O'Reilly Media; 1 edition (29 Mar. 2004)
  • Language: English
  • ISBN-10: 059600611X
  • ISBN-13: 978-0596006112
  • Product Dimensions: 17.8 x 2.4 x 23.3 cm
  • Average Customer Review: 5.0 out of 5 stars 3 customer reviews
  • Amazon Bestsellers Rank: 640,181 in Books (See Top 100 in Books)
  • Would you like to tell us about a lower price?
    If you are a seller for this product, would you like to suggest updates through seller support?

  • See Complete Table of Contents

Product description

About the Author

Chris McNab is the Technical Director of Matta, a vendor-independent security consulting outfit based in the United Kingdom. Since 2000, Chris has presented and run applied hacking courses across Europe, training a large number of financial, retail, and government clients in practical attack and penetration techniques, so that they can assess and protect their own networks effectively. Chris speaks at a number of security conferences and seminars, and is routinely called to comment on security events and other breaking news. He has appeared on television and radio stations in the UK (including BBC 1 and Radio 4), and in a number of publications and computing magazines. Responsible for the provision of security assessment services at Matta, Chris and his team undertake Internet-based, internal, application, and wireless security assessment work, providing clients with practical and sound technical advice relating to secure network design and hardening strategies. Chris boasts a 100% success rate when compromising the networks of multinational corporations and financial services companies over the last five years.

Excerpt. © Reprinted by permission. All rights reserved.

Chapter 4 -IP Network Scanning

This chapter focuses on the technical execution of IP network scanning. After undertaking initial reconnaissance to identify IP address spaces of interest, network scanning builds a clearer picture of accessible hosts and their network services. Network scanning and reconnaissance is the real data gathering exercise of an Internet-based security assessment. The rationale behind IP network scanning is to gain insight into the following elements of a given network:

• ICMP message types that generate responses from target hosts
• Accessible TCP and UDP network services running on the target hosts
• Operating platforms of target hosts and their configuration
• Areas of vulnerability within target host IP stack implementations (including sequence number predictability for TCP spoofing and session hijacking)
• Configuration of filtering and security systems (including firewalls, border routers, switches, and IDS sensors)

Performing both network scanning and reconnaissance tasks paints a clear picture of the network topology and its security mechanisms. Before penetrating the target network, further assessment steps involve gathering specific information about the TCP and UDP network services that are running, including their versions and enabled options.

ICMP Probing
The Internet Control Message Protocol (ICMP) identifies potentially weak and poorly protected networks. ICMP is a short messaging protocol that’s used by systems administrators and end users for continuity testing of networks (e.g., using the ping or traceroute commands). From a network scanning and probing perspective, the following types of ICMP messages are useful:

Type 8 (echo request)
Echo request messages are also known as ping packets. You can use a scanning tool such as nmap to perform ping sweeping and easily identify hosts that are accessible.

Type 13 (timestamp request)
A timestamp request message requests system time information from the target host. The response is in a decimal format and is the number of milliseconds elapsed since midnight GMT.

Type 15 (information request)
The ICMP information request message was intended to support self-configuring systems such as diskless workstations at boot time, to allow them to discover their network address. Protocols such as RARP, BOOTP, or DHCP do so more robustly, so type 15 messages are rarely used.

Type 17 (subnet address mask request)
An address mask request message reveals the subnet mask used by the target host. This information is useful when mapping networks and identifying the size of subnets and network spaces used by organizations.

Firewalls of security-conscious organizations often blanket-filter inbound ICMP messages and so ICMP probing isn’t effective; however, ICMP isn’t filtered in most networks because ICMP messages are often useful for network troubleshooting purposes.

There are a handful of other ICMP message types that have relevant security applications
(such as ICMP type 5 redirect messages sent by routers), but they aren’t related
to network scanning.

Table 4-1 outlines popular operating systems and their responses to certain types of
direct ICMP query messages.

Indirect ICMP query messages can be sent to the broadcast address of a given subnet (such as in a network). Operating systems respond in different ways to indirect queries issued to a broadcast address, as shown in Table 4-2.

Ofir Arkin of the Sys-Security Group has undertaken a lot of research into ICMP over recent years, publishing white papers dedicated entirely to the use of ICMP probes for OS fingerprinting. For quality in-depth details of ICMP probing techniques, please consult his research available from his web site.

Customer reviews

Share your thoughts with other customers
See all 3 customer reviews

Top customer reviews

21 November 2017
Format: Kindle Edition|Verified Purchase
0Comment|Was this review helpful to you? Report abuse
A customer
18 February 2006
Format: Paperback
0Comment| One person found this helpful. Was this review helpful to you? Report abuse
30 May 2004
Format: Paperback
0Comment| 5 people found this helpful. Was this review helpful to you? Report abuse

Most helpful customer reviews on 4.3 out of 5 stars 17 reviews
Ben Rothke
4.0 out of 5 starsExcellent book and has a lot of valuable information
10 October 2004 - Published on
Format: Paperback
8 people found this helpful.
F. Loehmann
5.0 out of 5 starsA great collection of assessment tools and techniques
31 August 2004 - Published on
Format: Paperback
4 people found this helpful.

Where's My Stuff?

Delivery and Returns

Need Help?