Book Review

Book cover image
Counter Hack
A Step by Step Guide to Compu­ter Attacks and Effective Defenses

Ed Skoudis
Prentice-Hall Series in Computer Networking and Distributed Systems, 564 pages (2002)


I t is a pleasure to finally find a 'hacker book' that not only contains useful information, but is actually well-written. The book starts out with obligatory background chapters on TCP/IP, Unix, and Windows NT/2000, then devotes a chapter to each phase of an attack, including reconnaissance, port scanning, gaining access, maintaining access, and covering tracks. The coverage is logical without drowning the reader in OS-specific details, emphasizing the attack from the hacker's point of view.

As with many trade paperback computer security books, however, this book also contains some errors. For example, on page 111 it says that password salting makes the Unix passwords more secure. This is not so: last time I checked, in Unix the 'salt' was included as the first two characters of the password string. Indeed, if the salt were not saved in the clear, it would be impossible for passwd to verify a user's password. The true purpose of 'salting' is not to add security, but to obfuscate the passwords from prying users in case two users' grandmothers both happen to have the same maiden name, so the users, after noticing that they are using the same password, don't start diving into each other's accounts.

Because of its orientation toward individual Windows or Unix workstation users and beginning-level sysadmins, the book also overlooks more "advanced" protective measures for the network itself, such as writing ACLs and configuring network intrusion detection systems, and gives almost no useful advice about firewalls.

The book also contains a number of careless statements, such as attributing the famous saying "An ounce of prevention is worth a pound of cure" to "anonymous" rather than to its actual author, Ben Franklin.

Despite these flaws, Counter Hack is otherwise fairly complete considering its limited goals, and is surprisingly enjoyable to read for a hacker book, which are often on the tendentious side. Tools used by attackers are discussed individually, but counter-measures and detection strategies are mostly discussed only in conceptual terms. The book doesn't go into specific details about implementing them, understandably so because of the wide variety of operating systems. For example, on page 226 it says:

You can also defend against Firewalk by filtering out ICMP Time Exceed messages leaving your network. At a border router or external firewall, drop all of these message types. Then, an attacker will not be able to get the message back used by Firewalk to determine the firewall rule set. Of course, if you implement this fix, normal users and network administrators will not be able to traceroute to your systems anymore, as traceroute relies on ICMP Time Exceeded Messages.
Even if a beginning sysadmin could get permission to try this, it might be easier said than done if they are still at the level where they are reading an introductory book like this one. Moreover, as in this example, hardening a network can have rather serious drawbacks. The book discusses these honestly, however, noting that every defense involves a tradeoff.
April 6, 2002 Back