Hacking Exposed: Network Security Secrets Solutions, Fifth Edition

Hacking Exposed: Network Security Secrets & Solutions, Fifth Edition
by Stuart McClure, Joel Scambray and George Kurtz  
McGraw-Hill/Osborne 2005 (692 pages)

Using real-world case studies and detailed examples of the latest devious break-ins, this book shows IT professionals how to protect computers and networks against the most recent security vulnerabilities.

Table of Contents
Hacking Exposed ”Network Security Secrets & Solutions, Fifth Edition
Part I - Casing the Establishment
Chapter 1 - Footprinting
Chapter 2 - Scanning
Chapter 3 - Enumeration
Part II - System Hacking
Chapter 4 - Hacking Windows
Chapter 5 - Hacking UNIX
Chapter 6 - Remote Connectivity and VoIP Hacking
Part III - Network Hacking
Chapter 7 - Network Devices
Chapter 8 - Wireless Hacking
Chapter 9 - Firewalls
Chapter 10 - Denial of Service Attacks
Part IV - Software Hacking
Chapter 11 - Hacking Code
Chapter 12 - Web Hacking
Chapter 13 - Hacking the Internet User
Part V - Appendixes
Appendix A - Ports
Appendix B - Top 14 Security Vulnerabilities
List of Figures
List of Tables
List of Code Listings
List of Sidebars

hacking exposed: network security secrets & solutions, fifth edition
Hacking Exposed: Network Security Secrets & Solutions, Fifth Edition
by Stuart McClure, Joel Scambray and George Kurtz  
McGraw-Hill/Osborne 2005 (692 pages)

Using real-world case studies and detailed examples of the latest devious break-ins, this book shows IT professionals how to protect computers and networks against the most recent security vulnerabilities.

Here is the latest edition of international best-seller, Hacking Exposed. Using real-world case studies, renowned security experts Stuart McClure, Joel Scambray, and George Kurtz show IT professionals how to protect computers and networks against the most recent security vulnerabilities. You'll find detailed examples of the latest devious break-ins and will learn how to think like a hacker in order to thwart attacks. Coverage includes:

  • Code hacking methods and countermeasures
  • New exploits for Windows 2003 Server, UNIX/Linux, Cisco, Apache, and Web and wireless applications
  • Latest DDoS techniques-- zombies , Blaster, MyDoom
  • All new class of vulnerabilities--HTTP Response Splitting
  • and much more

Hacking ExposedNetwork Security Secrets & Solutions, Fifth Edition

Stuart McClure

Joel Scambray

George Kurtz

The McGraw-Hill Companies

2100 Powell Street, 10th Floor
Emeryville, California 94608

To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact McGraw-Hill/Osborne at the above address. For information on translations or book distributors outside the U.S.A., please see the International Contact Information page immediately following the index of this book.

2005 Stuart McClure, Joel Scambray, and George Kurtz

All rights reserved. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication.

1234567890 CUS CUS 0198765


Acquisitions Editor
Jane Brownlow

Project Editor
Emily K. Wolman

Project Manager
LeeAnn Pickrell

Technical Editor
Anthony Bettini

Copy Editors
Bart Reed & Emily K. Wolman

John Gildersleeve

Karin Arrigoni

Composition and Illustration
Apollo Publishing Services

Series Design
Dick Schwartz & Peter F. Hancik

Cover Series Design
Dodie Shoemaker

This book was composed with Adobe InDesign CS.

Information has been obtained by McGraw-Hill /Osborne from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill /Osborne, or others, McGraw-Hill /Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such information.

To my family, your love and patience remind me always how blessed I am.

For those who have volunteered to fight on behalf of Americathanks.

To my loving wife, Anna, and my son, Alex, who provide inspiration, guidance, and unwavering support. To my mom, for helping me define my character and teaching me to overcome adversity.

About the Authors

Stuart McClure Stuart McClure is senior vice president of risk management product development at McAfee, Inc., where he is responsible for driving product strategy and marketing for the McAfee Foundstone family of risk mitigation and management solutions. McAfee Foundstone saves countless millions in revenue and hours annually in recovering from hacker attacks, viruses, worms, and malware. Prior to his role at McAfee, Stuart was founder, president, and chief technology officer of Foundstone, Inc., which was acquired by McAfee in October 2004.

Widely recognized for his extensive and in-depth knowledge of security products, Stuart is considered one of the industry's leading authorities in information security today. A published and acclaimed security visionary , he brings many years of technology and executive leadership to McAfee Foundstone, along with profound technical, operational, and financial experience. At Foundstone, Stuart leads both product vision and strategy, and holds operational responsibilities for all technology development, support, and implementation. During his tenure, annual revenues grew over 100 percent every year since the company's inception in 1999.

In 1999, he took the lead in authoring Hacking Exposed: Network Security Secrets & Solutions, the best-selling computer-security book ever, with over 500,000 copies sold to date. Stuart also coauthored Hacking Exposed: Windows 2000 (McGraw-Hill/Osborne, 2001) and Web Hacking: Attacks and Defense (Addison-Wesley, 2002).

Prior to Foundstone, Stuart held a variety of leadership positions in security and IT management, with Ernst & Young's National Security Profiling Team, two years as an industry analyst with InfoWorld's Test Center, five years as director of IT with both state and local California governments , two years as owner of an IT consultancy, and two years in IT with the University of Colorado, Boulder.

Stuart holds a bachelor's degree in psychology and philosophy, with an emphasis in computer science applications, from the University of Colorado, Boulder. He later earned numerous certifications, including ISC2's CISSP, Novell's CNE, and Check Point's CCSE.

Joel Scambray Joel Scambray is a senior director in Microsoft Corporation's MSN Security group , where he faces daily the full brunt of the Internet's most notorious denizens, from spammers to Slammer. He is most widely recognized as coauthor of Hacking Exposed: Network Security Secrets & Solutions, the internationally best-selling Internet security book, as well as related titles on Windows and web application security.

Before joining Microsoft in August 2002, Joel helped launch security services startup Foundstone, Inc., to a highly regarded position in the industry, and he previously held positions as a manager for Ernst & Young, security columnist for Microsoft TechNet, editor at large for InfoWorld Magazine, and director of IT for a major commercial real estate firm. He has spoken widely on information security to organizations including CERT, the Computer Security Institute (CSI), ISSA, ISACA, SANS, private corporations, and government agencies, including the FBI and the RCMP. Joel has maintained CISSP accreditation since 1999.

Joel Scambray can be reached at joel@webhackingexposed.com.

George Kurtz George Kurtz is senior vice president of risk management at McAfee, Inc., where he is responsible for the roadmap and product strategy for the McAfee Foundstone portfolio of risk management and mitigation solutions to protect IT infrastructures and to optimize business availability. Prior to his role at McAfee, George was CEO of Foundstone, Inc., which was acquired by McAfee in October 2004.

With his combination of business savvy and technical know-how, George charted Foundstone's strategic course, positioning the company as a premier "pure play" security solutions provider. George cofounded Foundstone in 1999, and his vision and entrepreneurial spirit helped attract a world-class management team to join him in building one of the most successful and dominant private security companies. During his tenure as chief executive officer at Foundstone, George successfully raised over $20 million in venture capital and was responsible for consummating several international strategic partnerships as well as the sale of Foundstone to McAfee in 2004. He was nationally recognized as one of Fast Company's Fast 50 leaders , technology innovators, and pioneers, and was regionally named 2003 Software Entrepreneur of the Year by the Southern California Software Industry Council.

Prior to cofounding Foundstone, George served as a senior manager and the national leader of Ernst & Young's Security Profiling Services Group. Prior to joining Ernst & Young, George was a manager at PricewaterhouseCoopers, where he was responsible for the development of their Internet security testing methodologies used worldwide.

As an internationally recognized security expert and entrepreneur, George is a frequent speaker at major industry conferences and has been quoted and featured in many top publications and media programs, including the Wall Street Journal, Time, the Los Angeles Times, USA Today, and CNN. He coauthored the best-selling Hacking Exposed: Network Security Secrets & Solutions as well as Hacking Linux Exposed (McGraw-Hill/Osborne, 2002), and he contributes regularly to leading industry publications.

George holds several industry designations, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and Certified Public Accountant (CPA). George graduated with honors from Seton Hall University, where he received a bachelor of science in accounting.

About the Contributing Authors

Stephan Barnes is currently in charge of consulting sales for Foundstone Professional Services, a Division of McAfee, and is a recognized name in the information security industry. Although his security experience spans 20 years, Stephan's primary expertise is in war-dialing, modems, PBX, and voicemail system security. All of these technologies are a critical addition to evaluating an external security posture of any modern enterprise. Stephan's industry expertise includes working for a military contractor and the DoD, and his consulting experience spans hundreds of penetration engagements for financial, telecommunications, insurance, manufacturing, distribution, utilities, and hightech companies. Stephan is a frequent speaker at many security-related conferences and organizations. He has gone by the alias M4phr1k for over 20 years and has maintained his personal website on war-dialing and other related topics at http://www.m4phr1k.com.

Michael Davis is currently a research scientist at Foundstone, Inc. He is also an active developer and deployer of intrusion detection systems, with contributions to the Snort Intrusion Detection System. Michael is also a member of the Honeynet project, where he is working to develop data and network control mechanisms for Windowsbased honeynets.

Nicolas Fischbach is a senior manager in charge of the European Network Security Engineering team at COLT Telecom, a leading pan-European provider of end-to-end business communications services. He holds an engineer degree in networking and distributed computing, and is a recognized authority on service provider infrastructure security and DoS-attack mitigation. Nicolas is cofounder of S•curit•.Org, a French-speaking portal on computer and network security; of eXperts and mystique , an informal security research group and think tank; and of the French chapter of the Honeynet project. He has presented at numerous technical and security conferences, teaches networking and security courses at various universities and engineering schools , and is a regular contributor to the French security magazine MISC. More details and contact information are on his homepage, http://www.securite.org/nico.

James C. Foster (CISSP, CCSE) is the Manager of FASL Research & Development and Threat Intelligence for Foundstone Inc. As such, he leads a team of research and development engineers whose mission is to create advanced security algorithms to check for local and network-based vulnerabilities for the FoundScan product suite. Prior to joining Foundstone, James was a senior consultant and research scientist with Guardent, Inc., and an adjunct author for Information Security Magazine, subsequent to working as an information security and research specialist at Computer Sciences Corporation. James has also been a contributing author in other major book publications. A seasoned speaker, James has presented throughout North America at conferences, technology forums, security summits, and research symposiums, with highlights at the Microsoft Security Summit, MIT Wireless Research Forum, SANS, and MilCon. He also is commonly asked to comment on pertinent security issues and has been cited in USA Today, Information Security Magazine, Baseline, Computer World, Secure Computing, and the MIT Technologist.

Bryce Galbraith is a senior hacking instructor and codeveloper of Foundstone's "Ultimate Hacking: Hands On" series. Since joining Foundstone's team, Bryce has taught the art of professional hacking to well over 1000 students from a "who's who" of top companies, financial institutions, and government agencies from around the globe. He has also taught at Black Hat conferences. Bryce consistently receives the highest ratings from course attendees and is often requested by name by various organizations. He has been involved with information technologies for over 20 years with a keen focus on the security arena. Prior to joining Foundstone, Bryce founded his own security company offering a variety of security-related services. Before this, he worked with major Internet backbone providers as well as other critical infrastructure companies, as designated by the FBI's National Infrastructure Protection Center (NIPC), providing a wide variety of security-related services. Bryce is a member of several security professional organizations and is a Certified Information System Security Professional (CISSP) and a Certified Ethical Hacker (CEH).

Michael Howard is the coauthor of the best-selling title Writing Secure Code (Microsoft Press, 2002), now in its second edition, and 19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them (McGraw-Hill/Osborne, 2005). He is the senior program manager of the Secure Windows Initiative at Microsoft, where he works on secure engineering discipline, process improvement, and building software for humans to use. He works with hundreds of people both inside and outside the company each year to help them secure their applications. Michael is a prominent speaker at numerous conferences, including Microsoft's TechEd and the PDC. He is also a coauthor of Processes to Produce Secure Software, published by the Department of Homeland Security, National Cyber Security. Michael is a Certified Information System Security Professional (CISSP).

About the Tech Reviewer

Anthony Bettini leads the McAfee Foundstone R&D team. His professional security experience comes from working for companies like Foundstone, Guardent, and Bindview, and from independent contracting. He specializes in Windows security and vulnerability detection, and programs in Assembly, C, and various scripting languages. Tony has spoken publicly at NIST's NISSC in the greater Washington, DC, area on new anti-tracing techniques and has spoken privately for numerous Fortune 500 companies. For Foundstone, Tony has published new vulnerabilities found in PGP, ISS Scanner, Microsoft Windows XP, and Winamp.


First, we would like to sincerely thank our incredibly intelligent and gracious colleagues at Foundstone for their help. Their tireless efforts in contributing to this fifth edition and the guidance through this book will never be overlooked. Thanks also to colleagues at Microsoft, including the crews at MSN Security, SBTU, TwC, Corporate Security, PSS, Office, and all the rest who've helped ride herd on those cats and provided inspiration daily.

Big thanks must also go to the tireless McGraw-Hill/Osborne editors and production staff who worked on this edition, including Jane Brownlow, Emily Wolman, LeeAnn Pickrell, James Kussow, and Jessica Wilson.

And finally, a tremendous "Thank You" to all the readers of the first, second, third, and fourth editions. Your never-ending support has risen the topic of security to the light of day and exposed the techniques of hackers to those who most desperately need them.