Showing posts from January, 2003

Windows Rootkit ierk8243.sys

I just heard about a thread on NTBugTraq regarding the presence of a kernel level driver called ierk8243.sys . This might be evidence of a trojan related to the MS-SQL "Slammer" worm. Check the thread for more info. I can't find anything else publicly available, yet.

Review of Windows XP Professional Security Posted just posted my five-star review of Windows XP Professional Security . From the review: Good administration-oriented security books teach more than proper system configuration. They illuminate the inner workings of the operating system and explain why certain strategies work best. WXPPS doesn't just list OS settings; it explains what they mean and how they have consequences.

Port 1434 UDP Traffic

I just finished listening to the SANS webcast on the recent 1434 udp traffic. It's worth a background listen and lasts one hour.

DALnet DDoS Attacks

slashdot alerted me to an article about DDoS attacks against DALnet . Read more here . Learn more about IRC in general at . A gallery of bots in action makes for good reading.

SQL Slammer

Looks like the Internet is weathering a new worm. Check out Internet Health Report to see that UUNet appears worse affected at the moment. Details on the vulnerability are available from CERT/CC . eEye has a good write-up and a disassembly . Cisco offers defensive measures. You can find reachability and packet loss graphs at .

Review of Hacker's Challenge 2 Posted fixed their reviews page. Now my four-star review of Hacker's Challenge 2 appears. From the review: I've given up on seeing Mike Schiffman correctly abbreviate the Air Force Information Warfare Center as "AFIWC" in his biography. His use of "AFWIC" must refer to the UN's AFrican Women In Crisis program and not the talk he gave to the AFIWC in Apr 99!

DNS Traffic Analysis Results

From this article : Scientists at the San Diego Supercomputer Center (SDSC) at UCSD analyzing traffic to one of the 13 Domain Name System (DNS) “root” servers at the heart of the Internet found that the server spends the majority of its time dealing with unnecessary queries. The paper explains what is happening and offers recommendations. Observations made at one server for one day don't conform to rigorous statistical norms, but the findings are interesting nevertheless. slashdot is discussing the findings . Review Updates

I just finished reading Windows XP Professional Security . It was excellent and I added it to my Digital Security System Administration Listmania List. Hopefully will publish the review soon. While my review of Hacker's Challenge 2 appears on the book's page, it's not listed on my reviews yet. I guess is still having database issues.

FreeBSD 5.0 Released

FreeBSD 5.0 RELEASE was announced yesterday. Use the mirrors to retrieve what you need. The guys at Slashdot repeated last June's debacle with FreeBSD 4.6 RELEASE by jumping the gun on 5.0 RELEASE's announcement and linking directly to an FTP server. They should have waited for the announcement and then linked to it or the mirror database.

Response from responded to my email with the following: Dear Richard, Thank you for writing to At this time we have encountered some technical issues with customer reviews on the website. These issues have impacted the majority of our customers who submit reviews to the website and have resulted in the inability of customers to properly view their reviews in their About You Areas, the disappearance of previously posted reviews, and the delay in the posting of their most recent review submissions. Our technical support staff is aware of each of these problems and are researching the cause of each of the issues. Please be aware that they have implemented changes to our database to resolve these issues. These changes will be affecting the website over the course of the next few business days. We appreciate your patience during this time period. Thank you for your interest in

Email to

I just sent the following email to Hello, is a great site and I'm amazed you can manage as much information as you do! I noticed appears to be having trouble with some of its book information. While I no longer see that books not yet published will arrive on "December 31, 1969," the review data seems out of sync. For example, when visiting this link to look at my reviews, the last one I see is for the book "BGP" by Iljitsch Van Beijnum, reviewed on 5 Jan 03: BGP However, a review I wrote on 8 Jan 03 for the book "Implementing Intrusion Detection Systems : A Hands-On Guide for Securing the Network" by Tim Crothers appears only at this link: Implementing IDS Also, I submitted a review for this book on 11 Jan, but haven't seen the review posted yet: HC2 Is still experiencing some trouble with its reviews? Thank you, Richard Bejtlich Problem

It looks like certain links are working again, although the publication dates of December 31, 1969 still appear.

Response from

I emailed asking why their "reviewer" links are broken. Here is their response: Hello Richard, Thank you for writing to to bring this to our attention. Our technical support staff is aware of the problem that has affected the proper displaying of customer reviews within each customer's About You area. It does appear that this problem is currently affecting almost all of our reviewers. As our technical support staff has not completed diagnosing the cause of this problem they have been unable to provide an estimate as to when the problem will be rectified. We appreciate your patience while they work to find a solution. Thank you for your interest in I also noticed books with a publication date in the future are listed as "Availability: This title will be released on December 31, 1969. You may order it now and we will ship it to you when it arrives"!

New and Listmania Lists

I finally updated the look of TaoSecurity . I hope everyone likes the new design. I also updated my Listmania Lists , aka "Recommended Reading," at I broke the lists down into five "Digital Security" categories: Weapons and Tactics Communications Scripting and Programming System Administration Management Essentials While I've read most of the Weapons and Tactics and Communications books, I am only now starting the books from the other lists. Email me if you might recommend a better book, especially one on Windows system administration.

SecurityFocus Removes Exploits from Database

Have you noticed that SecurityFocus has removed exploit code from its vulnerability database ? Anyone knowing why, please email me at richard at taosecurity dot com.

Story on DNS Root Servers

Rik Farrow wrote another excellent "Network Defense" article titled DNS Root Servers: Protecting the Internet . Rik elaborates on the criticality of the generic top level domain (gTLD) servers: "The eight U.S. gTLDs are all currently operated by Network Solutions and run on IBM AIX servers using the same software. As with root servers, there are also international gTLDs, located in Hong Kong, Tokyo, Stockholm, and the U.K. The gTLDs get many more requests than the root servers and are in fact more critical to DNS operation. The root servers simply point to the gTLDs and ccTLDs. These servers, in turn, return the addresses of the authoritative name servers for most domains." Error

Since yesterday, links to reviewer pages at have been resulting in errors. This has been happening to other reviewers as well.

Review of Implementing Intrusion Detection Systems Posted just posted my four star review of Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network (Wiley, Dec 2002) by Tim Crothers. When was the last time you saw a new book on detecting intrusions at your local book store? Aside from revisions of "Network Intrusion Detection" by Northcutt and Novak, the last thought-provoking book was Paul Proctor's "Practical Intrusion Detection Handbook," published in August 2000. In 2003, IDS fans, the drought has ended...

First Post and Review of BGP Posted

Welcome to my blog! The main new content will be news of book reviews that I've had published at . In 2002 I read and reviewed 24 books on computer security topics. Most recently, these included The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick and The Hacker Diaries: Confessions of Teenage Hackers by Dan Verton. My first published review of 2003 is a four star review of BGP (O'Reilly, Sep 2002) by Iljitsch Van Beijnum. You can see my book reading (and reviewing) schedule by visiting . I will no longer try to review every security book which hits the shelves! That was a pipe dream, even when I started reading these sorts of books in 1998. The books I add to my schedule either address a topic about which I need to know more, or offer original content by an interesting author. Thank you for visiting! Richard Bejtlich TaoSecurity