Review of Aggressive Network Self-Defense Posted
Amazon.com just posted my four star review of Aggressive Network Self-Defense. From the review:
"Aggressive Network Self-Defense (ANSD) is another innovative Syngress book. It leaps beyond the theories of digital self-defense initially proposed by Tim Mullen in 2002. Tim tried to justify using 'neutralizing agents' to disable malicious processes (like Code Red or Nimda) on infected hosts attacking one's enterprise. ANSD does not speak of neutralizing agents in the eight fictional cases the comprise the bulk of the book, but those chapters make for thought-provoking reading."
Tim Mullen's SecurityFocus.com articles on strike-back include The Right to Defend and Strikeback, Part Deux. His Defending your right to defend: Considerations of an automated strike-back technology is also online.
I disagree with the strike-back idea, as I believe it steps over the line into vigilante justices. It is telling that Tim's papers all pre-date the Welchia worm, which demonstrated how dangerous strike-back can really be. You'll remember the devastating ICMP traffic caused by Welchia as it searched for live machines for purposes of disabling the Blaster worm.
My review mentions that three of the chapters in the second part of the book are already online. In addition to Tim's works, you'll find Dan Kaminsky's MD5 To Be Considered Harmful Someday (.pdf) and Sensepost's When the tables turn A discussion paper on passive strike-back (.doc) online.
Update: The author of chapter 9 (Sergio Caltagirone) started a blog a few weeks ago -- activeresponse.org.
"Aggressive Network Self-Defense (ANSD) is another innovative Syngress book. It leaps beyond the theories of digital self-defense initially proposed by Tim Mullen in 2002. Tim tried to justify using 'neutralizing agents' to disable malicious processes (like Code Red or Nimda) on infected hosts attacking one's enterprise. ANSD does not speak of neutralizing agents in the eight fictional cases the comprise the bulk of the book, but those chapters make for thought-provoking reading."
Tim Mullen's SecurityFocus.com articles on strike-back include The Right to Defend and Strikeback, Part Deux. His Defending your right to defend: Considerations of an automated strike-back technology is also online.
I disagree with the strike-back idea, as I believe it steps over the line into vigilante justices. It is telling that Tim's papers all pre-date the Welchia worm, which demonstrated how dangerous strike-back can really be. You'll remember the devastating ICMP traffic caused by Welchia as it searched for live machines for purposes of disabling the Blaster worm.
My review mentions that three of the chapters in the second part of the book are already online. In addition to Tim's works, you'll find Dan Kaminsky's MD5 To Be Considered Harmful Someday (.pdf) and Sensepost's When the tables turn A discussion paper on passive strike-back (.doc) online.
Update: The author of chapter 9 (Sergio Caltagirone) started a blog a few weeks ago -- activeresponse.org.
Comments