Firewalls and Internet Security, Second Edition phần 1 pdf

Firewalls and Internet Security, Second Edition... Rubin, Firewalls and Internet Security, Second Edition: Repelling the Wily Hacker David A.. Curry, UNIX® System Security: A Guide for

Firewalls and Internet Security, Second Edition

Addison-Wesley Professional Computing Series

Brian W, Kernighan and Craig Partridge, Consulting Editors

Matthew H Austern, Generic Programming and the STL: Using and Extending the C++ Standard Template Library David R Butenhof, Programming with POSIX® Threads

Brent Callaghan, NFS Illustrated

Tom Cargill, C++ Programming Style

William R Cheswick/Steven M Bellovin/Aviel D Rubin, Firewalls and Internet Security, Second Edition:

Repelling the Wily Hacker

David A Curry, UNIX® System Security: A Guide for Lifers and System Administrators Stephen C, Dewhurst, C++ Gotchas: Avoiding Common Problems in Coding and Design Erich Gamma/Richard Helm/Ralph

Johnson/John Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software Erich Gaimn a

/Richard Htlm/Raiph Johnson/John Vlissides, Design Patterns CD: Elements of Reusable

Object-Oriented Software

Pettr Haggar, Practical Java"' 1 Programming Language Guide

David R Hanson, C Interfaces and Implementations: Techniques for Creating Reusable Software Mark

Harrison/Michael McLennan, Effective Tcl/Tk Programming: Writing Better Programs with Tel and Tk Michi

Henning /Steve Virioski, Advanced CORBA® Programming with C++ Brian W Kemighan/Rob Pike, The

Practice of Programming 5 Keshav, An Engineering Approach to Computer Networking: ATM Networks, the

Internet, and the

Telephone Network

John Lakos, Large^Scale C++ Software Desig)>

Scott Meyers, Effective C++ CD; 85 Specific Ways to Improiv Your Programs and Designs Scott Meyers,

Effective C++, Second Edition: 50 Specific Ways to Improve Your Programs and Designs Scott Meyers,

More Effective C++: 35 New Ways to Imprviv Your Programs and Designs Scott Meyers, Effective STL: 50

Specific Ways to Improve Your U.« of the Standard Template Library Robert B Murray, C++ Strategies and

Tactics David R Musser/Gillmer ] Derge/Atul Saini, STL Tutorial and Reference Guide, Second

Edition:

C++ Programming with the Standard Template Library

John K Ousterhout, Td and the Tk Toolkit Craig

Partridge, Gigabit Networking

Radia Periman, Interconnections, Second F.ditiott: Bridges, Routers, Switches, and Internetworking Protocols

Stephen A Rftgo, UNIX® System V Network Programming Curt Schimmel, UNIX® Systems for Modern

Architectures: Symmetric Multifjrocessing and Caching for

Kernel Programmers

W Richard Stevens, Advai\ced Programming iti the UNIX® Environment W Richard Stevens, TCP/IP

Illustrated, Volume 1: The Protocols W Richard Stevens, TCP/IP Illustrated, Volume 3: TCP for

Transactions, HTTP, WWTP, and the UNIX®

Domain Protocols

W Richard Stevens/Gary R Wright, TCP/IP Illustrated Volumes 1-3 Boxed Set John Viega/Gary

McCraw, Building Secure Software: How to Avoid Security Problems the Right Way Gary R

Wright/W Richard Stevens, TCP/IP Illustrated, Volume 2: The Implementation Ruixi Yuan/ W

Timothy Strayer, Virtual Private Networks: Technologies and Solutions

Please see our web site (httpV/ www.awprofessional.com /series/professionalcomputing) for more information about these titles

Firewalls and Internet Security, Second Edition

Repelling the Wily Hacker

William R Cheswick Steven M Bellovin Aviel D Rubin

Boston • San Francisco * New York • Toronto • Montreal

London • Munich * Paris • Madrid Capetown • Sydney • Tokyo • Singapore • Mexico City

Addi son-Wesley

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks Where those designations appear in this book, and Addison-Wesley was aware of a trademark claim, the designations have been printed in initial capital letters or in all capitals

The authors and publisher have taken care in the preparation of this book, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions No liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein

The publisher offers discounts on this book when ordered in quantity for bulk purchases and special sales For more information, please contact:

U.S Corporate and Government Sales

(800)382-3419

co jpsa le s @ pearsontechgroup com

For sales outside of the U.S., please contact:

International Sales

(317)581-3793

intemational@pearsonlethgroup.tom

Visit Addison-Weslev on the Web: www.awprofessional.com

Library uf Congress Catuhging-in-Publication Data

Cheswick, William R

Firewalls and Internet security : repelling the wily hacker /William

R Cheswick, Steven M Bellovin and Aviel D, Rubin.— 2nd ed,

p cm Includes bibliographical references

and index

ISBN 020163466X

1, Firewalls (Computer security) I Bellovin, Steven M II Rubin,

Aviel D III Title

TK5105.875.I57C44 2003

005.&—dc21

2003000644 Copyright © 2003 by AT&T and Lumeta Corproation

All rights reserved No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form, or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior consent of the publisher Printed in the United States of America Published

simultaneously in Canada

For information on obtaining permission for use of material from this work, please submit a written request to:

Pearson Education, Inc Rights

and Contracts Department 75

Arlington Street, Suite 300

For my mother, Ruth Cheswick, whose maiden name shall not be revealed because this is a security book, and for my father, Richard Reid Cheswick, who taught me about Monday mornings, and many other things And to Terry, Kestrel, and Lorette, who had TO put up with

lengthy spates of grumpy editing sessions

—W.R.C.

To my parents, Sam and Sylvia Bellovin for everything, and to Diane, Rebecca, and Daniel, for all the best reasons in the world

—S.M.B

To my wife, Ann, my favorite person in the world; and to my children, Elana,

Tamara, and Benny, the three best things that ever happened to me

— A.D.R

Getting Started

1

1.1 Security Truisms 3

1.2 Picking a Security Policy 7

1.3 Host-Based Security 10

1.4 Perimeter Security 10

1.5 Strategies for a Secure Network 11

1.6 The Ethics of Computer Security 16

1.7 WARNING 18

2 A Security Review of Protocols: Lower Layers 19 2.1 Basic Protocols 19

2.2 Managing Addresses and Names 28

2.3 IP version 6 34

2.4 Network Address Translators , 37

2.5 Wireless Security 38

3 Security Review: The Upper Layers 41 3.1 Messaging 41

3.2 Internet Telephony 46

3.3 RPC-Based Protocols 47

3.4 File Transfer Protocols 52

3.5 Remote Login 58

3.6 Simple Network Management Protocol—SNMP 62

3.7 The Network Time Protocol 63

3.8 Information Services 64

vii

viii Contents

3.9 Proprietary Protocols 68

3.10 Peer-to-Peer Networking 69

3.11 TheX11 Window System 70

3.12 The Small Services 71

4 The Web: Threat or Menace? 73 4.1 The Web Protocols 74

4.2 Risks to the Clients 79

4.3 Risks to the Server 85

4.4 Web Servers vs Firewalls 89

4.5 The Web and Databases 91

4.6 Parting Thoughts 91

II The Threats 93 5 Classes of Attacks 95 5.1 Stealing Passwords 95

5.2 Social Engineering 98

5.3 Bugs and Back Doors 100

5.4 Authentication Failures 103

5.5 Protocol Failures 104

5.6 Information Leakage 105

5.7 Exponential Attacks—Viruses and Worms 106

5.8 Denial-of-Service Attacks , 107

5.9 Botnets 117

5.10 Active Attacks 117

6 The Hacker's Workbench, and Other Munitions 119 6.1 Introduction 119

6.2 Hacking Goals 121

6.3 Scanning a Network 121

6.4 Breaking into the Host 122

6.5 The Battle for the Host 123

6.6 Covering Tracks 126

6.7 Metastasis 127

6.8 Hacking Tools 128

6.9 Tiger Teams 132

III Safer Tools and Services 135 7 Authentication 137

7.1 Remembering Passwords 138

Contents ix

7.2 Time-Based One-Time Passwords 144

7.3 Challenge/Response One-Time Passwords ……… 145

7.4 Lamport's One-Time Password Algorithm 146

7.5 Smart Cards 147

7.6 Biometrics 147

7.7 RADIUS 148

7.8 SASL: An Authentication Framework 149

7.9 Host-to-Host Authentication 149

7.10 PKI 150

8 Using Some Tools and Services 153 8.1 inetd-— Network Services 153

8.2 Ssh—Terminal and File Access 154

8.3 Syslog 158

8.4 Network Administration Tools 159

8.5 Chroot—Caging Suspect Software 162

8.6 Jailing the Apache Web Server 165

8.7 Aftpd—A Simple Anonymous FTP Daemon 167

8.8 Mail Transfer Agents 168

8.9 POP3 and lMAP 168

8.10 Samba: An SMB Implementation 169

8.11 Taming Named 170

8.12 Adding SSL Support with Sslwrap 170

IV Firewalls and VPNs 173 9 Kinds of Firewalls 175 9.1 Packet Filters 176

9.2 Application-Level Filtering 185

9.3 Circuit-Level Gateways 186

9.4 Dynamic Packet Fitters 188

9.5 Distributed Firewalls 193

9.6 What Firewalls Cannot Do 194

10 Filtering Services 197 10.1 Reasonable Services to Filter 198

10.2 Digging for Worms 206

10.3 Services We Don't Like 207

10.4 Other Services 209

10.5 Something New 210

x Contents

11.1 Rulesets 212

11.2 Proxies 214

11.3 Building a Firewall from Scratch 215

11.4 Firewall Problems 227

11.5 Testing Firewalls 230

12 Tunneling and VPNs 233 12.1 Tunnels 234

12.2 Virtual Private Networks (VPNs) 236

12.3 Software vs Hardware 242

V Protecting an Organization 245 13 Network Layout 247 13.1 Intranet Explorations 248

13.2 Intranet Routing Tricks 249

13.3 In Host We Trust 253

13.4 Belt and Suspenders 255

13.5 Placement Classes 257

14 Safe Hosts in a Hostile Environment 259 14.1 What Do We Mean by "Secure"? 259

14.2 Properties of Secure Hosts 260

14.3 Hardware Configuration 265

14.4 Field-Stripping a Host 266

14.5 Loading New Software 270

14.6 Administering a Secure Host 271

14.7 Skinny-Dipping: Life Without a Firewall 277

15 Intrusion Detection 279 15.1 Where to Monitor 280

15.2 Types of IDSs 281

15.3 Administering an IDS 282

15.4 IDS Tools 282

VI Lessons Learned 285 16 An Evening with Berferd 287 16.1 Unfriendly Acts 287

16.2 An Evening with Berferd 290

16.3 The Day After 294

Contents xi

16.4 The Jail 295

16.5 Tracing Berferd 296

16.6 Berferd Comes Home 298

17 The Taking of Clark 301 17.1 Prelude 302

17.2 CLARK 302

17.3 Crude Forensics 303

17.4 Examining CLARK 304

17.5 The Password File 310

17.6 How Did They Get In? 310

17.7 Better Forensics 311

17.8 Lessons Learned 312

18 Secure Communications over Insecure Networks 313 18.1 The Kerberos Authentication System 314

18.2 Link-Level Encryption 318

18.3 Network-Level Encryption 318

18.4 Application-Level Encryption 322

19 Where Do We Go from Here? 329 19.1 IPv6 329

19.2 DNSsec 330

19.3 Microsoft and Security 330

19.4 Internet Ubiquity 331

19.5 Internet Security 331

19.6 Conclusion 332

VII Appendixes 333 A An Introduction to Cryptography 335 A.1 Notation 335

A.2 Secret-Key Cryptography 337

A.3 Modes Of Operation 339

A.4 Public Key Cryptography 342

A.5 Exponential Key Exchange 343

A.6 Digital Signatures 344

A.7 Secure Hash Functions 346

A.8 Timestamps 347

xii _

Contents B Keeping Up 349 B.1 Mailing Lists 350

B.2 Web Resources 351

B.3 Peoples' Pages 352

B.4 Vendor Security Sites 352

B.5 Conferences 353

Preface to the Second Edition

But after a time, as Frodo did not show any sign of writing a book on the spot, the

hobbits returned to their questions about doings in the Shire

Lord of the Rings

—J.R.R

TOLKIEN

The first printing of the First Edition appeared at the Las Vegas Interop in May, 1994 At that same show appeared the first of many commercial firewall products In many ways, the field has matured since then: You can buy a decent firewall off the shelf from many vendors

The problem of deploying that firewall in a secure and useful manner remains We have studied many Internet access arrangements in which the only secure component was the firewall itself—it was easily bypassed by attackers going after the "protected" inside machines Before the investiture of AT&T/Lucent/NCR, there were over 300,000 hosts behind at least six firewalls, plus special access arrangements with some 200 business partners

Our first edition did not discuss the massive sniffing attacks discovered in the spring of 1994 Sniffers had been running on important Internet Service Provider (ISP) machines for months-machines lhat had access to a major percentage of the ISP's packet flow By some estimates,

these sniffers captured over a million host name/user name/password sets from passing telnet, ftp, and riogin sessions There were also reports of increased hacker activity on military sites, it's

obvious what must have happened: If you are a hacker with a million passwords in your pocket, you are going to look for the most interesting targets, and mil certainly qualifies

Since the First Edition, we have been slowly losing the Internet arms race The hackers have

developed and deployed tools for attacks we had been anticipating for years, IP spoofing

[Shimo-rnura, 1996] and TCP hijacking are now quite common, according to the Computer Emergency Response Team (CERT) ISPs report that attacks on the Internet's infrastructure are

increasing

There was one attack we chose not to include in the First Edition: the SYN-flooding denial-of-service attack that seemed to be unstoppable Of course, the Bad Guys learned about the attack anyway, making us regret that we had deleted that paragraph in the first place We still believe that it is better to disseminate this information, informing saints and sinners at the same lime The saints need all the help they can get, and the sinners have their own channels of communication

xiii

xiv Preface

Crystal Ball or Bowling Ball?

The first edition made a number of predictions, explicitly or implicitly Was our foresight rate?

accu-Our biggest failure was neglecting to foresee how successful the Internet would become We barely mentioned the Web and declined a suggestion to use some weird syntax when listing soft-ware resources The syntax, of course, was the URL

Concomitant with the growth of the Web, the patterns of Internet connectivity vastly increased

We assumed that a company would have only a few external connections—few enough that they'd

be easy to keep track of, and to firewall Today's spaghetti topology was a surprise

We didn't realize that PCs would become Internet clients as soon as they did We did however, warn that as personal machines became more capable, they'd become more vulnerable Experi-ence has proved us very correct on that point

We did anticipate high-speed home connections, though we spoke of ISDN, rather than cable modems or DSL (We had high-speed connectivity even then, though it was slow by today's standards.) We also warned of issues posed by home LANs, and we warned about the problems caused by roaming laptops,

We were overly optimistic about the deployment of IPv6 (which was called IPng back then,

as the choice hadn't been finalized) It still hasn't been deployed, and its future is still somewhat

uncertain

We were correct, though, about the most fundamental point we made: Buggy host software is

a major security issue In fact, we called it the "fundamental theorem of firewalls":

Most hosts cannot meet our requirements: they run too many programs that are too large Therefore, the only solution is to isolate them behind a firewall if you wish to run any programs at ail

If anything, we were too conservative

Our Approach

This book is nearly a complete rewrite of the first edition The approach is different, and so are many of the technical details Most people don't build their own firewalls anymore There are far more Internet users, and the economic stakes are higher The Internet is a factor in warfare The field of study is also much larger—there is too much to cover in a single book One reviewer suggested that Chapters 2 and 3 could be a six-volume set (They were originally one mammoth chapter.) Our goal, as always, is to teach an approach to security We took far too long

to write this edition, but one of the reasons why the first edition survived as long as it did was that

we concentrated on the concepts, rather than details specific to a particular product at a particular time The right frame of mind goes a long way toward understanding security issues and making reasonable security decisions We've tried to include anecdotes, stories, and comments to make our points

Some complain that our approach is too academic, or too UNIX-centric that we are too alistic, and don't describe many of the most common computing tools We are trying to teach

ide-Preface xv

attitudes here more than specific bits and bytes Most people have hideously poor computing habits and network hygiene We try to use a safer world ourselves, and are trying to convey how

we think it should be

The chapter outline follows, but we want to emphasize the following:

It is OK to skip the hard parts.

If we dive into detail that is not useful to you feel free to move on

The introduction covers the overall philosophy of security, with a variety of time-tested ims As in the first edition Chapter 2 discusses most of the important protocols, from a secunty point of view We moved material about higher-layer protocols to Chapter 3 The Web merits a chapter of its own

max-The next part discusses the threats we are dealing with: the kinds of attacks in Chapter 5, and some of the tools and techniques used to attack hosts and networks in Chapter 6

Part III covers some of the tools and techniques we can use to make our networking world safer We cover authentication tools in Chapter 7, and safer network servicing software in Chap-ter 8

Part IV covers firewalls and virtual private networks (VPNs) Chapter 9 introduces various

types of firewalls and filtering techniques, and Chapter 10 summarizes some reasonable policies for filtering some of the more essential services discussed in Chapter 2 If you don't find advice about filtering a service you like, we probably think it is too dangerous (refer to Chapter 2) Chapter 11 covers a lot of the deep details of firewalls, including their configuration, admin-istration, and design It is certainly not a complete discussion of the subject, but should give readers a good start VPN tunnels, including holes through firewalls, are covered in some detail

in Chapter 12 There is more detail in Chapter )8

In Part V, we upply the.se tools and lessons to organizations Chapter 13 examines ihe lems and practices on modem intranets See Chapter 15 for information about deploying a hacking-resistant host, which is useful in any part of an intranet Though we don't especially like

prob-intrusion detection systems (IDSs) very much, they do play a role in security, and are discussed in

Chapter 15

The last pan offers a couple of stories and some further details The Berferd chapter is largely unchanged, and we have added "The Taking of Clark," a real-life story about a minor break-in that taught useful lessons

Chapter 18 discusses secure communications over insecure networks, in quite some detail For even further delail, Appendix A has a short introduction to cryptography

The conclusion offers some predictions by the authors, with justifications If the predictions are wrong, perhaps the justifications will be instructive, (We don't have a great track record as prophets.) Appendix B provides a number of resources for keeping up in this rapidly changing field

Errata and Updates

Everyone and every thing seems to have a Web site these days; this book is no exception Our

"official" Web site is http: //www.wilyhacker com Well post an errata list there; we'll

BILL CHESWICK

ches@cheswick.com

STEVE BELLOVIN smb@stevebellovin.com

AVI RUBIN avi@rubin.net

Preface to the First Edition

It is easy to run a secure computer system You merely have to disconnect all dial-up connections and permit only direct-wired terminals, put the machine and its terminals

in a shielded room, and post a guard at the door

— F.T GRAMPP AND R.H MORRIS

Of course, very few people want to use such a host

—THE WORLD

For better or for worse, most computer systems are not run that way today Security is, in general,

a trade-off with convenience, and most people are not willing to forgo (the convenience of remote access via networks to their computers Inevitably, they suffer from some loss of security It is our purpose here to discuss how to minimize the extent of that loss

The situation is even worse for computers hooked up to some sort of network Networks are risky for at least three major reasons First, and most obvious, more points now exist from which

an attack can be launched Someone who cannot get to your computer cannot attack it; by adding more connection mechanisms for legitimate users, you arc also adding more vulnerabilities,

A second reason is that you have extended the physical perimeter of your computer system

In a simple computer, everything is within one box The CPU can fetch authentication data from memory, secure in the knowledge that no enemy can tamper with it or spy on it Traditional mechanisms—mode bits, memory protection, and the like—can safeguard critical areas This is not the case in a network Messages received may be of uncertain provenance; messages sent are often exposed to all other systems on the net Clearly, more caution is needed

The third reason is more subtle, and deals with an essential distinction between an ordinary dial-up modem and a network Modems, in general, offer one service, typically the ability to log in, When you connect, you're greeted with a login or Username prompt: the ability to

do other things, such as sending mail, is mediated through this single choke point There may

be vulnerabilities in the login service, but it is a single service, and a comparatively simple one

xvii

Preface to the First Edition

Networked computers, on the other hand, offer many services: login, file transfer, disk access,

remote execution, phone book, system status, etc Thus, more points are in need of protection— points that are more complex and more difficult to protect, A networked file system, for example, cannot rely on a typed password for every transaction Furthermore, many of these services were developed under the assumption that the extent of the network was comparatively limited In

an era of globe-spanning connectivity, that assumption has broken down, sometimes with severe consequences

Networked computers have another peculiarity worth noting: they are generally not singular entities That is, it is comparatively uncommon, in today's environment, to attach a computer to

a network solely to talk to "strange" computers Organizations own a number of computers, and these are connected to each other and to the outside world This is both a bane and a blessing:

a bane, because networked computers often need to trust their peers, and a blessing, because the network may be configurable so that only one computer needs to talk to the outside world Such dedicated computers, often called "firewall gateways," are at the heart of our suggested security strategy

Our purpose here is twofold First, we wish to show that this strategy is useful That is,

a firewall, if properly deployed against the expected threats, will provide an organization with greatly increased security Second, we wish to show that such gateways arc necessary, and that there is a real threat to be dealt with

Audience

This book is written primarily for the network administrator who must protect an organization from unhindered exposure to the Internet The typical reader should have a background in system administration and networking Some portions necessarily get intensely technical A number of chapters are of more general interest

Readers with a casual interest can safely skip the tough stuff and still enjoy the rest

of the book,

We also hope that system and network designers will read the book Many of the problems we discuss are the direct result of a lack of security-conscious design We hope that newer protocols and systems will be inherently more secure

Our examples and discussion unabashedly relate to UNIX systems and programs UNIX-style systems have historically been the leaders in exploiting and utilizing the Internet They still tend

to provide better performance and lower cost than various alternatives Linux is a fine operating system, and its source code is freely available You can see for yourself how things work, which can be quite useful in this business

But we are not preaching UNIX here—pick the operating system you know best: you are less likely to make a rookie mistake with it But the principles and philosophy apply to network gateways built on other operating systems, or even to a run-time system like MS-DOS

Our focus is on the TCP/IP protocol suite, especially as used on the Internet This is not cause TCP/IP has more security problems than other protocol stacks—we doubt that very much— rather, it is a commentary on the success of TCP/IP Fans of XNS, DEC net, SNA, netware, and

be-Preface to the First Edition xix

others; have to concede that TCP/IP has won the hearts and minds of the world by nearly any sure you can name Most of these won't vanish—indeed, many arc now carried over IP links, just

mea-as ATM almost always carries IP By far, it is the heterogeneous networking protocol of choice, not only on workstations, for which it is the native tongue, but on virtually all machines, ranging from desktop personal computers to the largest supercomputers

Much of the advice we offer in this book is the result of our experiences with our companies' intrants and firewalls Most of the lessons we have learned are applicable to any network with similar characteristics We have read of serious attacks on computers attached to public X.25 data networks Firewalls are useful there, too, although naturally they would differ in detail

This is not a book on how to administer a system in a secure fashion, although we do make some suggestions along those lines Numerous books on that topic already exist, such us [Farrow

199 1] [Garfinkel and Spatfford, 1996] and [Curry 1992] Nor is this a cookbook to tell you how

to administer various packaged firewall gateways The technology is too new and any such work would be obsolete before it was even published Rather, it is a set of guidelines that, we hope, both defines the problem space and roughly sketches the boundaries of possible solution spaces

We also describe how we constructed our latest gateway, and why we made the decisions we did Our design decisions are directly attributable to our experience in detecting and defending against attackers

On occasion, we speak of "reports" that something has happened We make apologies for the obscurity Though we have made every effort to document our sources, some of our information comes from confidential discussions with other security administrators who do not want to be identified Network security breaches can be very embarrassing, especially when they happen to organizations that should have known better

Terminology

You keep using that word I don't think it means what you think it means

Inigo Montoya in The Princess Bride

—WILLIAM GOLDMAN [GOLDMAN, 1998]

Before we proceed further, it is worthwhile making one comment on terminology We have

chosen to cull the attackers "hackers'' To some, this choice is insulting, a slur by the mass media

on the good name of many thousands of creative programmers That is quite true Nevertheless, the language has changed Bruce Sterling expressed it very well [Sterling 1992, pages 55-561: The term "hacking" is used routinely today by almost all law enforcement officials with any professional interest in computer fraud and abuse American police describe almost any crime committed with, by, through, or against a computer as hacking

Most important, "hacker" is what computer intruders choose to call themselves Nobody who

hacks into systems willingly describes himself (rarely, herself) as a "computer intruder." puter trespasser," "cracker," "wormer." "dark-side hacker." or "high-tech street gangster" Sev-

Preface to the First Edition

eral other demeaning terms have been invented in the hope that the press and public will leave the original sense of the word alone But few people actually use these terms

Acknowledgments

There are many people who deserve our thanks for helping with this book We thank in particular our reviewers: Donato Aliberti, Betty Archer, Robert Bonomi, Jay Borkenhagen, Brent Chapman, Loretie EMane Petersen Archer Cheswick, Steve Crocker, Dan Doernberg, Mark Eckenwiler, Jim Ellis, Ray Kapian, Jeff Kellem, Joseph Kelly, Brian Kernighan, Mark Laubach, Barbara T Ling, Norma LoquendiT Barry Margolin Jeff Mogul, Gene Nelson, Craig Partridge, Marcus Ranum, Peter Weinberger, Norman Wilson, and of course our editor John Wait, whose name almost, but not quite, fits into our ordering Acting on all of the comments we received was painful, but has made this a better book Of course, we bear the blame for any errors, not these intrepid readers

Part I

Getting Started