Buy Used
CDN$ 4.33
+ CDN$ 6.49 shipping
Used: Good | Details
Sold by Daily-Deal-
Condition: Used: Good
Comment: This Book is in Good Condition. Used Copy With Light Amount of Wear. 100% Guaranteed.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses Paperback – Jul 23 2001

4.9 out of 5 stars 23 customer reviews

See all 2 formats and editions Hide other formats and editions
Amazon Price
New from Used from
"Please retry"
CDN$ 25.75 CDN$ 4.33
click to open popover

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Product Details

  • Paperback: 592 pages
  • Publisher: Prentice Hall; 1 edition (July 23 2001)
  • Language: English
  • ISBN-10: 0130332739
  • ISBN-13: 978-0130332738
  • Product Dimensions: 17.9 x 4 x 23.5 cm
  • Shipping Weight: 1.1 Kg
  • Average Customer Review: 4.9 out of 5 stars 23 customer reviews
  • Amazon Bestsellers Rank: #2,392,337 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Product Description

From Amazon

In defending your systems against intruders and other meddlers, a little knowledge can be used to make the bad guys--particularly the more casual among them--seek out softer targets. Counter Hack aims to provide its readers with enough knowledge to toughen their Unix and Microsoft Windows systems against attacks in general, and with specific knowledge of the more common sorts of attacks that can be carried out by relatively unskilled "script kiddies". The approach author Ed Skoudis has chosen is effective, in that his readers accumulate the knowledge they need and generally enjoy the process.

The best part of this book may be two chapters, one each for Windows and Unix, which explain the essential security terms, conventions, procedures and behaviours of each operating system. This is the sort of information that readers need--a Unix person getting into Windows administration for the first time needs an introduction to the Microsoft security scheme, and vice versa. A third chapter explains TCP/IP with focus on security. With that groundwork in place, Skoudis explains how (with emphasis on tools) attackers look for vulnerabilities in systems, gain access and maintain their access for periods of time without being discovered. You'll probably want to search online resources for more specific information--Skoudis refers to several--but this book by itself will provide you with the vocabulary and foundation knowledge you need to get the details you want. --David Wall

Topics covered: How black-hat hackers work, what tools and techniques they use, and how to assess and improve your systems' defences. The author explains how Windows, Unix, and TCP/IP can be exploited for nefarious purposes and details a modus operandi that's typical of the bad guys.

From the Inside Flap


My cell phone rang. I squinted through my sleepy eyelids at the clock. Ugh! 4 a.m., New Year's Day. Needless to say, I hadn't gotten very much sleep that night.

I picked up the phone to hear the frantic voice of my buddy, Fred, on the line. Fred was a security administrator for a medium-sized Internet Service Provider, and he frequently called me with questions about a variety of security issues.

"We've been hacked big time!" Fred shouted, far too loudly for this time of the morning.

I rubbed my eyes to try to gain a little coherence.

"How do you know they got in? What did they do?" I asked.

Fred replied, "They tampered with a bunch of Web pages. This is bad, Ed. My boss is gonna have a fit!"

I asked, "How did they get in? Have you checked out the logs?"

Fred stuttered, "W-Well, we don't do much logging, because it slows down performance. I only snag logs from a couple of machines. Also, on those systems where we do gather logs, the attackers cleared the log files."

"Have you applied the latest security fixes from your operating system vendor to your machines?" I asked, trying to learn a little more about Fred's security posture.

Fred responded with hesitation, "We apply security patches every three months. The last time we deployed fixes was?um?two-and-a-half months ago."

I scratched my aching head and said, "Two major buffer overflow attacks were released last week. You may have been hit. Have they installed any RootKits? Have you checked the consistency of critical files on the system?"

"You know, I was planning to install something like Tripwire, but just never got around to it," Fred admitted.

I quietly sighed and said, "OK. Just remain calm. I'll be right over so we can start to analyze your machines."

You clearly don't want to end up in a situation like Fred, and I want to minimize the number of calls I get at 4 a.m. on New Year's Day. While I've changed Fred's name to protect the innocent, this situation actually occurred. Fred's organization had failed to implement some fundamental security controls, and it had to pay the price when an attacker came knocking. In my experience, many organizations find themselves in the same state of information security unpreparedness.

But the situation goes beyond these security basics. Even if you've implemented all of the controls discussed in my Fred narrative above, there are a variety of other tips and tricks you can use to defend your systems. Sure, you may apply security patches, use a file integrity checking tool, and have adequate logging, but have you recently looked for unsecured modems? Or, how about activating port-level security on the switches in your critical network segments to prevent powerful, new active sniffing attacks? Have you considered implementing non-executable stacks to prevent one of the most common types of attacks today, the stack-based buffer overflow? Are you ready for kernel-level RootKits? If you want to learn more about these topics and more, please read on.

As we will see throughout the book, computer attacks happen each and every day, with increasing virulence. To create a good defense, you must understand the offensive techniques of your adversaries. In my career as a system penetration tester, incident response team member, and information security architect, I've seen numerous types of attacks ranging from simple scanning by clueless kids to elite attacks sponsored by the criminal underground. This book boils down the common and most damaging elements from these real-world attacks, while offering specific advice on how you can proactively avoid such trouble from your adversaries. We'll zoom in on how computer attackers conduct their activities, looking at each step of their process so we can implement in-depth defenses.

The book is designed for system administrators, network administrators, and security professionals, as well as others who want to learn how computer attackers do their magic and how to stop them. The offensive and defensive techniques laid out in the book apply to all types of organizations using computers and networks today, including enterprises and service providers, ranging in size from small to gigantic.

Computer attackers are marvelous at sharing information with each other about how to attack your infrastructure. Their efficiency at information dissemination about victims can be ruthless. It is my hope that this book can help to even the score, by sharing practical advice about how to defend your computing environment from the bad guys. By applying the defenses from this book, you can greatly improve your computer security and, perhaps, we'll both be able to sleep in late next New Year's Day.

See all Product Description

Customer Reviews

4.9 out of 5 stars
Share your thoughts with other customers

Top Customer Reviews

Format: Paperback
Overall, highly recommended, it's a no doubt five stars quality book. Even though I borrowed this book from library, I just place an order to purchase my own copy. Excellent reference material!
This book covers two major parts: (1) All-you-need-to-know Overviews, and (2) Hacking Skills. Ed only takes about 20% of his entire book portion for giving readers the overview of all important knowledge such as Networking,Unix & Windows. For those overviews chapters, they are all well-written and extremely easy to follow even for complicated concepts. By themselves, they already worth the book value, and they're excellent for refreshing those key & important knowledge & concepts.
The second part of the book mainly addresses various hacking approaches. The contents are exactly same as Ed's desktop seminar 'The Hack Counter-Hack Training Course', which is a computer-based training video on CD-ROM. However, this book provides much more details and in-depth explanation on how-things-done. Again, it's really well-written to depict the complicated hacking techniques. If you purchase the Ed's The Hack Counter-Hack Training Course, I strongly recommend you to buy this book as your reference material. They should go in pair.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse
Format: Paperback
I got a copy back in November 2001, but the book still deserves all the praise. It simply shows that a well-written infosec book doesn't have to be "fresh" or to be in the umpteenth edition to be fun and useful.
It has all the components of a great book: logical presentation style, wide material coverage from concepts to command line switches, humor, plenty of details on attacks and defenses.
The book presents a typical attack sequence (from recon to maintaining access) and goes into details on all its stages. A distinctive feature of the book is that the security tools descriptions are present not as the "man page rephrase" (a senseless stream of options and parameters), but instead woven into the fabric of the attack flow, thus making it much more interesting.
The book is focused more on the attack side, while containing small tips on protecting and blocking various described attacks. I also liked author's coverage of UNIX rootkits. Another awesome part of the book is three scenarios in the end. I was lucky to be present when then author presented the "Monstrous Software" attack case (#3 in the book) at the seminar and it was just as hilarious as it was enlightening.
Overall, the book is still a very useful addition to any security book library. Perhaps a second edition is in the works, Ed? More web attacks, novel application hacking and wireless stuff will sure come handy.
Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse
Format: Paperback
Counter Hack is a great book overall. It encapsulates all that should be a good technical book. It's easy to read, easy to follow, contains lots of useful information, and doesn't bog down the reader with useless specifications or incredibly obtuse details.
From the view of a security newbie, this book provides an all-encompassing view of hacking and counteracting it. The book starts out with a simple introduction to various system and network technologies, and then details the ways to hack into, and then prevent hacking into these technologies. The book takes a great view in each chapter. First it explains the evil hacker's view and how they could exploit vulnerabilities and weaknesses. Then it follows it up with how to shore everything up and prevent such hacking.
This book also goes into the tools, websites, and methods to hack and to counter hack, providing an invaluable reference without annoying the reader with too much information. Include this with its remarkable readability, and I would say this should be required reading for anyone administrating networks or writing software applications.
In short, I could not imagine a better security book around.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse
By A Customer on Dec 3 2001
Format: Paperback
Counter Hack is arguably one of the best introductions to applied information security available today. I rank this book right up there with such classics as 'Secrets and Lies' by Schneier and 'Hacking Exposed' by Scambray, McClure, and Kurtz. In fact, Counter Hack may be the perfect supplement to these two classics because it provides the microscopic detail not found in Secrets and Lies as well as the articulate explanations not found in Hacking Exposed.
Counter Hack is good in many ways. First, it is highly readable. Ed Skoudis is one of those rare, gifted writers who can take an extremely complex technical subject and convey it in a manner that is both easy to follow and entertaining at the same time.
Second, Counter Hack is well organized. The book starts by providing valuable background information on networking, Unix, and Windows and then proceeds into chapters on reconnaissance, scanning, application and OS attacks, network attacks, DoS attacks, maintaining access, covering tracks, and "Putting It All Together" in which three actual attack scenarios are examined in detail. The book concludes with a discussion on the future of information security and with a list of resources for "keeping up to speed".
A third reason I like Counter Hack so much is because it covers the most relevant attack tools and methods of the day. Nmap, Nessus, netcat, dsniff, buffer overflow attacks, web application attacks, address spoofing, DoS attacks, trojans, rootkits, and much more are all covered in great detail. The sections on nmap, netcat, buffer overflows, and address spoofing are the best I've seen anywhere.
Finally, Counter Hack provides numerous links to valuable resources on the web.
Read more ›
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again.
Report abuse

Most recent customer reviews