Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Botnets: The Killer Web App", Craig A. Schiller et al

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKBOTNTS.RVW 20070126 Botnets: The Killer Web App , Craig A. Schiller et al, 2007, 1-59749-135-7,U$49.95/C$64.95 %A Craig A. Schiller craigs@pdx.edu %A
    Message 1 of 1 , Apr 3 12:40 PM
    • 0 Attachment
      BKBOTNTS.RVW 20070126

      "Botnets: The Killer Web App", Craig A. Schiller et al, 2007,
      %A Craig A. Schiller craigs@...
      %A Jim Binkley
      %A David Harley david.a.harley@...
      %A Gadi Evron ge@...
      %A Tony Bradley tony@...
      %A Carsten Willems
      %A Michael Cross
      %C 800 Hingham Street, Rockland, MA 02370
      %D 2007
      %G 1-59749-135-7 978-1-59749-135-8
      %I Syngress Media, Inc.
      %O U$49.95/C$64.95 781-681-5151 fax: 781-681-3585 www.syngress.com
      %O http://www.amazon.com/exec/obidos/ASIN/1597491357/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1597491357/robsladesin03-20
      %O Audience i Tech 2 Writing 1 (see revfaq.htm for explanation)
      %P 464 p.
      %T "Botnets: The Killer Web App"

      I'm starting the review of this book sitting in the Baker Room at the
      Microsoft Conference Center, attending ISOI II (the second set of
      Internet Security Operations and Intelligence meetings). We have just
      finished singing along with Gadi Evron (who arranged both the
      community and the meetings) to an Israeli pop song from a few years
      back (and from a band with the oddly appropriate name of Mashina).
      Craig Schiller gave me a copy of the book last night at dinner. (When
      I asked Jim Binkley to autograph it for me he was jealous because he
      hasn't yet received his own copy.) Carsten Willems was here
      yesterday, but I haven't seen him to ask him to sign it this morning.
      I'll have to ask for David Harley's autograph the next time he visits

      All of which is by way of saying that it may be difficult to be
      objective about this book, but ...

      The subtitle of chapter one, "A Call to Action," is correct. Normally
      one would expect a definition of the topic or technology of botnets,
      but the text is more of an exhortation to pay attention to the
      problem. The history provided is piecemeal: it does not mention the
      early DDoS (Distributed Denial of Service) systems (which were
      application-specific botnets) nor the spambotnet wars of 2004. The
      definition of botnets in chapter two tends to be technical, rather
      than functional, and the descriptions and categories could be grouped
      in a more logical and organized manner. A variety of alternative
      command and control systems are described in chapter three: the
      material is well written. The one weakness is the lack of detail on
      the standard IRC (Internet Relay Chat) control system, but this should
      probably have been covered more fully in the introductory chapters.
      Chapter four describes some of the major botnet "client" software
      families. The content is too technical to be of use to the average
      computer user, but isn't really all that detailed. Technical
      information about a variety of possible indications of botnet activity
      is listed in chapter five.

      The use of the Ourmon tool for detecting botnet traffic is discussed
      in chapters six and seven. (The structure of the text, and the reason
      for two chapters, is not completely clear, although six is more on
      installation and seven is more on use.) Ourmon's examination of IRC
      traffic is covered in chapter eight. Chapter nine deals with more
      advanced techniques.

      Using the CWSandbox program for malware analysis is examined in
      chapter ten. Software tools, research communities, and other sources
      of information are listed in chapter eleven. Chapter twelve is a
      (mostly) philosophical look at how we, as a society, should respond to
      botnets. There is also a brief section on protecting your own
      computer so as not to become part of the problem, although assessment
      and use of a number of the recommendations would be beyond the
      capabilities of the average user.

      Botnets are a significant problem, and one which has not been
      adequately addressed in the current security literature. Therefore,
      this work is of major importance. The book does provide a good deal
      of useful information for network administrators and security
      professionals, although better arrangement of the data and more
      technical detail would have been even more helpful. (The brief
      attempts to address individual users are not successful.) The text is
      a decent professional reference, and hopefully it will promote further
      attention and activity in this area. (Security activity. We don't
      need any more botnet activity.)

      copyright Robert M. Slade, 2007 BKBOTNTS.RVW 20070126

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      All persons ought to endeavor to follow what is right, and not
      what is established. - Aristotle
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
    Your message has been successfully submitted and would be delivered to recipients shortly.