The following list does not include papers that describe topics that are adequately described in this book, nor does it include papers that simply describe software (such as Tripwire, TCP Wrapper, etc.) that are mentioned in this book and cited in Appendix B, "Tools"; up-to-date papers about tools are ordinarily included with the tools themselves. The published versions of the papers are out of date, so you will do better to get the papers or documentation distributed with the software.
Describes some of the stranger and more malevolent packets seen by one of AT&T's gateways.
ftp://ftp.research.att.com/dist/smb/packets.ps
This paper describes some of the probes and attacks against one of AT&T's gateways.
ftp://research.att.com/dist/internet_security/dragon.ps
Describes AT&T's experiences with one particular cracker who walked right into a trap and never knew he was the mouse being toyed with by the cat. The best part of the story isn't in the paper, however: how they got him to finally go away. The cracker was in the Netherlands, and they were sure they knew who it was, but there were no diplomatic channels through which they could get the Dutch police to do anything about it (what the cracker was doing wasn't illegal in the Netherlands, at least not at the time). Finally, one of the Dutch system administrators they'd been working with throughout the investigation got frustrated, called the cracker's mother, and the problem went away.
ftp://research.att.com/dist/internet_security/berferd.ps
A detailed dissection of the Morris Internet worm (this paper's authors prefer "Internet virus") of 1988: what it was, how it worked, what it did, and so on, as well as a discussion of the response.
ftp://athena-dist.mit.edu/pub/virus/mit.PS
A guide from the authors of COPS and SATAN (Dan) and TCP Wrapper, portmap, and chrootuid (Wietse) to testing your own security before attackers do it for you.
ftp://ftp.porcupine.org/pub/security/admin-guide-to-cracking.101.Z
This RFC is a guide to establishing a security policy for your site.From the introduction:
This handbook is a guide to setting computer security policies and procedures for sites that have systems on the Internet. This guide lists issues and factors that a site must consider when setting their own policies. It makes some recommendations and gives discussions of relevant areas.
http://www.ietf.org/rfc/rfc2196.txt
Note that the RFCs ("Requests for Comments") are the defining documents for almost all Internet protocols and services. Start with file rfc-index.txt; this is the index to the rest of the documents:
It is updated and posted to the Firewalls mailing list (firewalls@greatcircle.com) on a regular basis.
http://www.interhack.net/pubs/fwfaq/