I am searching for good books and articles about TCP/IP, mainly the security aspects of TCP/IP protocols. I have TCP/IP Illustrated and the TCP Guide, but they kinda lack on description of 'classic' attacks and how the internals of protocols relate to those attacks.
PS: Seeing the first real answer made me remember to add that this is strictly for studying purposes, I have no intention of going black hat at this point, I am just preparing for job interviews :)
I would suggest to check IBM book this is great book and would help you a lot. This has TCP/IP Security related chapter also.
http://www.redbooks.ibm.com/abstracts/gg243376.html?Open
Unfortunately I don't know of many references that talk about attacks in terms of how they interact with the protocol stack. I'd imagine following mailing lists like Bugtraq will keep you on top of current vulnerabilities, but it sounds like you're looking for more of a primer.
I've been told that Hacking Exposed is a good general reference for those interested in learning about attack vectors; it's on my reading list, but I haven't got around to it yet.
Building Internet Firewalls, though fairly old, still offers an excellent overview of how to think about security when designing your network.
I really prefer this book:
http://www.amazon.com/Network-Security-Architectures-Sean-Convery/dp/158705115X
It is very detailed.
Some (good and free) white paper on secure design is available here: http://cisco.com/go/safe
I good (and free) resource from Cisco can be found here: ISP Security Issues in ISP Security Issues in today’s Internet
There is also the complete text to IOS Essentials in PDF format from Cisco Press along with several other documents available in the same FTP directory if you are interested in some best practices for Cisco gear. Both of these documents are from 2002.
Another good resource would be the Nmap Network Scanning book by Gordon “Fyodor” Lyon. If you understand how nmap does its thing, you will gain a much deeper understanding of networking and security.
There are a number of online resources - as nutty as it sounds setup a secondary PC - or use a vps and then browse a large number of the hacking websites on the web.
BlackHat conferences while a bit expensive, will teach you a large amount about TCP/IP...
Architecturally here are few things I can tell you regarding TCP/IP
Since TCP/IP identifies parties by addresses hacker's attempt to spoof addresses
Address resolution within TCP/IP, DNS and ARP are not authenticated
You can easily masquerade as some other person or node
ARP spoofing circumvents switches....
Some TCP/IP Explolits include:
These few things should help you get started in google searches ... I can post more on each - however truth to be told... I would rather not Teach Hacking in a public community
There is no good books, its just in which book you have got the information you are looking for!
Check out if this page gives you the correct info - http://goo.gl/CaR44