Bugtraq mailing list archives
Re: On classifying attacks
From: Crispin Cowan <crispin () novell com>
Date: Tue, 19 Jul 2005 06:42:21 -0700
Black, Michael wrote:
You might try re-using the rather large effort that went into the CERT taxonomy: http://www.cert.org/research/taxonomy_988667.pdf You'll note the complete lack of "local" and "remote" in the taxonomy.
That pretty much tells me everything I need to know about whether I want to use that taxonomy :)
Remote exploit of Bind (causing "rm -r /*" to be executed): Attack: Tool: User Command Vulnerability: Design
"Design"?!
If you really want to stick with "remote" and "local" I think you can define them thusly: Remote -- control/access of resources occurs from outside the machine/network Local -- control/access of resources occurs on the local machine (i.e. no network connection required)
Ok, but I had no trouble with those definitions in the first place, and so far you have not captured the distinction Derek was asking about.
Using this definition the email example is local and both bind examples are remote.
.. and any definition that classifies the e-mail example as "local" is just broken. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ Director of Software Engineering, Novell http://novell.com
Current thread:
- Re: On classifying attacks, (continued)
- Re: On classifying attacks Derek Martin (Jul 16)
- Re: On classifying attacks Godwin Stewart (Jul 18)
- Re: On classifying attacks James Longstreet (Jul 18)
- Re: On classifying attacks Adam Shostack (Jul 19)
- Re: On classifying attacks Mihai Amarandei-Stavila (Jul 18)
- Re: On classifying attacks Derek Martin (Jul 16)
- Re: On classifying attacks Crispin Cowan (Jul 18)
- Re: On classifying attacks Indigo Haze (Jul 16)
- Re: On classifying attacks Steven M. Christey (Jul 18)
- Re: On classifying attacks Dustin D. Trammell (Jul 19)
- RE: On classifying attacks Black, Michael (Jul 19)
- Re: On classifying attacks Crispin Cowan (Jul 19)
- Re: On classifying attacks Technica Forensis (Jul 20)
- Re: On classifying attacks Crispin Cowan (Jul 27)
- Re: On classifying attacks Crispin Cowan (Jul 19)
- Re: On classifying attacks Crispin Cowan (Jul 28)