Firewall Wizards mailing list archives
Re: Application-level Attacks
From: Adam Shostack <adam () homeport org>
Date: Sat, 29 Jan 2005 16:28:58 -0500
On Sat, Jan 29, 2005 at 04:02:25PM -0500, Frederick M Avolio wrote: | This whole thread is fascinating. Yesterday I was in .... ummm, a legal | preceding ... as an expert of sorts and was shown an old presentation with | my name on it (c. 1993) I recognized as from when I was at Trusted | Information Systems. Usual stuff -- slides I wrote, slides Marcus wrote. | The title was "An Introduction to Firewalls." Choice stuff. Anyway, in the | middle was a slide in which I referred to "Application level" proxies. The | gist of my testimon.... umm, explanation on that particular slide was, | "yes, I probably miss-wrote, that "layer" was more accurate in what I was | talking about, it -- practically speaking -- did not matter, and would have | been understood." I was sort of saying, "Who cares?" or "What does it | matter?" | | I just checked my system clock. It says "Saturday, January 29. 2005." That | date check out with you all? Are you saying something like 'People who don't study the past will keep making the same durned mistakes?' :) I think we need a better term than application layer attacks (as this conversation shows.) I don't think that we're seeing technically new attacks, but rather a re-orientation of the attackers, why they're attacking, and what they're after. Unfortunately, analysts are talking about this a fair bit, and they're doing so in ways that are confusing people. Adam _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Application-level Attacks, (continued)
- Application-level Attacks Crispin Cowan (Jan 28)
- Re: Application-level Attacks Adam Shostack (Jan 28)
- Re: Application-level Attacks Devdas Bhagat (Jan 28)
- Re: Application-level Attacks Adam Shostack (Jan 28)
- Re: Application-level Attacks Devdas Bhagat (Jan 28)
- Re: Application-level Attacks Adam Shostack (Jan 28)
- Re: Application-level Attacks Frank Knobbe (Jan 28)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Adam Shostack (Jan 30)
- Re: Application-level Attacks Frederick M Avolio (Jan 30)
- Re: Application-level Attacks Adam Shostack (Jan 30)
- RE: Application-level Attacks Bill Royds (Jan 30)
- Re: Application-level Attacks Danny (Jan 28)
- Re: Application-level Attacks Crispin Cowan (Jan 28)
- Re: Application-level Attacks Paul D. Robertson (Jan 28)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Paul D. Robertson (Jan 29)
- Re: Application-level Attacks Dean A Weber (Jan 28)
- Re: Application-level Attacks Dave Piscitello (Jan 28)
- Re: Application-level Attacks R. DuFresne (Jan 28)
- Message not available
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)