Re: Application-level Attacks

[Adam Shostack <adam () homeport org>]

On Sat, Jan 29, 2005 at 04:02:25PM -0500, Frederick M Avolio wrote:
| This whole thread is fascinating. Yesterday I was in .... ummm, a legal 
| preceding ... as an expert of sorts and was shown an old presentation with 
| my name on it (c. 1993) I recognized as from when I was at Trusted 
| Information Systems. Usual stuff -- slides I wrote, slides Marcus wrote. 
| The title was "An Introduction to Firewalls." Choice stuff. Anyway, in the 
| middle was a slide in which I referred to "Application level" proxies. The 
| gist of my testimon.... umm, explanation on that particular slide was, 
| "yes, I probably miss-wrote, that "layer" was more accurate in what I was 
| talking about, it -- practically speaking -- did not matter, and would have 
| been understood." I was sort of saying, "Who cares?" or "What does it 
| matter?"
| 
| I just checked my system clock. It says "Saturday, January 29. 2005." That 
| date check out with you all?

Are you saying something like 'People who don't study the past will
keep making the same durned mistakes?'   :)

I think we need a better term than application layer attacks (as this
conversation shows.)  I don't think that we're seeing technically new
attacks, but rather a re-orientation of the attackers, why they're
attacking, and what they're after.  Unfortunately, analysts are
talking about this a fair bit, and they're doing so in ways that are
confusing people. 

Adam
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards