Firewall Wizards mailing list archives
Re: Re[2]: Application-level Attacks
From: Brenno Hiemstra <brenno.hiemstra () gmail com>
Date: Sat, 12 Feb 2005 09:51:27 +0100
adam, You are partially right. Application layer attack are most of the times malicious code running by scripts or exploits. I wont mention this to be a virus. Your proposed solution, to use anti-virus, is just 1 of the options. I dont think its the best option available. I would rather go for: multiple security layers like firewalls or secure configuration and, most unfortunate, patching. Most application layer attacks are focussed to exploit the service at hand. This would mean that this service could have a security vulnerability that can be exploited (remotely or locally). Maybe its a 0-day vulnerability thats not known yet.... Brenno On Wed, 9 Feb 2005 00:54:08 +0100, gmx <carpathin.wolf () gmx net> wrote:
Hello Well... i dont think that application level atacks have something to do with ports... simply because i think, ports are at tcp-layer, and if you talk about application, you talk about layer 7... if i hear application layer and attacks, all i can imagine is virii... Well, i dont know any other atack for layer 7 than malicious code. Means, all you can do at this layer, is to use an antivirus software, imho. Please correct me if i could be worng. best regards Adam Friday, January 28, 2005, 5:35:52 PM, you wrote: <==============Original message text=============== CC> Danny wrote:On Thu, 27 Jan 2005 18:56:58 -0800, Crispin Cowan <crispin () immunix com> wrote:Shimon Silberschlag wrote:Today, when attacks are shifting towards using the already open ports on the firewall, at the application level,It is often said that contemporary attacks are migrating to application-level attacks. Can someone point me to data backing this claim?How do you define contemporary attacks? All attacks except for those at the application-level?CC> Attacks within the last few years. "contemporary" is not the deep part CC> of the question :) CC> Note that I actually do believe that most attacks are now at the CC> application level. But I am looking for *evidence*, or at least a claim CC> I didn't just make up :) to back up this opinion. CC> Crispin <===========End of original message text=========== -- Best regards, Adam Pal mailto:carpathin.wolf () gmx net _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application-level Attacks Joseph S D Yao (Feb 01)
- <Possible follow-ups>
- Re: Application-level Attacks George Capehart (Feb 01)
- Re[2]: Application-level Attacks gmx (Feb 11)
- Re: Re[2]: Application-level Attacks Brenno Hiemstra (Feb 12)
- Re: Application-level Attacks Devdas Bhagat (Feb 12)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks Frank Knobbe (Feb 14)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks R. DuFresne (Feb 19)
- Re: Application-level Attacks Anthony de Boer (Feb 22)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks Ofer Shezaf (Feb 19)
- RE: Application-level Attacks Marcus J. Ranum (Feb 22)