Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re[2]: Application-level Attacks

From: Brenno Hiemstra <brenno.hiemstra () gmail com>
Date: Sat, 12 Feb 2005 09:51:27 +0100
adam,

You are partially right. Application layer attack are most of the
times malicious code running by scripts or exploits. I wont mention
this to be a virus.

Your proposed solution, to use anti-virus, is just 1 of the options. I
dont think its the best option available. I would rather go for:
multiple security layers like firewalls or secure configuration and,
most unfortunate, patching.

Most application layer attacks are focussed to exploit the service at
hand. This would mean that this service could have a security
vulnerability that can be exploited (remotely or locally). Maybe its a
0-day vulnerability thats not known yet....




Brenno


On Wed, 9 Feb 2005 00:54:08 +0100, gmx <carpathin.wolf () gmx net> wrote:

Hello

Well... i dont think that application level atacks have something to
do with ports... simply because i think, ports are at tcp-layer, and
if you talk about application, you talk about layer 7... if i hear
application layer and attacks, all i can imagine is virii...
Well, i dont know any other atack for layer 7 than malicious code.
Means, all you can do at this layer, is to use an antivirus software,
imho.
Please correct me if i could be worng.

best regards

Adam

Friday, January 28, 2005, 5:35:52 PM, you wrote:

<==============Original message text===============
CC> Danny wrote:


On Thu, 27 Jan 2005 18:56:58 -0800, Crispin Cowan <crispin () immunix com> wrote:



Shimon Silberschlag wrote:




Today, when attacks are shifting towards using the already open ports
on the firewall, at the application level,



It is often said that contemporary attacks are migrating to
application-level attacks. Can someone point me to data backing this claim?




How do you define contemporary attacks? All attacks except for those
at the application-level?



CC> Attacks within the last few years. "contemporary" is not the deep part
CC> of the question :)

CC> Note that I actually do believe that most attacks are now at the
CC> application level. But I am looking for *evidence*, or at least a claim
CC> I didn't just make up :) to back up this opinion.

CC> Crispin

<===========End of original message text===========

--
Best regards,
 Adam Pal                            mailto:carpathin.wolf () gmx net

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: