Firewall Wizards mailing list archives

RE: Application-level Attacks

From: "Ofer Shezaf" <Ofer.Shezaf () breach com>
Date: Sun, 13 Feb 2005 04:36:23 -0500


I agree with Devdas that most attacks are application layer attacks. 

If you think in payload rather than vulnerability terms than network
layer attack can cause denial of service, while it will take some sort
of an application layer attack to cause any other damage such as
stealing information or performing fraudulent transactions. 

Application layer attacks are not limited to virii: buffer overflow, SQL
injection, Cross site scripting & Browser hijacking are all type of
application layer vulnerabilities widely exploited.

Going back to the original question about "proof" that most attacks are
on the application layer: If you look through buqtraq archives you will
find that a huge percentage of the vulnerabilities discovered are of
these types. There is also a well know study by Gartner that says that
75%-80% of attacks are carried on the application layer.

Ofer Shezaf
CTO, Breach Security

Tel: +972.9.956.0036 ext.212
Cell: +972.54.443.1119
ofers () breach com
http://www.breach.com

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com

[mailto:firewall-wizards-

admin () honor icsalabs com] On Behalf Of Devdas Bhagat
Sent: Saturday, February 12, 2005 5:21 AM
To: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Application-level Attacks

On 09/02/05 00:54 +0100, gmx wrote:

Hello

Well... i dont think that application level atacks have something to
do with ports... simply because i think, ports are at tcp-layer, and
if you talk about application, you talk about layer 7... if i hear
application layer and attacks, all i can imagine is virii...


No. The biggest attacks which I can recall not beingat the application
layer were the ATH0+++ which disconnected dialup users, and the ping

of

death which exploited a hole in the Windows network stack.

Well, i dont know any other atack for layer 7 than malicious code.


These atacks are all malicious code, and include worms, viruses,
trojans, and are rather applicable across operating systems and
applications.

Means, all you can do at this layer, is to use an antivirus

software,

imho.
Please correct me if i could be worng.


Or run secure code in the first place. Patching helps as well.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Application-level Attacks Joseph S D Yao (Feb 01)
- <Possible follow-ups>
- Re: Application-level Attacks George Capehart (Feb 01)
- Re[2]: Application-level Attacks gmx (Feb 11)
  - Re: Re[2]: Application-level Attacks Brenno Hiemstra (Feb 12)
  - Re: Application-level Attacks Devdas Bhagat (Feb 12)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
  - RE: Application-level Attacks Marcus J. Ranum (Feb 14)
  - RE: Application-level Attacks Frank Knobbe (Feb 14)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
  - RE: Application-level Attacks Marcus J. Ranum (Feb 14)
    - RE: Application-level Attacks R. DuFresne (Feb 19)
    - Re: Application-level Attacks Anthony de Boer (Feb 22)
- RE: Application-level Attacks Ofer Shezaf (Feb 19)
  - RE: Application-level Attacks Marcus J. Ranum (Feb 22)