Firewall Wizards mailing list archives
RE: Application-level Attacks
From: "Ofer Shezaf" <Ofer.Shezaf () breach com>
Date: Sun, 13 Feb 2005 04:36:23 -0500
I agree with Devdas that most attacks are application layer attacks. If you think in payload rather than vulnerability terms than network layer attack can cause denial of service, while it will take some sort of an application layer attack to cause any other damage such as stealing information or performing fraudulent transactions. Application layer attacks are not limited to virii: buffer overflow, SQL injection, Cross site scripting & Browser hijacking are all type of application layer vulnerabilities widely exploited. Going back to the original question about "proof" that most attacks are on the application layer: If you look through buqtraq archives you will find that a huge percentage of the vulnerabilities discovered are of these types. There is also a well know study by Gartner that says that 75%-80% of attacks are carried on the application layer. Ofer Shezaf CTO, Breach Security Tel: +972.9.956.0036 ext.212 Cell: +972.54.443.1119 ofers () breach com http://www.breach.com
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-
admin () honor icsalabs com] On Behalf Of Devdas Bhagat Sent: Saturday, February 12, 2005 5:21 AM To: firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Application-level Attacks On 09/02/05 00:54 +0100, gmx wrote:Hello Well... i dont think that application level atacks have something to do with ports... simply because i think, ports are at tcp-layer, and if you talk about application, you talk about layer 7... if i hear application layer and attacks, all i can imagine is virii...No. The biggest attacks which I can recall not beingat the application layer were the ATH0+++ which disconnected dialup users, and the ping
of
death which exploited a hole in the Windows network stack.Well, i dont know any other atack for layer 7 than malicious code.These atacks are all malicious code, and include worms, viruses, trojans, and are rather applicable across operating systems and applications.Means, all you can do at this layer, is to use an antivirus
software,
imho. Please correct me if i could be worng.Or run secure code in the first place. Patching helps as well. Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application-level Attacks Joseph S D Yao (Feb 01)
- <Possible follow-ups>
- Re: Application-level Attacks George Capehart (Feb 01)
- Re[2]: Application-level Attacks gmx (Feb 11)
- Re: Re[2]: Application-level Attacks Brenno Hiemstra (Feb 12)
- Re: Application-level Attacks Devdas Bhagat (Feb 12)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks Frank Knobbe (Feb 14)
- RE: Application-level Attacks Ofer Shezaf (Feb 14)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks R. DuFresne (Feb 19)
- Re: Application-level Attacks Anthony de Boer (Feb 22)
- RE: Application-level Attacks Marcus J. Ranum (Feb 14)
- RE: Application-level Attacks Ofer Shezaf (Feb 19)
- RE: Application-level Attacks Marcus J. Ranum (Feb 22)