Firewall Wizards mailing list archives
Re: Application-level Attacks
From: Adam Shostack <adam () homeport org>
Date: Fri, 28 Jan 2005 14:36:12 -0500
I think that the "new" application layer attacks are things like sql injection for data theft, phishing, etc. I think perhaps business layer attacks makes more sense as a name. Adam On Fri, Jan 28, 2005 at 11:07:46AM -0600, vbwilliams () neb rr com wrote: | Point to data? Watch the news every time a Microsoft vulnerability comes out and an active exploit is created for it. I don't know why a person would need any other *proof* of application-level attacks. Isn't DCOM an application/process that runs on a Windows box to handle a certain task/event/procedure? Blaster = application-level exploit/attack that was pretty darn effective in exploiting DCOM. | | I would argue that pretty much any exploit in the last 5 years is going to have a 95% chance of being application-level, DDoS/pings of death aside. | | | > On Thu, Jan 27, 2005 at 06:56:58PM -0800, Crispin Cowan wrote: | > | Shimon Silberschlag wrote: | > | | > | >Today, when attacks are shifting towards using the already open | > ports | > | >on the firewall, at the application level, | > | | > | It is often said that contemporary attacks are migrating to | > | application-level attacks. Can someone point me to data backing | > this claim? | | _______________________________________________ | firewall-wizards mailing list | firewall-wizards () honor icsalabs com | http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application-level Attacks vbwilliams (Jan 28)
- Re: Application-level Attacks Adam Shostack (Jan 28)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Adam Shostack (Jan 30)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Paul D. Robertson (Jan 29)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Paul D. Robertson (Jan 29)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Paul D. Robertson (Jan 29)
- Re: Application-level Attacks M. Dodge Mumford (Jan 30)
- Re: Application-level Attacks Marcus J. Ranum (Jan 30)
- Re: Application-level Attacks Crispin Cowan (Jan 30)
- Re: Application-level Attacks Adam Shostack (Jan 28)