Firewall Wizards mailing list archives
Re: Application-level Attacks
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Sat, 29 Jan 2005 04:22:50 -0500
I'd tentatively offer the following description of application-level attacks as: Attacks that take advantage of software failures in the implementation of an application (layer 7) protocol. By implication, application attacks are specific to a given implementation of a protocol, for example, a buffer overrun in HTTP request parsing, or a SQL injection attack. Note that multiple implementations can share a common (independent or based on shared library use) instance of a given bug. Protocol level attacks take advantage of flaws in the implementation of lower-level protocols. By implication, protocol level attacks are specific to a given implementation of a protocol. For example, ICMP "ping of death" attacks took advantage of how many ICMP implementations failed to handle packets larger than allowed by the specification. Infrastructure or specification level attacks are another category I would hold as separate, and they depend on failures of the protocol specification. For example, FTP bounce attacks take advantage of fundamental braindamage in how the FTP RFC defines FTP operation. Specification flaws like this require the defending system to _break_ protocol compliance (as the ftwk's FTP-gw did) in order to protect against the attack. So, I guess what I am saying is that, in Marcus-land, almost all attacks are application level. :) They always have been. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application-level Attacks vbwilliams (Jan 28)
- Re: Application-level Attacks Adam Shostack (Jan 28)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Adam Shostack (Jan 30)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Paul D. Robertson (Jan 29)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Paul D. Robertson (Jan 29)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Paul D. Robertson (Jan 29)
- Re: Application-level Attacks M. Dodge Mumford (Jan 30)
- Re: Application-level Attacks Marcus J. Ranum (Jan 30)
- Re: Application-level Attacks Crispin Cowan (Jan 30)
- Re: Application-level Attacks Stephen P. Berry (Jan 30)
- Re: Application-level Attacks Adam Shostack (Jan 28)
- Re: Application-level Attacks Devdas Bhagat (Jan 30)