Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: On classifying attacks
From: Crispin Cowan <crispin () novell com>
Date: Tue, 19 Jul 2005 06:42:21 -0700

Black, Michael wrote:
You might try re-using the rather large effort that went into the CERT
taxonomy:
http://www.cert.org/research/taxonomy_988667.pdf

You'll note the complete lack of "local" and "remote" in the taxonomy.
 
That pretty much tells me everything I need to know about whether I want
to use that taxonomy :)

Remote exploit of Bind (causing "rm -r /*" to be executed):
Attack:
      Tool: User Command
      Vulnerability: Design
 
"Design"?!

If you really want to stick with "remote" and "local" I think you can
define them thusly:
Remote -- control/access of resources occurs from outside the
machine/network
Local -- control/access of resources occurs on the local machine (i.e.
no network connection required)
 
Ok, but I had no trouble with those definitions in the first place, and
so far you have not captured the distinction Derek was asking about.

Using this definition the email example is local and both bind examples
are remote.
.. and any definition that classifies the e-mail example as "local" is
just broken.

Crispin
-- 
Crispin Cowan, Ph.D.                      http://immunix.com/~crispin/
Director of Software Engineering, Novell  http://novell.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]