Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

firewall-wizards logo Firewall Wizards mailing list archives

Re: Application-level Attacks
From: "Dean A Weber" <Dean_Weber () alltel net>
Date: Fri, 28 Jan 2005 15:21:07 -0500
Crispin,

I would suggest:
www.dshield.org where you can see port attacked and number of attacks, as well as drill into attacks by country (445 remains the top attacked port) http://isc.sans.org/trends.php where you can see daily trends on types of attacks (although it includes port scanning in the numbers) www.securitynewswire.com which is the largest compilation of network security news in a search-able format I have found www.packetstormsecurity.com which is the second largest, with the added attraction of having lots of attack related statistics available
While none of them are going to give you a definitive report on application vs. network; you can extrapolate the data yourself to see that application layer attacks are far outnumbering network layer attacks (of course, depending on your definition of app vs. network). 

as always, YMMV

Dean
----- Original Message ----- From: "Crispin Cowan" <crispin () immunix com> 
To: "Danny" <nocmonkey () gmail com>
Cc: <firewall-wizards () honor icsalabs com>
Sent: Friday, January 28, 2005 11:35 AM
Subject: Re: [fw-wiz] Application-level Attacks



Danny wrote:
On Thu, 27 Jan 2005 18:56:58 -0800, Crispin Cowan <crispin () immunix com> wrote: 


Shimon Silberschlag wrote:



Today, when attacks are shifting towards using the already open ports
on the firewall, at the application level,


It is often said that contemporary attacks are migrating to
application-level attacks. Can someone point me to data backing this claim? 



How do you define contemporary attacks? All attacks except for those
at the application-level?
Attacks within the last few years. "contemporary" is not the deep part of the question :)
Note that I actually do believe that most attacks are now at the application level. But I am looking for *evidence*, or at least a claim I didn't just make up :) to back up this opinion. 

Crispin

--
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]