Firewall Wizards: Re: Application-level Attacks

[Frank Knobbe <frank () knobbe us>]

On Sat, 2005-01-29 at 01:10 +0530, Devdas Bhagat wrote:
> The exposure of applications has increased, but ye olde Sendmail bug
> and the BIND exploit du jour and the Internet Explorer sieve are still
> application layer bugs.
I think we first have to define that constitutes a "Application Layer
Attack". Is it an attack *against* the application layer, or is it an
attack *transmitted* over the application layer against a host system.

I'm inclined to disagree with your assessment and boldly proclaim that a
BIND buffer overflow is not an application layer attack. Yes, it's an
attack against the application, but it is executed over the network
layer.

I believe "application layer attacks" should be those that get
transmitted via application protocols. The already mentioned example of
SQL injection falls within that category.


But everyone sets their own metrics and definitions these days anyway.
According to some vendors, attacks don't even exist. :)

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part