Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: On classifying attacks

Re: On classifying attacks

From: Crispin Cowan <crispin_at_novell.com>
Date: Tue, 19 Jul 2005 06:42:21 -0700

Black, Michael wrote:
>You might try re-using the rather large effort that went into the CERT
>taxonomy:
>http://www.cert.org/research/taxonomy_988667.pdf
>
>You'll note the complete lack of "local" and "remote" in the taxonomy.
>
That pretty much tells me everything I need to know about whether I want
to use that taxonomy :)

>Remote exploit of Bind (causing "rm -r /*" to be executed):
>Attack:
> Tool: User Command
> Vulnerability: Design
>
"Design"?!

>If you really want to stick with "remote" and "local" I think you can
>define them thusly:
>Remote -- control/access of resources occurs from outside the
>machine/network
>Local -- control/access of resources occurs on the local machine (i.e.
>no network connection required)
>
Ok, but I had no trouble with those definitions in the first place, and
so far you have not captured the distinction Derek was asking about.

>Using this definition the email example is local and both bind examples
>are remote.
.. and any definition that classifies the e-mail example as "local" is
just broken.

Crispin 

-- 
Crispin Cowan, Ph.D.                      http://immunix.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
Received on Jul 19 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]