Firewall Wizards mailing list archives

Re: Application-level Attacks

From: Frank Knobbe <frank () knobbe us>
Date: Fri, 28 Jan 2005 14:49:26 -0600

On Sat, 2005-01-29 at 01:10 +0530, Devdas Bhagat wrote:

The exposure of applications has increased, but ye olde Sendmail bug
and the BIND exploit du jour and the Internet Explorer sieve are still
application layer bugs.


I think we first have to define that constitutes a "Application Layer
Attack". Is it an attack *against* the application layer, or is it an
attack *transmitted* over the application layer against a host system.

I'm inclined to disagree with your assessment and boldly proclaim that a
BIND buffer overflow is not an application layer attack. Yes, it's an
attack against the application, but it is executed over the network
layer.

I believe "application layer attacks" should be those that get
transmitted via application protocols. The already mentioned example of
SQL injection falls within that category.


But everyone sets their own metrics and definitions these days anyway.
According to some vendors, attacks don't even exist. :)

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Re: Multiple firewalls from different manufactureres, (continued)
- - - Re: Multiple firewalls from different manufactureres Kevin (Jan 27)
    - Re: Multiple firewalls from different manufactureres Shimon Silberschlag (Jan 27)
    - Re: Multiple firewalls from different manufactureres Paul D. Robertson (Jan 28)
    - Re: Multiple firewalls from different manufactureres Devdas Bhagat (Jan 27)
    - Application-level Attacks Crispin Cowan (Jan 28)
    - Re: Application-level Attacks Adam Shostack (Jan 28)
    - Re: Application-level Attacks Devdas Bhagat (Jan 28)
    - Re: Application-level Attacks Adam Shostack (Jan 28)
    - Re: Application-level Attacks Devdas Bhagat (Jan 28)
    - Re: Application-level Attacks Adam Shostack (Jan 28)
    - Re: Application-level Attacks Frank Knobbe (Jan 28)
    - Re: Application-level Attacks Marcus J. Ranum (Jan 29)
    - Re: Application-level Attacks Adam Shostack (Jan 30)
    - Re: Application-level Attacks Frederick M Avolio (Jan 30)
    - Re: Application-level Attacks Adam Shostack (Jan 30)
    - RE: Application-level Attacks Bill Royds (Jan 30)
    - Re: Application-level Attacks Danny (Jan 28)
    - Re: Application-level Attacks Crispin Cowan (Jan 28)
    - Re: Application-level Attacks Paul D. Robertson (Jan 28)
    - Re: Application-level Attacks Marcus J. Ranum (Jan 29)
    - Re: Application-level Attacks Paul D. Robertson (Jan 29)

(Thread continues...)