Re: [fw-wiz] Application-level Attacks
From: Adam Shostack (adam_at_homeport.org)
Date: 01/28/05
- Previous message: Crispin Cowan: "Re: [fw-wiz] Application-level Attacks"
- In reply to: Devdas Bhagat: "Re: [fw-wiz] Application-level Attacks"
- Next in thread: Devdas Bhagat: "Re: [fw-wiz] Application-level Attacks"
- Reply: Devdas Bhagat: "Re: [fw-wiz] Application-level Attacks"
- Reply: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Fri, 28 Jan 2005 11:45:55 -0500
On Fri, Jan 28, 2005 at 09:24:12PM +0530, Devdas Bhagat wrote:
| On 27/01/05 18:56 -0800, Crispin Cowan wrote:
| > Shimon Silberschlag wrote:
| >
| > > Today, when attacks are shifting towards using the already open ports
| > > on the firewall, at the application level,
| >
| > It is often said that contemporary attacks are migrating to
| > application-level attacks. Can someone point me to data backing this claim?
|
| Or the reverse, data showing that older attacks were not application
| layer attacks (packet flooding and the rare ping of death attact excepted).
I think that older attacks were not application-layer from a business
perspective; they may have been at one layer or another of the
technical stack, but they rarely attacked core business
functionality. I think that a combination of technical factors (more
money moved through internet systems) and social ones (attackers who
are in it for the money) combine to make a new type of attack.
Richard Bejtlich asked some similar questions at:
http://taosecurity.blogspot.com/2005/01/application-vulnerabilities-are-not.html,
and I responded at http://www.emergentchaos.com/archives/000840.html:
> I think that Richard is both right, in that there's no big technical
> shift, and wrong, in that the attacks will mature. As I said a few
> days ago, the attackers will become more clever in using the attacks
> to make money. There's also a perception issue, a blowback, if you
> will, of the success of database-driven vulnerability scanners like
> ISS and Nessus. These scanners are very effective at finding
> instances of the sorts of vulnerabilities that get CVE entries. They
> are less effective, if they even try, at finding vulnerabilities in
> your locally developed application. Here tools like those from
> Kavado and SPI Dynamics do much better. Rather than working from a
> database of flaws, they inspect a web application for classes of
> flaw, by running attacks against the site in a controlled way. So
> the success of the database-driven scanners is that people think
> that they can run those scanners and learn how an attacker can get
> in. And that's correct. But no tool will give you a complete
> list. And so I expect that what the SANS folks are talking about is
> a rise in attacks against the business infrastructure, rather than
> the technical infrastructure. If they're not, they should be.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Crispin Cowan: "Re: [fw-wiz] Application-level Attacks"
- In reply to: Devdas Bhagat: "Re: [fw-wiz] Application-level Attacks"
- Next in thread: Devdas Bhagat: "Re: [fw-wiz] Application-level Attacks"
- Reply: Devdas Bhagat: "Re: [fw-wiz] Application-level Attacks"
- Reply: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
