Re: [fw-wiz] Application-level Attacks
From: Adam Shostack (adam_at_homeport.org)
To: firstname.lastname@example.org Date: Fri, 28 Jan 2005 14:36:12 -0500
I think that the "new" application layer attacks are things like sql
injection for data theft, phishing, etc. I think perhaps business
layer attacks makes more sense as a name.
On Fri, Jan 28, 2005 at 11:07:46AM -0600, email@example.com wrote:
| Point to data? Watch the news every time a Microsoft vulnerability comes out and an active exploit is created for it. I don't know why a person would need any other *proof* of application-level attacks. Isn't DCOM an application/process that runs on a Windows box to handle a certain task/event/procedure? Blaster = application-level exploit/attack that was pretty darn effective in exploiting DCOM.
| I would argue that pretty much any exploit in the last 5 years is going to have a 95% chance of being application-level, DDoS/pings of death aside.
| > On Thu, Jan 27, 2005 at 06:56:58PM -0800, Crispin Cowan wrote:
| > | Shimon Silberschlag wrote:
| > |
| > | >Today, when attacks are shifting towards using the already open
| > ports
| > | >on the firewall, at the application level,
| > |
| > | It is often said that contemporary attacks are migrating to
| > | application-level attacks. Can someone point me to data backing
| > this claim?
| firewall-wizards mailing list
firewall-wizards mailing list