Re: [fw-wiz] Application-level Attacks
From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 01/29/05
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
- In reply to: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
- Reply: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Paul D. Robertson" <paul@compuwar.net>, Crispin Cowan <crispin@immunix.com> Date: Sat, 29 Jan 2005 04:28:47 -0500
Paul D. Robertson wrote:
>Indeed, my question was going to be "What's application layer?" Is SSL
>application or transport? RPC?
They are exclusively bound into applications running at layer 7, and
the flaws in them generally only affect layer 7 processes. So I'd say
they are application layer.
Of course, I remember when Pyramid had in-kernel telnet RFC-compliant
drivers(!) for better terminal performance (worked great, too) so probably
the distinction will break down when some linux rocket scientist
makes /dev/SSL a loadable kernel module. And then some other bonehead
will stack in-kernel /dev/SSL over IPSEC and I'll die of inhaled vomit.
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
- In reply to: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
- Next in thread: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
- Reply: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
