Re: [fw-wiz] Application-level Attacks

From: Paul D. Robertson (
Date: 01/29/05

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
    To: "Marcus J. Ranum" <>
    Date: Sat, 29 Jan 2005 10:24:13 -0500 (EST)

    On Sat, 29 Jan 2005, Marcus J. Ranum wrote:

    > >Indeed, my question was going to be "What's application layer?" Is SSL
    > >application or transport? RPC?
    > They are exclusively bound into applications running at layer 7, and
    > the flaws in them generally only affect layer 7 processes. So I'd say
    > they are application layer.

    Hmmm, I think that for SSL that's right, but not so much for RPC, which
    seems to have its little tendrils in some stacks a little too twistily.
    I've seen RPC bugs affect the OS on a few OSen.

    The whole "generic transport at the application level" thing bugs me- it
    crosses generic enforcement boundaries too well, so I'm always looking for
    vilification points I suppose.

    > Of course, I remember when Pyramid had in-kernel telnet RFC-compliant
    > drivers(!) for better terminal performance (worked great, too) so probably
    > the distinction will break down when some linux rocket scientist

    The code paths for CIFS and NFS in the Linux kernel don't give me
    hope that we're not past the breakdown point by several years. "Surely
    protecting these services should be a simple matter of overloading
    socket()..." "Ha! You expect everything opening a socket to use the same
    in-kernel interface?"

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact."
    firewall-wizards mailing list

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"

    Relevant Pages

    • Re: IP vs RPC transports in Sites and Services
      ... -Replication between sites can use either RPC over IP or SMTP over IP. ... -Replication between sites over SMTP is supported for only domain controllers of different domains. ... Therefore, replication between sites over SMTP is supported for only schema, configuration, and global catalog replication, which means that domains can span sites only when point-to-point, synchronous RPC is available between sites. ... The RPC intersite and intrasite transport and the SMTP intersite transport correspond to synchronous and asynchronous communication methods, ...
    • Re: OL2007- Messages stuck in outbox
      ... I have now enabled Logging and see a raft of RPC errors. ... Rpc call on transport to server ... failed with error code after waiting ms; ...
    • Re: Some thoughts of DECnet Phase IV vs. DECnet Phase V
      ... SCP and so on) run on top of TCP and/or UDP. ... DECnet Phase V and also for DECnet Phase IV. ... title of RFC 1006 is "ISO Transport Service on top of the TCP". ... The OSI model has 7 layers, and TCP is in layer 4, IP is ...
    • Re: I request inclusion of SAS Transport Layer and AIC-94xx into the kernel
      ... On Mon, 3 Oct 2005, Luben Tuikov wrote: ... The objects they work in are taskfiles. ... > the underlaying transport was found able to transport it, ... > be hard to interface antother well defined layer in. ...
    • Re: Recommended Inter-Site Transport for AD
      ... encrypted RPC ... > default transport, in their NTDS settings. ... > I ask because I am experiencing some replication slowness within my AD ... (Exchange Server SA not being able to start occassionally with ...