Re: [fw-wiz] Application-level Attacks

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 01/29/05

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks" 
    To: "Marcus J. Ranum" <mjr@ranum.com>
Date: Sat, 29 Jan 2005 10:24:13 -0500 (EST)

    On Sat, 29 Jan 2005, Marcus J. Ranum wrote:

    > >Indeed, my question was going to be "What's application layer?" Is SSL
    > >application or transport? RPC?
    >
    >
    > They are exclusively bound into applications running at layer 7, and
    > the flaws in them generally only affect layer 7 processes. So I'd say
    > they are application layer.

    Hmmm, I think that for SSL that's right, but not so much for RPC, which
    seems to have its little tendrils in some stacks a little too twistily.
    I've seen RPC bugs affect the OS on a few OSen.

    The whole "generic transport at the application level" thing bugs me- it
    crosses generic enforcement boundaries too well, so I'm always looking for
    vilification points I suppose.

    > Of course, I remember when Pyramid had in-kernel telnet RFC-compliant
    > drivers(!) for better terminal performance (worked great, too) so probably
    > the distinction will break down when some linux rocket scientist

    The code paths for CIFS and NFS in the Linux kernel don't give me
    hope that we're not past the breakdown point by several years. "Surely
    protecting these services should be a simple matter of overloading
    socket()..." "Ha! You expect everything opening a socket to use the same
    in-kernel interface?"

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"

    Relevant Pages

    • Re: IP vs RPC transports in Sites and Services
      ... -Replication between sites can use either RPC over IP or SMTP over IP. ... -Replication between sites over SMTP is supported for only domain controllers of different domains. ... Therefore, replication between sites over SMTP is supported for only schema, configuration, and global catalog replication, which means that domains can span sites only when point-to-point, synchronous RPC is available between sites. ... The RPC intersite and intrasite transport and the SMTP intersite transport correspond to synchronous and asynchronous communication methods, ...
      (microsoft.public.windows.server.active_directory)
    • Re: OL2007- Messages stuck in outbox
      ... I have now enabled Logging and see a raft of RPC errors. ... Rpc call on transport to server ... failed with error code after waiting ms; ...
      (microsoft.public.outlook.installation)
    • Re: I request inclusion of SAS Transport Layer and AIC-94xx into the kernel
      ... On Mon, 3 Oct 2005, Luben Tuikov wrote: ... The objects they work in are taskfiles. ... > the underlaying transport was found able to transport it, ... > be hard to interface antother well defined layer in. ...
      (Linux-Kernel)
    • Re: Recommended Inter-Site Transport for AD
      ... encrypted RPC ... > default transport, in their NTDS settings. ... > I ask because I am experiencing some replication slowness within my AD ... (Exchange Server SA not being able to start occassionally with ...
      (microsoft.public.windows.server.active_directory)
    • Re: Sites and Services NTDS Settings Transport
      ... You only have a choice for transport protocols for intersite replication, you have the choice of SMTP or IP (which uses RPC over IP). ...
      (microsoft.public.win2000.active_directory)