Re: [fw-wiz] Application-level Attacks

From: M. Dodge Mumford (dodge_at_dmumford.com)
Date: 01/29/05

  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
    To: "Paul D. Robertson" <paul@compuwar.net>
    Date: Sat, 29 Jan 2005 16:51:21 -0500
    
    
    

    Paul D. Robertson said:
    > Hmmm, but an SQL injection attack isn't really a protocol issue- it's an
    > unexpected input issue- and I think the distinction between boneheaded
    > application developers and boneheaded library developers is relatively
    > important.

    Marcus once mentioned out that that he got a tun interface running over
    SMTP. So that could be thought of as nfsd/mountd over sendmail (a sure sign
    of the apocolypse in many cultures).

    Anything which does I/O can be though of as using a protocol. If you do a
    sufficiently good job of ripping apart HTTP over the wire, you can examine
    JPEG images -- or put another way, you can verify the JPEG image protocol.
    If you do a sufficiently good job of ripping apart SMB, you can read MS Word
    docs. If you can read word docs well enough, you could verify the
    Interoffice Memo protocol, or the Personal Letter protocol. Rip apart excel,
    and you can check on Budget or expense report protocols.

    It seems to me that anything outside of the kernel is an application, and
    some applications leverage others for convenience. Except the line there is
    blurring as more junk gets pushed into the kernel (Linux's NFS and web
    daemons come to mind).

    -- 
    Dodge
    
    

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



  • Next message: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"

    Relevant Pages