Re: [fw-wiz] Application-level Attacks

• Previous message: Adam Shostack: "Re: [fw-wiz] Application-level Attacks"
• In reply to: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
• Next in thread: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
• Reply: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Paul D. Robertson" <paul@compuwar.net>
Date: Sat, 29 Jan 2005 16:51:21 -0500

Paul D. Robertson said:
> Hmmm, but an SQL injection attack isn't really a protocol issue- it's an
> unexpected input issue- and I think the distinction between boneheaded
> application developers and boneheaded library developers is relatively
> important.

Marcus once mentioned out that that he got a tun interface running over
SMTP. So that could be thought of as nfsd/mountd over sendmail (a sure sign
of the apocolypse in many cultures).

Anything which does I/O can be though of as using a protocol. If you do a
sufficiently good job of ripping apart HTTP over the wire, you can examine
JPEG images -- or put another way, you can verify the JPEG image protocol.
If you do a sufficiently good job of ripping apart SMB, you can read MS Word
docs. If you can read word docs well enough, you could verify the
Interoffice Memo protocol, or the Personal Letter protocol. Rip apart excel,
and you can check on Budget or expense report protocols.

It seems to me that anything outside of the kernel is an application, and
some applications leverage others for convenience. Except the line there is
blurring as more junk gets pushed into the kernel (Linux's NFS and web
daemons come to mind).

-- 
Dodge

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• application/pgp-signature attachment: stored

• Previous message: Adam Shostack: "Re: [fw-wiz] Application-level Attacks"
• In reply to: Paul D. Robertson: "Re: [fw-wiz] Application-level Attacks"
• Next in thread: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
• Reply: Marcus J. Ranum: "Re: [fw-wiz] Application-level Attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Newbie packet verification/signing ... This would sign each packet with the private key and then the ... In the "web of trust" already trusted peers verify that the public key ... Creating a secure communication protocol is difficult. ... (sci.crypt) Re: confidence in CA ... protocol which is different than the X509 protocol depending on a CA ... And the few you can actually trust are almost never in use. ... So whenever you need to verify a cert, you cannot rely on the CA ... (comp.security.misc) RE: ISA error 12202 through client browser ... This behaviour occurs because the user does not have access to the HTTP ... Open your ISA management console and verify what protocol ... (microsoft.public.windows.server.sbs) Re: [PATCH] [REPOST] x86_64, i386: Add command line length to boot protocol ... Boot protocol 2.02 introduced the null terminated string truncated by ... of the command line the kernel can understand. ... (Linux-Kernel) RE: [Linux-cluster] Re: [cgl_discussion] Re: [dcl_discussion] Clustersummit materials ... On Wed, 2004-08-11 at 11:19, Walker, Bruce J wrote: ... > Given cman etc. was written for GFS, it doesn't prove much that it works ... I have looked over the cman protocol and find it is suboptimal. ... virtual synchrony to the kernel. ... (Linux-Kernel)