Re: [fw-wiz] Application-level Attacks
From: M. Dodge Mumford (dodge_at_dmumford.com)
To: "Paul D. Robertson" <firstname.lastname@example.org> Date: Sat, 29 Jan 2005 16:51:21 -0500
Paul D. Robertson said:
> Hmmm, but an SQL injection attack isn't really a protocol issue- it's an
> unexpected input issue- and I think the distinction between boneheaded
> application developers and boneheaded library developers is relatively
Marcus once mentioned out that that he got a tun interface running over
SMTP. So that could be thought of as nfsd/mountd over sendmail (a sure sign
of the apocolypse in many cultures).
Anything which does I/O can be though of as using a protocol. If you do a
sufficiently good job of ripping apart HTTP over the wire, you can examine
JPEG images -- or put another way, you can verify the JPEG image protocol.
If you do a sufficiently good job of ripping apart SMB, you can read MS Word
docs. If you can read word docs well enough, you could verify the
Interoffice Memo protocol, or the Personal Letter protocol. Rip apart excel,
and you can check on Budget or expense report protocols.
It seems to me that anything outside of the kernel is an application, and
some applications leverage others for convenience. Except the line there is
blurring as more junk gets pushed into the kernel (Linux's NFS and web
daemons come to mind).
firewall-wizards mailing list
- application/pgp-signature attachment: stored