Re: Re[2]: [fw-wiz] Application-level Attacks
From: Brenno Hiemstra (brenno.hiemstra_at_gmail.com)
Date: 02/12/05
- Previous message: lordchariot_at_earthlink.net: "RE: [fw-wiz] i-cap proposals"
- In reply to: gmx: "Re[2]: [fw-wiz] Application-level Attacks"
- Next in thread: Devdas Bhagat: "Re: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Sat, 12 Feb 2005 09:51:27 +0100
adam,
You are partially right. Application layer attack are most of the
times malicious code running by scripts or exploits. I wont mention
this to be a virus.
Your proposed solution, to use anti-virus, is just 1 of the options. I
dont think its the best option available. I would rather go for:
multiple security layers like firewalls or secure configuration and,
most unfortunate, patching.
Most application layer attacks are focussed to exploit the service at
hand. This would mean that this service could have a security
vulnerability that can be exploited (remotely or locally). Maybe its a
0-day vulnerability thats not known yet....
Brenno
On Wed, 9 Feb 2005 00:54:08 +0100, gmx <carpathin.wolf@gmx.net> wrote:
> Hello
>
> Well... i dont think that application level atacks have something to
> do with ports... simply because i think, ports are at tcp-layer, and
> if you talk about application, you talk about layer 7... if i hear
> application layer and attacks, all i can imagine is virii...
> Well, i dont know any other atack for layer 7 than malicious code.
> Means, all you can do at this layer, is to use an antivirus software,
> imho.
> Please correct me if i could be worng.
>
> best regards
>
> Adam
>
> Friday, January 28, 2005, 5:35:52 PM, you wrote:
>
> <==============Original message text===============
> CC> Danny wrote:
>
> >>On Thu, 27 Jan 2005 18:56:58 -0800, Crispin Cowan <crispin@immunix.com> wrote:
> >>
> >>
> >>>Shimon Silberschlag wrote:
> >>>
> >>>
> >>>
> >>>>Today, when attacks are shifting towards using the already open ports
> >>>>on the firewall, at the application level,
> >>>>
> >>>>
> >>>It is often said that contemporary attacks are migrating to
> >>>application-level attacks. Can someone point me to data backing this claim?
> >>>
> >>>
> >>
> >>How do you define contemporary attacks? All attacks except for those
> >>at the application-level?
> >>
> >>
> CC> Attacks within the last few years. "contemporary" is not the deep part
> CC> of the question :)
>
> CC> Note that I actually do believe that most attacks are now at the
> CC> application level. But I am looking for *evidence*, or at least a claim
> CC> I didn't just make up :) to back up this opinion.
>
> CC> Crispin
>
> <===========End of original message text===========
>
> --
> Best regards,
> Adam Pal mailto:carpathin.wolf@gmx.net
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: lordchariot_at_earthlink.net: "RE: [fw-wiz] i-cap proposals"
- In reply to: gmx: "Re[2]: [fw-wiz] Application-level Attacks"
- Next in thread: Devdas Bhagat: "Re: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
