RE: [fw-wiz] Application-level Attacks
From: Ofer Shezaf (Ofer.Shezaf_at_breach.com)
Date: 02/13/05
- Previous message: Paul Melson: "RE: [fw-wiz] A few sql 2000 related questions"
- Next in thread: Marcus J. Ranum: "RE: [fw-wiz] Application-level Attacks"
- Reply: Marcus J. Ranum: "RE: [fw-wiz] Application-level Attacks"
- Reply: Frank Knobbe: "RE: [fw-wiz] Application-level Attacks"
- Maybe reply: Ofer Shezaf: "RE: [fw-wiz] Application-level Attacks"
- Maybe reply: Ofer Shezaf: "RE: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <firewall-wizards@honor.icsalabs.com> Date: Sun, 13 Feb 2005 04:36:23 -0500
I agree with Devdas that most attacks are application layer attacks.
If you think in payload rather than vulnerability terms than network
layer attack can cause denial of service, while it will take some sort
of an application layer attack to cause any other damage such as
stealing information or performing fraudulent transactions.
Application layer attacks are not limited to virii: buffer overflow, SQL
injection, Cross site scripting & Browser hijacking are all type of
application layer vulnerabilities widely exploited.
Going back to the original question about "proof" that most attacks are
on the application layer: If you look through buqtraq archives you will
find that a huge percentage of the vulnerabilities discovered are of
these types. There is also a well know study by Gartner that says that
75%-80% of attacks are carried on the application layer.
Ofer Shezaf
CTO, Breach Security
Tel: +972.9.956.0036 ext.212
Cell: +972.54.443.1119
ofers@breach.com
http://www.breach.com
> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-
> admin@honor.icsalabs.com] On Behalf Of Devdas Bhagat
> Sent: Saturday, February 12, 2005 5:21 AM
> To: firewall-wizards@honor.icsalabs.com
> Subject: Re: [fw-wiz] Application-level Attacks
>
> On 09/02/05 00:54 +0100, gmx wrote:
> > Hello
> >
> > Well... i dont think that application level atacks have something to
> > do with ports... simply because i think, ports are at tcp-layer, and
> > if you talk about application, you talk about layer 7... if i hear
> > application layer and attacks, all i can imagine is virii...
>
> No. The biggest attacks which I can recall not beingat the application
> layer were the ATH0+++ which disconnected dialup users, and the ping
of
> death which exploited a hole in the Windows network stack.
>
> > Well, i dont know any other atack for layer 7 than malicious code.
>
> These atacks are all malicious code, and include worms, viruses,
> trojans, and are rather applicable across operating systems and
> applications.
>
> > Means, all you can do at this layer, is to use an antivirus
software,
> > imho.
> > Please correct me if i could be worng.
>
> Or run secure code in the first place. Patching helps as well.
>
> Devdas Bhagat
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul Melson: "RE: [fw-wiz] A few sql 2000 related questions"
- Next in thread: Marcus J. Ranum: "RE: [fw-wiz] Application-level Attacks"
- Reply: Marcus J. Ranum: "RE: [fw-wiz] Application-level Attacks"
- Reply: Frank Knobbe: "RE: [fw-wiz] Application-level Attacks"
- Maybe reply: Ofer Shezaf: "RE: [fw-wiz] Application-level Attacks"
- Maybe reply: Ofer Shezaf: "RE: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
