RE: [fw-wiz] Application-level Attacks
From: Frank Knobbe (frank_at_knobbe.us)
Date: 02/14/05
- Previous message: Marcus J. Ranum: "RE: [fw-wiz] Application-level Attacks"
- In reply to: Ofer Shezaf: "RE: [fw-wiz] Application-level Attacks"
- Next in thread: Ofer Shezaf: "RE: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Ofer Shezaf <Ofer.Shezaf@breach.com> Date: Mon, 14 Feb 2005 11:18:17 -0600
On Sun, 2005-02-13 at 04:36 -0500, Ofer Shezaf wrote:
> If you think in payload rather than vulnerability terms than network
> layer attack can cause denial of service, while it will take some sort
> of an application layer attack to cause any other damage such as
> stealing information or performing fraudulent transactions.
>
> Application layer attacks are not limited to virii: buffer overflow, SQL
> injection, Cross site scripting & Browser hijacking are all type of
> application layer vulnerabilities widely exploited.
That raises the question, though, if we need to further categorize by
including session layer attacks and presentation layer attacks, or
should continue to lump these into application layer attacks.
Isn't Cross Site Scripting and Session Hijacking/Riding not a session
layer attack? Is the recent International Domain Name issue (raised by
the fine folks at Shmoo) not a presentation layer attack?
Regards,
Frank
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Marcus J. Ranum: "RE: [fw-wiz] Application-level Attacks"
- In reply to: Ofer Shezaf: "RE: [fw-wiz] Application-level Attacks"
- Next in thread: Ofer Shezaf: "RE: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
