Network Security: Detailed info on Re: On classifying attacks

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

[Top] [All Lists]

Re: On classifying attacks

from [Technica Forensis] Network Security

[Permanent Link]

Subject:	Re: On classifying attacks
Date:	Wed, 20 Jul 2005 11:26:52 -0400

Using this definition the email example is local and both bind examples
are remote.

.. and any definition that classifies the e-mail example as "local" is
just broken.


This really depends on the situation.  Say I write an exploit that
when run as a user spawns a listening ssh service with root priv.  I
get on the system however I do, download this file and exec it.  I
think everyone would agree that is a local exploit.
I send that same file as an email attachment to some dolt and peer
pressure him into running it.  Just because I downloaded the file by
emailing it to said dolt doesn't change the exploit from local to
remote. It potentially changes it from 'exploit' to trojan, but it is
still being executed locally.

And, I agree with Crispin that the local/remote distinction is a huge
gaping hole in the taxonomy, but rather than not using it I think it
should be added to and improved on.

C

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: On classifying attacks, (continued) Re: On classifying attacks, Godwin Stewart Re: On classifying attacks, James Longstreet Re: On classifying attacks, Adam Shostack Re: On classifying attacks, Mihai Amarandei-Stavila Re: On classifying attacks, Crispin Cowan Re: On classifying attacks, Indigo Haze Re: On classifying attacks, Steven M. Christey Re: On classifying attacks, Dustin D. Trammell RE: On classifying attacks, Black, Michael Re: On classifying attacks, Crispin Cowan Re: On classifying attacks, Technica Forensis <= Re: On classifying attacks, Crispin Cowan RE: On classifying attacks, Black, Michael Re: On classifying attacks, Crispin Cowan

Previous by Date:	Re: Installation of software, and security. . ., John Richard Moser
Next by Date:	Re: UPB: Discussion Board/Web-Site Takeover, rgod
Previous by Thread:	Re: On classifying attacks, Crispin Cowan
Next by Thread:	Re: On classifying attacks, Crispin Cowan
Indexes:	[Date] [Thread] [Top] [All Lists]