Bugtraq mailing list archives
Re: On classifying attacks
From: Crispin Cowan <crispin () novell com>
Date: Wed, 03 Aug 2005 23:29:11 -0700
Forte Systems - Iosif Peterfi wrote:
Basicaly, compound attacks need the victim intervention.
No; compound attacks need more than one attack vector. In your example of attacking a web server, the attacker needs a compound attack comprised of a remote->local attack and a local->root attack to take over the machine. It is "compound" in that it is comprised of more than one attack, but does not necessarily involve the victim's intervention. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com
Current thread:
- RE: On classifying attacks Forte Systems - Iosif Peterfi (Aug 01)
- RE: On classifying attacks Tim Nelson (Aug 04)
- RE: On classifying attacks Forte Systems - Iosif Peterfi (Aug 06)
- Re: On classifying attacks Thierry Carrez (Aug 06)
- <Possible follow-ups>
- Re: On classifying attacks Daniel Weber (Aug 01)
- Re: On classifying attacks Shwaine (Aug 06)
- Re: On classifying attacks Duncan Simpson (Aug 06)
- Re: On classifying attacks Crispin Cowan (Aug 04)
- RE: On classifying attacks Tim Nelson (Aug 04)