Bugtraq mailing list archives
Re: On classifying attacks
From: Technica Forensis <forensis.technica () gmail com>
Date: Wed, 20 Jul 2005 11:26:52 -0400
Using this definition the email example is local and both bind examples are remote... and any definition that classifies the e-mail example as "local" is just broken.
This really depends on the situation. Say I write an exploit that when run as a user spawns a listening ssh service with root priv. I get on the system however I do, download this file and exec it. I think everyone would agree that is a local exploit. I send that same file as an email attachment to some dolt and peer pressure him into running it. Just because I downloaded the file by emailing it to said dolt doesn't change the exploit from local to remote. It potentially changes it from 'exploit' to trojan, but it is still being executed locally. And, I agree with Crispin that the local/remote distinction is a huge gaping hole in the taxonomy, but rather than not using it I think it should be added to and improved on. C
Current thread:
- Re: On classifying attacks, (continued)
- Re: On classifying attacks Godwin Stewart (Jul 18)
- Re: On classifying attacks James Longstreet (Jul 18)
- Re: On classifying attacks Adam Shostack (Jul 19)
- Re: On classifying attacks Mihai Amarandei-Stavila (Jul 18)
- Re: On classifying attacks Crispin Cowan (Jul 18)
- Re: On classifying attacks Indigo Haze (Jul 16)
- Re: On classifying attacks Steven M. Christey (Jul 18)
- Re: On classifying attacks Dustin D. Trammell (Jul 19)
- RE: On classifying attacks Black, Michael (Jul 19)
- Re: On classifying attacks Crispin Cowan (Jul 19)
- Re: On classifying attacks Technica Forensis (Jul 20)
- Re: On classifying attacks Crispin Cowan (Jul 27)
- Re: On classifying attacks Crispin Cowan (Jul 19)
- Re: On classifying attacks Crispin Cowan (Jul 28)