Application layer in the 4 layer TCP model I think. I've never really liked the distinctions at the top of the 7 layer OSI model.
http://www.omnisecu.com/tcpip/tcpip-model.php cheers, Jamie On 28 September 2014 17:22, John Crout <john.cr...@gmail.com> wrote: > What later us it then, in TCP model? > > John > - via phone > > On Sep 28, 2014 4:28 AM, "Jamie Riden" <jamie.ri...@gmail.com> wrote: >> >> bash is not link layer. Put the mod_sec rules in and patch bash. >> >> iptables can do pattern matching, but someone's already written the >> mod_sec rules for you, and I suspect it has vastly better protocol >> decoding capabilities. >> >> (Sounds like more bash patches on the way according to Michal >> Zalewski, so both mod_sec rules and patching are preferred rather than >> either in isolation.) >> >> cheers, >> Jamie >> >> On 27 September 2014 17:28, John Crout <john.cr...@gmail.com> wrote: >> > Are both if these true? >> > Modsecurity is an Application layer firewall, and bash (any shell) is >> > Link >> > Layer? >> > >> > Maybe an iptables ruleset? >> > >> > John Crout >> > - via phone >> > >> > On Sep 26, 2014 5:16 PM, "Joshua Roback" <jrob...@gmail.com> wrote: >> >> >> >> http://seclists.org/oss-sec/2014/q3/650 >> >> >> >> >> >> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ >> >> >> >> >> >> http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html >> >> >> >> Has anyone come across a ModSec rule for this new CVE? >> >> >> >> -- >> >> Joshua Roback >> >> >> >> _______________________________________________ >> >> Owasp-modsecurity-core-rule-set mailing list >> >> Owasp-modsecurity-core-rule-set@lists.owasp.org >> >> >> >> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >> >> >> > >> > _______________________________________________ >> > Owasp-modsecurity-core-rule-set mailing list >> > Owasp-modsecurity-core-rule-set@lists.owasp.org >> > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >> > >> >> >> >> -- >> Jamie Riden / ja...@honeynet.org / jamie.ri...@gmail.com >> http://uk.linkedin.com/in/jamieriden -- Jamie Riden / ja...@honeynet.org / jamie.ri...@gmail.com http://uk.linkedin.com/in/jamieriden _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
