Went through this with ssh, ftp, and RATs over HTTP. Thanks. John Crout On Sep 28, 2014 10:31 AM, "Jamie Riden" <jamie.ri...@gmail.com> wrote:
> Application layer in the 4 layer TCP model I think. I've never really > liked the distinctions at the top of the 7 layer OSI model. > > http://www.omnisecu.com/tcpip/tcpip-model.php > > cheers, > Jamie > > On 28 September 2014 17:22, John Crout <john.cr...@gmail.com> wrote: > > What later us it then, in TCP model? > > > > John > > - via phone > > > > On Sep 28, 2014 4:28 AM, "Jamie Riden" <jamie.ri...@gmail.com> wrote: > >> > >> bash is not link layer. Put the mod_sec rules in and patch bash. > >> > >> iptables can do pattern matching, but someone's already written the > >> mod_sec rules for you, and I suspect it has vastly better protocol > >> decoding capabilities. > >> > >> (Sounds like more bash patches on the way according to Michal > >> Zalewski, so both mod_sec rules and patching are preferred rather than > >> either in isolation.) > >> > >> cheers, > >> Jamie > >> > >> On 27 September 2014 17:28, John Crout <john.cr...@gmail.com> wrote: > >> > Are both if these true? > >> > Modsecurity is an Application layer firewall, and bash (any shell) is > >> > Link > >> > Layer? > >> > > >> > Maybe an iptables ruleset? > >> > > >> > John Crout > >> > - via phone > >> > > >> > On Sep 26, 2014 5:16 PM, "Joshua Roback" <jrob...@gmail.com> wrote: > >> >> > >> >> http://seclists.org/oss-sec/2014/q3/650 > >> >> > >> >> > >> >> > https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ > >> >> > >> >> > >> >> > http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html > >> >> > >> >> Has anyone come across a ModSec rule for this new CVE? > >> >> > >> >> -- > >> >> Joshua Roback > >> >> > >> >> _______________________________________________ > >> >> Owasp-modsecurity-core-rule-set mailing list > >> >> Owasp-modsecurity-core-rule-set@lists.owasp.org > >> >> > >> >> > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > >> >> > >> > > >> > _______________________________________________ > >> > Owasp-modsecurity-core-rule-set mailing list > >> > Owasp-modsecurity-core-rule-set@lists.owasp.org > >> > > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > >> > > >> > >> > >> > >> -- > >> Jamie Riden / ja...@honeynet.org / jamie.ri...@gmail.com > >> http://uk.linkedin.com/in/jamieriden > > > > -- > Jamie Riden / ja...@honeynet.org / jamie.ri...@gmail.com > http://uk.linkedin.com/in/jamieriden >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
