Skip to content

Latest commit

 

History

History
63 lines (47 loc) · 3.08 KB

attack-tree.md

File metadata and controls

63 lines (47 loc) · 3.08 KB

Attack Tree Analysis for tonymillion/reachability

Objective: Disrupt Application Functionality or Leak Sensitive Information by manipulating or misinterpreting network reachability status reported by the tonymillion/reachability library.

Attack Tree Visualization

                                      [Disrupt Application Functionality or Leak Sensitive Information]
                                                      /
                                                     /
          [Manipulate Reachability Status Reported by Library]
                 /              |
                /               |
[Spoof Network  ] [**Block Network**]
  Responses     ] [Traffic      ]
    /               /       \
   /               /         \
[**DNS**]      [ICMP]     [**TCP/UDP**]
**Spoofing**   Redirect   **Blocking** [HIGH RISK]

Attack Tree Path: Manipulate Reachability Status Reported by Library

  • Manipulate Reachability Status Reported by Library: The attacker actively interferes with the network or the device to make the library report an incorrect reachability status.

Attack Tree Path: Spoof Network Responses

*   **Spoof Network Responses:**

Attack Tree Path: DNS Spoofing

    *   **DNS Spoofing:** **Critical Node**
        *   **Description:** The attacker controls a DNS server or compromises the DNS resolution process to redirect the application to a malicious or non-existent server. `reachability` might report a host as reachable (because DNS resolved), but the application can't actually connect to the *intended* service.
        *   **Likelihood:** Medium
        *   **Impact:** High
        *   **Effort:** Medium
        *   **Skill Level:** Intermediate
        *   **Detection Difficulty:** Medium

Attack Tree Path: Block Network Traffic

*   **Block Network Traffic:** **Critical Node**

Attack Tree Path: ICMP Redirect

    *   ICMP Redirect:
        *   **Description:** The attacker sends ICMP redirect messages to reroute traffic away from intended destination.
        *   **Likelihood:** Very Low
        *   **Impact:** Medium
        *   **Effort:** Low
        *   **Skill Level:** Intermediate
        *   **Detection Difficulty:** Medium

Attack Tree Path: TCP/UDP Blocking

    *   **TCP/UDP Blocking:** **Critical Node** [HIGH RISK]
        *   **Description:** The attacker uses a firewall, router, or other network device to block TCP or UDP traffic to the target host or port. This is a very common and effective way to make a service appear unreachable.
        *   **Likelihood:** High
        *   **Impact:** Medium to High
        *   **Effort:** Very Low to Medium
        *   **Skill Level:** Novice to Advanced
        *   **Detection Difficulty:** Easy to Medium