Skip to content

Latest commit

 

History

History
27 lines (22 loc) · 2.79 KB

threat-modeling.md

File metadata and controls

27 lines (22 loc) · 2.79 KB

Threat Model Analysis for librespeed/speedtest

Threat: Resource Exhaustion DoS

  • Description: An attacker floods the speedtest server with numerous speed test requests, either manually or using automated tools (bots). This overwhelms the server's resources (CPU, memory, bandwidth, I/O) due to the resource-intensive nature of speed tests.
  • Impact: Server becomes slow or unresponsive, denying service to legitimate users. Potentially leads to server crash and service outage. Increased infrastructure costs due to bandwidth overage.
  • Affected Component: Speedtest Server (backend infrastructure), specifically the resources consumed by the speedtest processes.
  • Risk Severity: High
  • Mitigation Strategies:
    • Implement rate limiting on speed test initiation requests based on IP address or user session to prevent excessive requests.
    • Use CAPTCHA or proof-of-work mechanisms before allowing speed test initiation to deter automated bot attacks.
    • Monitor server resource utilization (CPU, memory, bandwidth, I/O) and set up alerts to detect and respond to unusual spikes caused by speed tests.
    • Provision sufficient server resources to handle expected peak loads, considering the resource demands of speed tests.
    • Implement request queueing or throttling to manage concurrent speed test requests and prevent server overload.

Threat: Bandwidth Exhaustion DoS

  • Description: An attacker initiates a large number of speed tests to consume all available bandwidth on the server. This can be achieved by repeatedly starting tests or potentially by manipulating test parameters (if possible) to maximize bandwidth usage during each test.
  • Impact: Server bandwidth becomes saturated, leading to denial of service for speed test functionality and potentially other services sharing the same network. Increased bandwidth costs from hosting provider due to excessive speed test traffic.
  • Affected Component: Speedtest Server (network interface), specifically the bandwidth consumed by speed test data transfers.
  • Risk Severity: High
  • Mitigation Strategies:
    • Implement bandwidth limiting on the server-side specifically for speed test operations to restrict the bandwidth available for speed tests.
    • Utilize a Content Delivery Network (CDN) to serve static speed test files (JavaScript, HTML, assets) to reduce bandwidth load on the origin speed test server.
    • Monitor bandwidth usage and set up alerts to detect unusual spikes in bandwidth consumption related to speed tests.
    • Negotiate appropriate bandwidth limits and consider burstable bandwidth options with the hosting provider to handle legitimate peak usage and mitigate attack impact.