Skip to content

Latest commit

 

History

History
63 lines (49 loc) · 3.63 KB

attack-tree.md

File metadata and controls

63 lines (49 loc) · 3.63 KB

Attack Tree Analysis for librespeed/speedtest

Objective: Degrade Service Availability (via LibreSpeed/speedtest) - Note: The goal is refined to focus on the high-risk area.

Attack Tree Visualization

                  Attacker Goal: Degrade Service Availability
                                    (via LibreSpeed/speedtest)
                                                |
                                                |
                  -------------------------------------
                  |                                   |
                  |  Denial of Service (DoS/DDoS) [CN]|
                  |                                   |
                  -------------------------------------
                  /       |
                 /        |
                /         |
  ------------  ----------
  | Resource |  | Network |
  |Exhaustion|[HR]| Flooding|[HR]
  ------------  ----------
       | [CN]        | [CN]
       |             |
  -----|-----    -----|
  |Many     |    | SYN |
  |Clients  |    |Flood|[HR]
  |(Threads)|[HR]
  ----------    -------

Attack Tree Path: Denial of Service (DoS/DDoS) [CN]

  • Description: The attacker aims to make the speed test service unavailable to legitimate users by overwhelming the server or network with malicious requests. This is a critical node because it's the most direct and likely path to achieving the attacker's goal of service degradation.
  • Why it's Critical: Successful DoS attacks directly impact the availability of the service, which is a primary function of a speed test application.

Attack Tree Path: Resource Exhaustion [HR] [CN]

  • Description: The attacker attempts to consume all available server resources (CPU, memory, bandwidth) by initiating a large number of connections or requests. This is a high-risk path due to its relative ease of execution and high likelihood of success without proper mitigation. It's also a critical node within the DoS branch.

Attack Tree Path: Many Clients (Threads) [HR]

  • Description: The attacker uses multiple clients (or a single client with many threads, potentially leveraging Web Workers) to simultaneously request speed tests. This overwhelms the server's ability to process legitimate requests.
  • Likelihood: High
  • Impact: Medium to High (service slowdown to complete unavailability)
  • Effort: Low to Medium
  • Skill Level: Novice to Intermediate
  • Detection Difficulty: Medium

Attack Tree Path: Network Flooding [HR] [CN]

  • Description: The attacker floods the server's network connection with a large volume of traffic, preventing legitimate traffic from reaching the server. This is a high-risk path due to its effectiveness and the availability of tools to perform such attacks. It's also a critical node within the DoS branch.

Attack Tree Path: SYN Flood [HR]

  • Description: The attacker sends a large number of SYN (synchronization) packets to the server, initiating connection requests but never completing the handshake. This consumes server resources and prevents legitimate connections from being established. (Other flooding techniques like UDP floods also fall under this high-risk category).
  • Likelihood: Medium
  • Impact: High to Very High (complete network disruption)
  • Effort: Medium to High
  • Skill Level: Intermediate
  • Detection Difficulty: Easy to Medium