Type of Attacks

Objectives

Some of the most common are:

• Fun and/or hacking reputation.

• Political purposes.

• Military purposes.

• Economical purposes.

Technical objectives

• Operation disruption.

  • (Distributed) Denial-of-Service.

• Resource hijack.

  • Spam,

  • Crypt-currency mining/mastermodes,

  • Platform to other attacks!

• For data interception.

  • Personal data.

    • As the final goal,

    • As a tool to achieve more valuable information.

  • Technical data.

    • Usually used to achieve more valuable information.

  • Commercial data.

    • Digital objects, financial and/or engineering plans, ...

• All.

  • Disruption to intercept!

  • Intercept to disrupt!

Disruption may be used to achieve interception!

Interception may be used to achieve disruption (operational or commercial).

Disruption Attacks

Distributed DoS

• Multiple slow/small devices generating traffic to a target.

  • TCP vs. UDP.

Solution at target.

• Load-balancers.

• For TCP, maybe it's possible to survive making active (with licit client validation) session resets (server/ firewalls).

  • White list solution, for completed session negotiation.

• For UDP/DNS, block requests for known external relay/redirection DNS servers (blocks attack amplification, IP target spoofing).

  • Doesn't work with large botnets and direct requests to target.

Solution at source

• Anomalous behaviors detection.

  • Low traffic variations are hard to detect.

  • Destinations of traffic changes.

  • With "really low" data rates is impossible to detect.

Denial of service by physical signal jamming

• Pure disruption, or

• Disruption to activate secondary channels (more easily compromised).

• Solution.

  • Detect, localized source, and physically neutralize.