I don't claim to be an expert of any type but here are some of my
observations:
Types of attack
- exhaust resource(s) on victims site
- poison resource(s) on victims site
- re-route or blackhole objects in transit
- exhaust resource(s) in the transit net
- poison resource(s) in the transit net
I am trying to describe these attacks in the most generic way I can
because when I first started looking at all the Internet Services on
an individual basis, my head just started to hurt with all the permutations.
Yup. Consider that any knowledgeable human with sufficient bandwidth
and a W&G can simply take out any point in the net. It has happened
in the past as an accident. The only downside is that it's somewhat
traceable.
The only defence that I can see is proper auditing (not just log
auditing but cause and effect auditing) of these public
objects. Even these auditing devices can turn on you and become a
denial of service attach themselves if you have the knob turned up to
11. :-)
I question this since even with logging, you have no real idea of the
source. If it's a low bandwidth attack and the source address is
spoofed, it may be sufficiently subtle to never be traced.
Tony
|
|
