Commit d8d85e4c authored by Valerie Aurora (Bow Shock)'s avatar Valerie Aurora (Bow Shock)
Browse files

Update DDOS threat

parent 04f819e7

EN-304-626.md

+13 −13
Original line number Original line Diff line number Diff line
@@ -2067,21 +2067,21 @@ Mitigations for Impact: 




#### C.4.3.7 TH-DDOS: Denial of service attack on other products via exploitation of vulnerabilities or unauthorized use of product functions

#### C.4.3.7 TH-DDOS: Denial of service attack on other products via exploitation of vulnerabilities or unauthorized use of product functions





Attacker may exploit vulnerabilities in the product to attack other products.

Attacker may use the network to exploit vulnerabilities in the product to attack other products.





Guidance: Traffic amplication attacks and other misuses of product functions are considered vulnerabilities and/or unauthorized use for the purpose of this threat.

Guidance: Traffic amplication attacks and other misuses of product functions are considered vulnerabilities and/or unauthorized use for the purpose of this threat.





| Risk factors         | Likelihood | Security profiles        |

| Risk factors         | Likelihood | Security profiles        |

|-------------------------------|------------|------------------------------|

|----------------------|------------|--------------------------|

| NET = 0 or COM = 0 or ADM = 0 | Low        | WD-1                         |

| FNET = 0 or ADMN = 0 | Low        | LR, IoT-\*, OT-\*, SE-\* |

| all others                    | Medium     | WD-2, WD-3, WD-4, WL-1, VI-1 |

| all others           | Medium     | RO-1, WE-1, PC-\*, LA-2  |

| NET = 2 & COM = 2 & ADM = 2   | High       | WL-2, WL-3, VI-2             |

| FNET = 2 & ADMN = 2  | High       | MOB-1, LA-1              |





| Risk factors | Impact | Security profiles           |

| Risk factors | Impact | Security profiles           |

|--------------|--------|-----------------------------------|

|--------------|--------|-----------------------------|

| NET = 0      | Low    | WD-1, VI-1                        |

| TNET = 0     | Low    | LR, IoT-1                   |

| NET = 1      | Medium | WL-1,                             |

| TNET = 1     | Medium | IoT-2, IoT-3, OT-\*, SE-\*  |

| NET = 2      | High   | WD-2, WD-3, WD-4, WL-2, WL-3, V-2 |

| TNET = 2     | High   | RO-1, MOB-1, PC-\*, LA-\*   |





Requirements that mitigate this threat: NKEV, LMII, MINI, LMAS, LOGG, VULH

Requirements that mitigate this threat: NKEV, LMII, MINI, LMAS, LOGG, VULH
@@ -2089,9 +2089,9 @@ All mitigations from TH-KEVU apply (using that requirement's risk formula), plus 




Mitigations for Impact:

Mitigations for Impact:





* Medium to Low: MDOC

* Medium to Low: (MDOC or MAMP)





* High to Low: MDOC, MPHY

* High to Low: MDOC or (MNET, MAMP)





#### C.4.3.8 TH-MQSE: Masquerading authorized server

#### C.4.3.8 TH-MQSE: Masquerading authorized server