> For the complete documentation index, see [llms.txt](https://itu.gitbook.io/dfs-security-assurance-framework/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://itu.gitbook.io/dfs-security-assurance-framework/dfs-security-vulnerabilities-threats-and-mitigation-measures-in-order-to-systematical/denial-of-service-attacks.md). # Denial of Service Attacks We characterize these attacks as being designed to prevent services within the DFS ecosystem from being offered. ### Affected entity: MNO #### **Risk:** Inability to perform a transaction as a result of service outage and transaction failure, high transaction delays. * **Vulnerability:** Network failure due to insufficient network capacity or to maintenance or design (SD: availability) * [ ] **Control 6.1:** *The mobile network operator should take steps to ensure network high network availability to allow access to DFS services through USSD, SMS, and the Internet.* * **Vulnerability:** Network failure due to insufficient network capacity or to maintenance or design (SD: availability) * [ ] **Control 6.2:** *The MNO should perform technical capacity tests simulating different transactions based on customer numbers, expected growth, expected number of transactions, and expected peak periods to ensure continued system performance.* ### Affected entity: DFS Provider * **Vulnerability:** Inadequate monitoring of network traffic and packets (SD: availability, communication security) * [ ] **Control 6.3:** *The DFS provider should protect against network attacks by the use of firewalls and traffic filters, and protect against DFS infrastructure threats by challenging suspicious traffic through network admission techniques and mechanisms such as CAPTCHAs.* * **Vulnerability:** Enabling unnecessary services (SD: data confidentiality) * [ ] **Control 6.4:** *Inbound internet traffic should be limited and continuously monitored.* * **Vulnerability:** Enabling unnecessary services (SD: data confidentiality) * [ ] **Control 6.5:** *Set restrictive firewall rules by default, use ports whitelisting, use packet filters, and continuously monitor access to whitelisted/permitted ports and IP's.* --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://itu.gitbook.io/dfs-security-assurance-framework/dfs-security-vulnerabilities-threats-and-mitigation-measures-in-order-to-systematical/denial-of-service-attacks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.