Disruptive Attacks

Intent: disrupt communication between requester and responder

Filtering (IP, DNS, port, etc.)
Defense: server covertness--never return the different content for the same URL
Request Tampering
reorder/remove fields from HTTP headers
alter downstream content
Defense: don't hide messages in HTTP headers, no cookies, use hidden watermarks, etc.
Session Tampering
insert/remove/reorder HTTP requests and responses
Defense: error correction, headers to "echo" message to responder, etc.