 Description An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target. Likelihood Of Attack Typical Severity Prerequisites
| Any target that services requests is vulnerable to this attack on some level of scale. |
Resources Required
| A script or program capable of generating more requests than the target can handle, or a network or cluster of objects all capable of making simultaneous requests. |
Consequences  This table specifies different individual consequences associated with the attack pattern. The Scope identifies the security property that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in their attack. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a pattern will be used to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.| Scope | Impact | Likelihood |
|---|
Availability | Unreliable Execution Resource Consumption | |
Mitigations
| Ensure that protocols have specific limits of scale configured. |
| Specify expectations for capabilities and dictate which behaviors are acceptable when resource allocation reaches limits. |
| Uniformly throttle all requests in order to make it more difficult to consume resources more quickly than they can again be freed. |
Taxonomy Mappings CAPEC mappings to ATT&CK techniques leverage an inheritance model to streamline and minimize direct CAPEC/ATT&CK mappings. Inheritance of a mapping is indicated by text stating that the parent CAPEC has relevant ATT&CK mappings. Note that the ATT&CK Enterprise Framework does not use an inheritance model as part of the mapping to CAPEC.Relevant to the ATT&CK taxonomy mapping | Entry ID | Entry Name |
|---|
| 1498.001 | Network Denial of Service: Direct Network Flood | | 1499 | Endpoint Denial of Service |
Relevant to the WASC taxonomy mapping | Entry ID | Entry Name |
|---|
| 10 | Denial of Service |
Relevant to the OWASP taxonomy mapping  Content History | Submissions |
|---|
| Submission Date | Submitter | Organization |
|---|
| 2014-06-23 (Version 2.6) | CAPEC Content Team | The MITRE Corporation | | | Modifications |
|---|
| Modification Date | Modifier | Organization |
|---|
| 2017-05-01 (Version 2.10) | CAPEC Content Team | The MITRE Corporation | | Updated Activation_Zone, Attack_Motivation-Consequences, Description Summary, Injection_Vector, Payload, Payload_Activation_Impact, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit | | 2020-07-30 (Version 3.3) | CAPEC Content Team | The MITRE Corporation | | Updated Taxonomy_Mappings | | 2020-12-17 (Version 3.4) | CAPEC Content Team | The MITRE Corporation | | Updated Taxonomy_Mappings | | 2022-09-29 (Version 3.8) | CAPEC Content Team | The MITRE Corporation | | Updated Taxonomy_Mappings |
More information is available — Please select a different filter.
|
