CAPEC-125: Flooding

Description

An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.

Extended Description

If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users. An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts.

This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.

Severity :

Medium

Possibility :

High

Type :

Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

CAPEC-482: TCP Flood TCP Flood CAPEC-486: UDP Flood UDP Flood CAPEC-487: ICMP Flood ICMP Flood CAPEC-488: HTTP Flood HTTP Flood CAPEC-489: SSL Flood SSL Flood CAPEC-490: Amplification Amplification CAPEC-528: XML Flood XML Flood CAPEC-666: BlueSmacking BlueSmacking

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Any target that services requests is vulnerable to this attack on some level of scale.

Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

ATTACK | Network Denial of Service: Direct Network Flood ATTACK | Endpoint Denial of Service WASC | Denial of Service OWASP Attacks | Traffic flood

Resources required

A script or program capable of generating more requests than the target can handle, or a network or cluster of objects all capable of making simultaneous requests.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

CWE-404: Improper Resource Shutdown or Release

CWE-770: Allocation of Resources Without Limits or Throttling

Visit http://capec.mitre.org/ for more details.