Dark Mode

Settings

Capec-125 Detail

Flooding

Meta Communications Software Likelihood: High Typical Severity: Medium

Children: 482 486 487 488 489 490 528 666

Threats: T61 T64 T74 T77 T107 T264 T265 T269 T282 T285 T289 T308 T309 T335 T374 T401 T404

Description

An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.

Not present

External ID Source Link Description
CAPEC-125 capec https://capec.mitre.org/data/definitions/125.html
CWE-404 cwe http://cwe.mitre.org/data/definitions/404.html
CWE-770 cwe http://cwe.mitre.org/data/definitions/770.html
T1498.001 ATTACK https://attack.mitre.org/wiki/Technique/T1498/001 Network Denial of Service: Direct Network Flood
T1499 ATTACK https://attack.mitre.org/wiki/Technique/T1499 Endpoint Denial of Service
10 WASC http://projects.webappsec.org/Denial-of-Service Denial of Service
OWASP Attacks https://owasp.org/www-community/attacks/Traffic_flood Traffic flood

Not present

  1. Any target that services requests is vulnerable to this attack on some level of scale.
  1. A script or program capable of generating more requests than the target can handle, or a network or cluster of objects all capable of making simultaneous requests.

Not present

Availability
Unreliable Execution (A successful flooding attack compromises the availability of the target system's service by exhausting its available resources.)
Resource Consumption (A successful flooding attack compromises the availability of the target system's service by exhausting its available resources.)

Not present

We use cookies to ensure you get the best experience on our website.