CAPEC-125: Flooding
An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.
Last updated
Overview
CAPEC-125 (Flooding) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- Any target that services requests is vulnerable to this attack on some level of scale.
Resources required
- A script or program capable of generating more requests than the target can handle, or a network or cluster of objects all capable of making simultaneous requests.
Consequences
What a successful CAPEC-125 attack can achieve.
Unreliable Execution, Resource Consumption
Affects: Availability
A successful flooding attack compromises the availability of the target system's service by exhausting its available resources.
How to mitigate it
Defenses that reduce the risk of CAPEC-125.
- Ensure that protocols have specific limits of scale configured.
- Specify expectations for capabilities and dictate which behaviors are acceptable when resource allocation reaches limits.
- Uniformly throttle all requests in order to make it more difficult to consume resources more quickly than they can again be freed.
Terminology & mappings
Mapped taxonomies
- ATTACK: Network Denial of Service: Direct Network Flood (1498.001)
- ATTACK: Endpoint Denial of Service (1499)
- WASC: Denial of Service (10)
- OWASP Attacks: Traffic flood
Frequently asked questions
Common questions about CAPEC-125.
- What is CAPEC-125?
- An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.
- How do you prevent CAPEC-125?
- Ensure that protocols have specific limits of scale configured.
- What weaknesses does CAPEC-125 target?
- CAPEC-125 exploits 2 CWE weaknesses, including CWE-404 (Improper Resource Shutdown or Release), CWE-770 (Allocation of Resources Without Limits or Throttling).
- How severe is CAPEC-125?
- MITRE rates CAPEC-125 as Medium severity with high likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-125
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.