CAPEC-482: TCP Flood
An adversary may execute a flooding attack using the TCP protocol with the intent to deny legitimate users access to a service. These attacks exploit the weakness within the TCP protocol where there is some state information for the connection the server needs to maintain. This often involves the use of TCP SYN messages.
Last updated
Overview
CAPEC-482 (TCP Flood) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- This type of an attack requires the ability to generate a large amount of TCP traffic to send to the target port of a functioning server.
How to mitigate it
Defenses that reduce the risk of CAPEC-482.
- To mitigate this type of an attack, an organization can monitor incoming packets and look for patterns in the TCP traffic to determine if the network is under an attack. The potential target may implement a rate limit on TCP SYN messages which would provide limited capabilities while under attack.
Terminology & mappings
Mapped taxonomies
- ATTACK: Network Denial of Service: Direct Network Flood (1498.001)
- ATTACK: Endpoint Denial of Service: OS Exhaustion Flood (1499.001)
- ATTACK: Endpoint Denial of Service: Service Exhaustion Flood (1499.002)
Frequently asked questions
Common questions about CAPEC-482.
- What is CAPEC-482?
- An adversary may execute a flooding attack using the TCP protocol with the intent to deny legitimate users access to a service. These attacks exploit the weakness within the TCP protocol where there is some state information for the connection the server needs to maintain. This often involves the use of TCP SYN messages.
- How do you prevent CAPEC-482?
- To mitigate this type of an attack, an organization can monitor incoming packets and look for patterns in the TCP traffic to determine if the network is under an attack. The potential target may implement a rate limit on TCP SYN messages which would provide limited capabilities while under attack.
- What weaknesses does CAPEC-482 target?
- CAPEC-482 exploits 1 CWE weakness, including CWE-770 (Allocation of Resources Without Limits or Throttling).
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-482
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.