CAPEC-490: Amplification

An adversary may execute an amplification where the size of a response is far greater than that of the request that generates it. The goal of this attack is to use a relatively few resources to create a large amount of traffic against a target server. To execute this attack, an adversary send a request to a 3rd party service, spoofing the source address to be that of the target server. The larger response that is generated by the 3rd party service is then sent to the target server. By sending a large number of initial requests, the adversary can generate a tremendous amount of traffic directed at the target. The greater the discrepancy in size between the initial request and the final payload delivered to the target increased the effectiveness of this attack.

Not rated

Typical severity

Per MITRE

Not rated

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Standard

Abstraction

MITRE classification

CAPEC-490: Amplification

Overview

What the attacker needs

Prerequisites

How to mitigate it

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-490?

How do you prevent CAPEC-490?

What weaknesses does CAPEC-490 target?

References

Defend against CAPEC-490