CAPEC-590: IP Address Blocking

Overview

CAPEC-590 (IP Address Blocking) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

What the attacker needs

Prerequisites

This attack requires the ability to conduct deep packet inspection with an In-Path device that can drop the targeted traffic and/or connection.

Consequences

What a successful CAPEC-590 attack can achieve.

Other

Affects: Availability

Blocking packets intended for a target IP address denies its availability to the user.

How to mitigate it

Defenses that reduce the risk of CAPEC-590.

Have a large pool of backup IPs built into the application and support proxy capability in the application.

Examples

Consider situations of information censorship for political purposes, where regimes that prevent access to specific web services.

The CWE weaknesses that CAPEC-590 exploits.

: Channel Accessible by Non-Endpoint

CAPEC-590: IP Address Blocking

Overview

What the attacker needs

Prerequisites

Consequences

How to mitigate it

Examples

Frequently asked questions

What is CAPEC-590?

How do you prevent CAPEC-590?

What weaknesses does CAPEC-590 target?

How severe is CAPEC-590?

References

Defend against CAPEC-590

Overview

What the attacker needs

Prerequisites

Consequences

How to mitigate it

Examples

Related weaknesses

Related attack patterns

Parent

Frequently asked questions

What is CAPEC-590?

How do you prevent CAPEC-590?

What weaknesses does CAPEC-590 target?

How severe is CAPEC-590?

References

Defend against CAPEC-590