| Name |
TCP Flood |
|
| Likelyhood of attack |
Typical severity |
| Medium |
High |
|
| Summary |
An adversary may execute a flooding attack using the TCP protocol with the intent to deny legitimate users access to a service. These attacks exploit the weakness within the TCP protocol where there is some state information for the connection the server needs to maintain. |
| Prerequisites |
This type of an attack requires the ability to generate a large amount of TCP traffic to send to the target port of a functioning server. |
| Solutions | To mitigate this type of an attack, an organization can monitor incoming packets and look for patterns in the TCP traffic to determine if the network is under an attack. The potential target may implement a rate limit on TCP SYN messages which would provide limited capabilities while under attack. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-770 |
Allocation of Resources Without Limits or Throttling |
|
| Related CAPECS |
|
CAPEC ID
|
Description
|
| CAPEC-125 |
An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target. |
|
| Taxonomy: ATTACK |
|
Entry ID
|
Entry Name
|
| 1499.001 |
Endpoint Denial of Service:OS Exhaustion Flood |
| 1499.004 |
Endpoint Denial of Service:Application or System Exploitation |
|