CAPEC Details
Name TCP Flood
Likelyhood of attack Typical severity
Medium High
Summary An adversary may execute a flooding attack using the TCP protocol with the intent to deny legitimate users access to a service. These attacks exploit the weakness within the TCP protocol where there is some state information for the connection the server needs to maintain.
Prerequisites This type of an attack requires the ability to generate a large amount of TCP traffic to send to the target port of a functioning server.
Solutions To mitigate this type of an attack, an organization can monitor incoming packets and look for patterns in the TCP traffic to determine if the network is under an attack. The potential target may implement a rate limit on TCP SYN messages which would provide limited capabilities while under attack.
Related Weaknesses
CWE ID Description
CWE-770 Allocation of Resources Without Limits or Throttling
Related CAPECS
CAPEC ID Description
CAPEC-125 An adversary consumes the resources of a target by rapidly engaging in a large number of interactions with the target. This type of attack generally exposes a weakness in rate limiting or flow. When successful this attack prevents legitimate users from accessing the service and can cause the target to crash. This attack differs from resource depletion through leaks or allocations in that the latter attacks do not rely on the volume of requests made to the target but instead focus on manipulation of the target's operations. The key factor in a flooding attack is the number of requests the adversary can make in a given period of time. The greater this number, the more likely an attack is to succeed against a given target.
Taxonomy: ATTACK
Entry ID Entry Name
1499.001 Endpoint Denial of Service:OS Exhaustion Flood
1499.004 Endpoint Denial of Service:Application or System Exploitation