Home > CAPEC List > CAPEC-119: Deplete Resources (Version 2.4)  

CAPEC CATEGORY: Deplete Resources

 
Deplete Resources
Definition in a New Window Definition in a New Window
Category ID: 119
 
Status: Draft
+ Description

Summary

Attack patterns within this category focus on the depletion of a resource to the point that the target's functionality is affected. Virtually any resource necessary for the target's operation can be targeted in this attack. The result of a successful resource depletion attack is usually the degrading or denial of one or more services offered by the target. Resources required will depend on the nature of the resource being depleted, the amount of resources the target has access to, and other mitigating circumstances such as the target's ability to shift load or acquire additional resources to deal with the depletion. The more protected the resource and the greater the quantity of it that must be consumed, the more skill the adversary will need to successfully execute attacks in this category.
+ Attack Prerequisites
  • The target must rely on a vulnerable resource for its operations and be unable to replace it in a reasonable amount of time if it is unavailable.

  • The attacker must have the ability to consume, destroy, or disrupt a resource required for normal operation of the target.

+ Resources Required

In order to deplete the target's resources the attacker must interact with the target in a programmatic way. Depending on the nature of the resource the attacker may need a client or script capable of making repeated requests over a network, or the ability to craft specific requests, such as an HTTP request containing thousands of slashes. If the attacker has some privileges on the system the required resource will likely be the ability to run a binary or upload a compiled exploit, or write and execute a script or program that consumes resources. Depending on the defenses of the targeted system, the attacker may need access to extensive computational and network resources in order to overwhelm the target.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
HasMemberAttack PatternAttack Pattern125Flooding
Mechanisms of Attack1000
HasMemberAttack PatternAttack Pattern130Excessive Allocation
Mechanisms of Attack1000
HasMemberAttack PatternAttack Pattern131Resource Leak Exposure
Mechanisms of Attack1000
HasMemberAttack PatternAttack Pattern227Sustained Client Engagement
Mechanisms of Attack1000
HasMemberAttack PatternAttack Pattern490Amplification
Mechanisms of Attack1000
MemberOfCategoryCategory343WASC-10 - Denial of Service
WASC Threat Classification 2.0333
MemberOfViewView1000Mechanisms of Attack
Mechanisms of Attack1000
+ Content History
Modifications
ModifierOrganizationDateCommentsSource
CAPEC Content TeamThe MITRE Corporation2014-04-10Updated Description, RelationshipsInternal
Previous Entry Names
DatePrevious Entry Name
2014-04-10Resource Depletion

Page Last Updated: April 10, 2014