Home > CAPEC List > CAPEC-482: TCP Flood (Version 2.11)  

CAPEC-482: TCP Flood

 
TCP Flood
Definition in a New Window Definition in a New Window
Attack Pattern ID: 482
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary may execute a flooding attack using the TCP protocol with the intent to deny legitimate users access to a service. These attacks exploit the weakness within the TCP protocol where there is some state information for the connection the server needs to maintain.

+ Attack Prerequisites
  • This type of an attack requires the ability to generate a large amount of TCP traffic to send to the target port of a functioning server.

+ Solutions and Mitigations

To mitigate this type of an attack, an organization can monitor incoming packets and look for patterns in the TCP traffic to determine if the network is under an attack. The potential target may implement a rate limit on TCP SYN messages which would provide limited capabilities while under attack.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017