T1499.003 Application Exhaustion Flood
Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications. For example, specific features in web applications may be highly resource intensive. Repeated requests to those features may be able to exhaust system resources and deny access to the application or the server itself.1
Item | Value |
---|---|
ID | T1499.003 |
Sub-techniques | T1499.001, T1499.002, T1499.003, T1499.004 |
Tactics | TA0040 |
Platforms | Azure AD, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS |
Version | 1.2 |
Created | 20 February 2020 |
Last Modified | 25 March 2022 |
Mitigations
ID | Mitigation | Description |
---|---|---|
M1037 | Filter Network Traffic | Leverage services provided by Content Delivery Networks (CDN) or providers specializing in DoS mitigations to filter traffic upstream from services.3 Filter boundary traffic by blocking source addresses sourcing the attack, blocking ports that are being targeted, or blocking protocols being used for transport. |
Detection
ID | Data Source | Data Component |
---|---|---|
DS0015 | Application Log | Application Log Content |
DS0029 | Network Traffic | Network Traffic Content |
DS0013 | Sensor Health | Host Status |
References
-
Philippe Alcoy, Steinthor Bjarnason, Paul Bowen, C.F. Chui, Kirill Kasavchnko, and Gary Sockrider of Netscout Arbor. (2018, January). Insight into the Global Threat Landscape - Netscout Arbor’s 13th Annual Worldwide Infrastructure Security Report. Retrieved April 22, 2019. ↩
-
Cisco. (n.d.). Detecting and Analyzing Network Threats With NetFlow. Retrieved April 25, 2019. ↩
-
Meintanis, S., Revuelto, V., Socha, K.. (2017, March 10). DDoS Overview and Response Guide. Retrieved April 24, 2019. ↩