Skip to content

T1499.003 Application Exhaustion Flood

Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications. For example, specific features in web applications may be highly resource intensive. Repeated requests to those features may be able to exhaust system resources and deny access to the application or the server itself.1

Item Value
ID T1499.003
Sub-techniques T1499.001, T1499.002, T1499.003, T1499.004
Tactics TA0040
Platforms Azure AD, Google Workspace, IaaS, Linux, Office 365, SaaS, Windows, macOS
Version 1.2
Created 20 February 2020
Last Modified 25 March 2022

Mitigations

ID Mitigation Description
M1037 Filter Network Traffic Leverage services provided by Content Delivery Networks (CDN) or providers specializing in DoS mitigations to filter traffic upstream from services.3 Filter boundary traffic by blocking source addresses sourcing the attack, blocking ports that are being targeted, or blocking protocols being used for transport.

Detection

ID Data Source Data Component
DS0015 Application Log Application Log Content
DS0029 Network Traffic Network Traffic Content
DS0013 Sensor Health Host Status

References