Description

An adversary may execute a flooding attack using the HTTP protocol with the intent to deny legitimate users access to a service by consuming resources at the application layer such as web services and their infrastructure. These attacks use legitimate session-based HTTP GET requests designed to consume large amounts of a server's resources. Since these are legitimate sessions this attack is very difficult to detect.

Mitigations

4

Design: Use A Web Application Firewall (Waf) To Help Filter Out Malicious Traffic. This Can Be Setup With Rules To Block Ip Addresses Found In Ip Reputation Databases, Which Contains Lists Of Known Bad Ip Addresses. Analysts Should Also Monitor When The Traffic Flow Becomes Abnormally Large, And Be Able To Add On-The-Fly Rules To Block Malicious Traffic. Special Care Should Be Taken To Ensure Low False Positive Rates In Block Rules And Functionality Should Be Implemented To Allow A Legitimate User To Resume Sending Traffic If They Have Been Blocked.

Design: Use A Load Balancer Such As Nginx To Prevent Small Scale Http Floods By Dispersing Traffic Between A Group Of Servers.

Hire A Third Party Provider To Implement A Web Application Firewall (Waf) For Your Application. Third Party Providers Have Dedicated Resources And Expertise That Could Allow Them To Update Rules And Prevent Http Floods Very Quickly.

Implementation: Make A Requesting Machine Solve Some Kind Of Challenge Before Allowing Them To Send An Http Request. This Could Be A Captcha Or Something Similar That Works To Deter Bots.

Consequences

Relationships

Related ATT&CK Techniques

1

CAPEC 488 HTTP Flood

Description

Mitigations

Design: Use A Load Balancer Such As Nginx To Prevent Small Scale Http Floods By Dispersing Traffic Between A Group Of Servers.

Hire A Third Party Provider To Implement A Web Application Firewall (Waf) For Your Application. Third Party Providers Have Dedicated Resources And Expertise That Could Allow Them To Update Rules And Prevent Http Floods Very Quickly.

Implementation: Make A Requesting Machine Solve Some Kind Of Challenge Before Allowing Them To Send An Http Request. This Could Be A Captcha Or Something Similar That Works To Deter Bots.

Consequences

Consequence Information

Relationships

Parent CAPECs

Related ATT&CK Techniques

Service Exhaustion Flood

CAPEC 488 HTTP Flood

Description

Mitigations

Design: Use A Load Balancer Such As Nginx To Prevent Small Scale Http Floods By Dispersing Traffic Between A Group Of Servers.

Hire A Third Party Provider To Implement A Web Application Firewall (Waf) For Your Application. Third Party Providers Have Dedicated Resources And Expertise That Could Allow Them To Update Rules And Prevent Http Floods Very Quickly.

Implementation: Make A Requesting Machine Solve Some Kind Of Challenge Before Allowing Them To Send An Http Request. This Could Be A Captcha Or Something Similar That Works To Deter Bots.

Consequences

Consequence Information

Relationships

Parent CAPECs

Related ATT&CK Techniques

Service Exhaustion Flood

Iscriviti alla newsletter