MetaDraft

CAPEC-227Sustained Client Engagement

Abstraction
Meta
Status
Draft

Description

An adversary attempts to deny legitimate users access to a resource by continually engaging a specific resource in an attempt to keep the resource tied up as long as possible. The adversary's primary goal is not to crash or flood the target, which would alert defenders; rather it is to repeatedly perform actions or abuse algorithmic flaws such that a given resource is tied up and not available to a legitimate user. By carefully crafting a requests that keep the resource engaged through what is seemingly benign requests, legitimate users are limited or completely denied access to the resource.

Related weaknesses· 1

CWE-400

MITRE ATT&CK crosswalk· 1

T1499: Endpoint Denial of Service

Exploits1

TypeTargetConfidenceTier
WeaknessUncontrolled Resource Consumptioncwe-400100%live

Related to1

TypeTargetConfidenceTier
TechniqueEndpoint Denial of Servicet1499100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
HTTP Flood
CAPEC
Exploiting Trust in Client
CAPEC
SSL Flood
CAPEC
Obstruction
CAPEC
TCP Flood
CAPEC
Client-Server Protocol Manipulation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.