StandardDraft

CAPEC-490Amplification

Abstraction
Standard
Status
Draft

Description

An adversary may execute an amplification where the size of a response is far greater than that of the request that generates it. The goal of this attack is to use a relatively few resources to create a large amount of traffic against a target server. To execute this attack, an adversary send a request to a 3rd party service, spoofing the source address to be that of the target server. The larger response that is generated by the 3rd party service is then sent to the target server. By sending a large number of initial requests, the adversary can generate a tremendous amount of traffic directed at the target. The greater the discrepancy in size between the initial request and the final payload delivered to the target increased the effectiveness of this attack.

Related weaknesses· 1

CWE-770

MITRE ATT&CK crosswalk· 1

T1498.002: Network Denial of Service:Reflection Amplification

Related attack patterns· 1

CAPEC-125 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessAllocation of Resources Without Limits or Throttlingcwe-770100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueReflection Amplificationt1498.002100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Excessive Allocation
CAPEC
ICMP Flood
CAPEC
HTTP Flood
CAPEC
Traffic Injection
CAPEC
Flooding
CAPEC
SSL Flood
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.