CAPEC-147

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Draft MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Low Severity: Medium
XML Ping of the Death

Description

An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.

Prerequisites

The target must receive and process XML transactions.

Mitigations

Design: Build throttling mechanism into the resource allocation. Provide for a timeout mechanism for allocated resources whose transaction does not complete within a specified interval.

Implementation: Provide for network flow control and traffic shaping to control access to the resources.

Skills Required

[Low] To send small XML messages

[High] To use distributed network to launch the attack