- Home
- Techniques
- Enterprise
- Endpoint Denial of Service
- Application or System Exploitation
Endpoint Denial of Service: Application or System Exploitation
Other sub-techniques of Endpoint Denial of Service (4)
ID | Name |
---|---|
T1499.001 | OS Exhaustion Flood |
T1499.002 | Service Exhaustion Flood |
T1499.003 | Application Exhaustion Flood |
T1499.004 | Application or System Exploitation |
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users. [1] Some systems may automatically restart critical applications and services when crashes occur, but they can likely be re-exploited to cause a persistent DoS condition.
Mitigations
Mitigation | Description |
---|---|
Filter Network Traffic |
Leverage services provided by Content Delivery Networks (CDN) or providers specializing in DoS mitigations to filter traffic upstream from services.[2] Filter boundary traffic by blocking source addresses sourcing the attack, blocking ports that are being targeted, or blocking protocols being used for transport. |
Detection
Attacks targeting web applications may generate logs in the web server, application server, and/or database server that can be used to identify the type of attack. Externally monitor the availability of services that may be targeted by an Endpoint DoS.