Esc
Service Exhaustion Flood - T1499.002
(ATT&CK® Technique)
Definition
Adversaries may target the different network services provided by systems to conduct a denial of service (DoS). Adversaries often target the availability of DNS and web services, however others have been targeted as well. Web server software can be attacked through a variety of means, some of which apply generally while others are specific to the software being used to provide the service.
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.
graph LR;
T1499002["Service Exhaustion Flood"] --> |produces| InboundInternetNetworkTraffic["Inbound Internet Network Traffic"]; class T1499002 OffensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode; click InboundInternetNetworkTraffic href "/dao/artifact/d3f:InboundInternetNetworkTraffic";
click T1499002 href "/offensive-technique/attack/T1499.002/"; click InboundInternetNetworkTraffic href "/dao/artifact/d3f:InboundInternetNetworkTraffic"; Client-serverPayloadProfiling["Client-server Payload Profiling"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
Client-serverPayloadProfiling["Client-server Payload Profiling"] -.->
| may-detect | T1499002["Service Exhaustion Flood"] ;
class Client-serverPayloadProfiling DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click Client-serverPayloadProfiling href "/technique/d3f:Client-serverPayloadProfiling"; ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
ProtocolMetadataAnomalyDetection["Protocol Metadata Anomaly Detection"] -.->
| may-detect | T1499002["Service Exhaustion Flood"] ;
class ProtocolMetadataAnomalyDetection DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click ProtocolMetadataAnomalyDetection href "/technique/d3f:ProtocolMetadataAnomalyDetection"; RemoteTerminalSessionDetection["Remote Terminal Session Detection"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
RemoteTerminalSessionDetection["Remote Terminal Session Detection"] -.->
| may-detect | T1499002["Service Exhaustion Flood"] ;
class RemoteTerminalSessionDetection DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click RemoteTerminalSessionDetection href "/technique/d3f:RemoteTerminalSessionDetection"; NetworkTrafficSignatureAnalysis["Network Traffic Signature Analysis"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
NetworkTrafficSignatureAnalysis["Network Traffic Signature Analysis"] -.->
| may-detect | T1499002["Service Exhaustion Flood"] ;
class NetworkTrafficSignatureAnalysis DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click NetworkTrafficSignatureAnalysis href "/technique/d3f:NetworkTrafficSignatureAnalysis"; PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
PerHostDownload-UploadRatioAnalysis["Per Host Download-Upload Ratio Analysis"] -.->
| may-detect | T1499002["Service Exhaustion Flood"] ;
class PerHostDownload-UploadRatioAnalysis DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click PerHostDownload-UploadRatioAnalysis href "/technique/d3f:PerHostDownload-UploadRatioAnalysis"; UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
UserGeolocationLogonPatternAnalysis["User Geolocation Logon Pattern Analysis"] -.->
| may-detect | T1499002["Service Exhaustion Flood"] ;
class UserGeolocationLogonPatternAnalysis DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click UserGeolocationLogonPatternAnalysis href "/technique/d3f:UserGeolocationLogonPatternAnalysis"; NetworkTrafficFiltering["Network Traffic Filtering"] -->
| filters | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
NetworkTrafficFiltering["Network Traffic Filtering"] -.->
| may-isolate | T1499002["Service Exhaustion Flood"] ;
class NetworkTrafficFiltering DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click NetworkTrafficFiltering href "/technique/d3f:NetworkTrafficFiltering"; InboundSessionVolumeAnalysis["Inbound Session Volume Analysis"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
InboundSessionVolumeAnalysis["Inbound Session Volume Analysis"] -.->
| may-detect | T1499002["Service Exhaustion Flood"] ;
class InboundSessionVolumeAnalysis DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click InboundSessionVolumeAnalysis href "/technique/d3f:InboundSessionVolumeAnalysis"; NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] -->
| analyzes | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
NetworkTrafficCommunityDeviation["Network Traffic Community Deviation"] -.->
| may-detect | T1499002["Service Exhaustion Flood"] ;
class NetworkTrafficCommunityDeviation DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click NetworkTrafficCommunityDeviation href "/technique/d3f:NetworkTrafficCommunityDeviation"; InboundTrafficFiltering["Inbound Traffic Filtering"] -->
| filters | InboundInternetNetworkTraffic["Inbound Internet Network Traffic"];
InboundTrafficFiltering["Inbound Traffic Filtering"] -.->
| may-isolate | T1499002["Service Exhaustion Flood"] ;
class InboundTrafficFiltering DefensiveTechniqueNode;
class InboundInternetNetworkTraffic ArtifactNode;
click InboundTrafficFiltering href "/technique/d3f:InboundTrafficFiltering";