Resource Exhaustion
   HOME

TheInfoList



Click Here for Items Related To - Resource Exhaustion
OR:
Resource Exhaustion on:   [Wikipedia]   [Google]   [Amazon]

Resource exhaustion attacks are computer security exploits that
crash Crash or CRASH may refer to: Common meanings * Collision, an impact between two or more objects * Crash (computing), a condition where a program ceases to respond * Cardiac arrest, a medical condition in which the heart stops beating * Couch su ...
,
hang Hang or Hanging may refer to: People * Choe Hang (disambiguation), various people * Luciano Hang (born 1962/1963), Brazilian billionaire businessman * Ren Hang (disambiguation), various people Law * Hanging, a form of capital punishment Arts, e ...
, or otherwise interfere with the targeted program or system. They are a form of
denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...
but are different from ''distributed'' denial-of-service attacks, which involve overwhelming a network host such as a web server with requests from many locations.


Attack vectors

Resource exhaustion attacks generally exploit a software bug or design deficiency. In software with
manual memory management In computer science, manual memory management refers to the usage of manual instructions by the programmer to identify and deallocate unused objects, or garbage. Up until the mid-1990s, the majority of programming languages used in industry supp ...
(most commonly written in C or
C++ C++ (pronounced "C plus plus") is a high-level general-purpose programming language created by Danish computer scientist Bjarne Stroustrup as an extension of the C programming language, or "C with Classes". The language has expanded significan ...
),
memory leak In computer science, a memory leak is a type of resource leak that occurs when a computer program incorrectly manages memory allocations in a way that Computer memory, memory which is no longer needed is not released. A memory leak may also happe ...
s are a very common bug exploited for resource exhaustion. Even if a
garbage collected Garbage, trash, rubbish, or refuse is waste material that is discarded by humans, usually due to a perceived lack of utility. The term generally does not encompass bodily waste products, purely liquid or gaseous wastes, or toxic waste T ...
programming language is used, resource exhaustion attacks are possible if the program uses memory inefficiently and does not impose limits on the amount of state used when necessary.
File descriptor In Unix and Unix-like computer operating systems, a file descriptor (FD, less frequently fildes) is a process-unique identifier (handle) for a file or other input/output resource, such as a pipe or network socket. File descriptors typically have ...
leaks are another common
vector Vector most often refers to: *Euclidean vector, a quantity with a magnitude and a direction *Vector (epidemiology), an agent that carries and transmits an infectious pathogen into another living organism Vector may also refer to: Mathematic ...
. Most general-purpose programming languages require the programmer to explicitly close file descriptors, so even particularly high-level languages allow the programmer to make such mistakes.


Types and examples

*
Billion laughs In computer security, a billion laughs attack is a type of denial-of-service (DoS) attack which is aimed at parsers of XML documents. It is also referred to as an XML bomb or as an exponential entity expansion attack. Details The example attac ...
*
Fork bomb In computing, a fork bomb (also called rabbit virus or wabbit) is a denial-of-service attack wherein a process continually replicates itself to deplete available system resources, slowing down or crashing the system due to resource starvation. ...
*
Infinite loop In computer programming, an infinite loop (or endless loop) is a sequence of instructions that, as written, will continue endlessly, unless an external intervention occurs ("pull the plug"). It may be intentional. Overview This differs from: * ...
*
Local Area Network Denial Land, also known as dry land, ground, or earth, is the solid terrestrial surface of the planet Earth that is not submerged by the ocean or other body of water, bodies of water. It makes up 29% of Earth's surface and includes the Continent, co ...
(LAND) *
Pentium F00F bug The Pentium F00F bug is a design flaw in the majority of Intel Pentium, Pentium MMX, and Pentium OverDrive processors (all in the P5 microarchitecture). Discovered in 1997, it can result in the processor ceasing to function until the computer is ...
*
Ping of death A ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer. A correctly formed ping packet is typically 56 bytes in size, or 64 bytes when the Internet Control ...
*
Regular expression denial of service A regular expression denial of service (ReDoS) is an algorithmic complexity attack that produces a denial-of-service by providing a regular expression and/or an input that takes a long time to evaluate. The attack exploits the fact that many reg ...
(ReDoS)


References


External links


OWASP's wiki article on resource exhaustion
Denial-of-service attacks {{Computer-security-stub