HOME

TheInfoList



Click Here for Items Related To - Resource Exhaustion Attack
OR:
Resource Exhaustion Attack on:   [Wikipedia]   [Google]   [Amazon]

Resource exhaustion attacks are computer security exploits that
crash Crash or CRASH may refer to: Common meanings * Collision, an impact between two or more objects * Crash (computing), a condition where a program ceases to respond * Cardiac arrest, a medical condition in which the heart stops beating * Couch su ...
, hang, or otherwise interfere with the targeted program or system. They are a form of
denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...
but are different from ''distributed'' denial-of-service attacks, which involve overwhelming a network host such as a web server with requests from many locations.


Attack vectors

Resource exhaustion attacks generally exploit a software bug or design deficiency. In software with
manual memory management In computer science, manual memory management refers to the usage of manual instructions by the programmer to identify and deallocate unused objects, or garbage. Up until the mid-1990s, the majority of programming languages used in industry supp ...
(most commonly written in C or C++), memory leaks are a very common bug exploited for resource exhaustion. Even if a garbage collected programming language is used, resource exhaustion attacks are possible if the program uses memory inefficiently and does not impose limits on the amount of state used when necessary.
File descriptor In Unix and Unix-like computer operating systems, a file descriptor (FD, less frequently fildes) is a process-unique identifier (handle) for a file or other input/output resource, such as a pipe or network socket. File descriptors typically have ...
leaks are another common vector. Most general-purpose programming languages require the programmer to explicitly close file descriptors, so even particularly high-level languages allow the programmer to make such mistakes.


Types and examples

* Billion laughs * Fork bomb * Infinite loop * Local Area Network Denial (LAND) * Pentium F00F bug * Ping of death *
Regular expression denial of service A regular expression denial of service (ReDoS) is an algorithmic complexity attack that produces a denial-of-service by providing a regular expression and/or an input that takes a long time to evaluate. The attack exploits the fact that many reg ...
(ReDoS)


References


External links


OWASP's wiki article on resource exhaustion
Denial-of-service attacks {{Computer-security-stub