Resource exhaustion attack

Resource exhaustion attacks are computer security exploits that crash, hang, or otherwise interfere with the targeted program or system. They are a form of denial-of-service attack but are different from distributed denial-of-service attacks, which involve overwhelming a network host such as a web server with requests from many locations.[1]

Attack vectors

Resource exhaustion attacks generally exploit a software bug or design deficiency. In software with manual memory management (most commonly written in C or C++), memory leaks are a very common bug exploited for resource exhaustion. Even if a garbage collected programming language is used, resource exhaustion attacks are possible if the program uses memory inefficiently and does not impose limits on the amount of state used when necessary.

File descriptor leaks are another common vector. Most general-purpose programming languages require the programmer to explicitly close file descriptors, so even particularly high-level languages allow the programmer to make such mistakes.

Types and examples
gollark: That's basically what this does?
gollark: ```lualocal func_mt = {}debug.setmetatable(function() end, func_mt)function func_mt.__sub(lhs, rhs) return function(...) return lhs(rhs(...)) endendfunction func_mt.__add(lhs, rhs) return function(...) return rhs(lhs(...)) endend```
gollark: No clue what `..`, unary `-`, `/`, `*` or `^` should do.
gollark: `+` is right-to-left compose, `-` is left-to-right compose.
gollark: We could add that as their tostring method instead.

References
  1. Lindqvist, U.; Jonsson, E. (1997). "How to systematically classify computer security intrusions". Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097). pp. 154–163. doi:10.1109/SECPRI.1997.601330. ISBN 0-8186-7828-3.


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.