Resource exhaustion attack

Resource exhaustion attacks are computer security exploits that crash, hang, or otherwise interfere with the targeted program or system. They are a form of denial-of-service attack but are different from distributed denial-of-service attacks, which involve overwhelming a network host such as a web server with requests from many locations.^[1]

Attack vectors

Resource exhaustion attacks generally exploit a software bug or design deficiency. In software with

garbage collected

programming language is used, resource exhaustion attacks are possible if the program uses memory inefficiently and does not impose limits on the amount of state used when necessary.

vector

. Most general-purpose programming languages require the programmer to explicitly close file descriptors, so even particularly high-level languages allow the programmer to make such mistakes.

Types and examples

Billion laughs
Fork bomb
Infinite loop
Local Area Network Denial
(LAND)
Pentium F00F bug
Ping of death
Regular expression denial of service
(ReDoS)

References

S2CID 15505851
.

External links

OWASP's wiki article on resource exhaustion

Daniel J. Bernstein on resource exhaustion

This computer security article is a stub. You can help Wikipedia by expanding it.
v
t
e

Retrieved from "https://en.wikipedia.org/w/index.php?title=Resource_exhaustion_attack&oldid=1194164709"

[LindqvistJonsson1997-1] S2CID 15505851
.

[1]