General Information

Referral Flood of Trusted Entities

Variants:
Direct 

Also Known As:
WS-Addressing Spoofing - Variant, Anti-DDoS Service Abuse for Blocking Trusted Entities

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Anti-DDoS, Secure Design

Invented In:
01/01/1999

Added In:
30/12/2014


Vector Operation Method:
A denial of service attack in which the attacker causes 3rd party entities or servers which are trusted by the target web site to perform the denial of service on his behalf, through redirection instructions and other means. Attacking the system through trusted entities may disrupt the protection offered by anti-DDoS solutions, or even worse - cause them to lock crucial trusted entities.


Direct Variant:

Request Flood of Trusted Entities

Variant Title:
Request Flood of Trusted Entities

Typical Severity:
Medium

Resources:

White Papers:

Learn More: