CWE
Home > CWE List > CWE-406 Individual Dictionary Definition (Draft 9)   View the CWE List

CWE-406 Individual Dictionary Definition (Draft 9)

Network Amplification
Weakness ID
Status: Incomplete

406 (Weakness Base)

Description

Summary

The software fails to appropriately monitor or control transmitted network traffic volume such that the volume of traffic transmitted by each entity is commensurate with the entity's permissions. In the absence of a policy to restrict asymmetric resource consumption, the application or system cannot distinguish between legitimate transmissions and traffic intended to serve as an amplifying attack on target systems. Systems can often be configured to restrict the amount of traffic sent out on behalf of a client, based on the client's origin or access level. This is usually defined in a resource allocation policy. In the absence of a mechanism to keep track of transmissions, the system or application can be easily abused to transmit asymmetrically greater traffic than the request or client should be permitted to.

Potential Mitigations

An application must make network resources available to a client commensurate with the client's access level.

Define a clear policy for network resource allocation and consumption.

An application must, at all times, keep track of network resources and meter their usage appropriately.

Observed Examples
ReferenceDescription
CVE-1999-0513Smurf attack, spoofed ICMP packets to broadcast addresses.
CVE-1999-1379DNS query with spoofed source address causes more traffic to be returned to spoofed address than was sent by the attacker.
CVE-2000-0041Large datagrams are sent in response to malformed datagrams.
CVE-1999-1066Game server sends a large amount.
Context Notes

Spoofing is often a factor. Applications that use UDP are typically targeted, although this problem can exist in other protocols or contexts.

Network amplification, when performed with spoofing, is normally a multi-channel attack from attacker (acting as user) to amplifier, and amplifier to user.

Relationships
NatureTypeIDName
ChildOfWeakness ClassWeakness ClassWeakness Class405Asymmetric Resource Consumption (Amplification)
Source Taxonomies

PLOVER - Network Amplification

Applicable Platforms

All

Page Last Updated: April 22, 2008