Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >ATTACK
  3. >Impact
  4. >ATTACK-T1499.003
ATTACK-T1499.003Active

Application Exhaustion Flood

Statement

Adversaries may target resource intensive features of applications to cause a denial of service (DoS), denying availability to those applications. For example, specific features in web applications may be highly resource intensive. Repeated requests to those features may be able to exhaust system resources and deny access to the application or the server itself.(Citation: Arbor AnnualDoSreport Jan 2018)

Location

Tactic
Impact

Technique Details

Identifier
ATTACK-T1499.003
Parent Technique
ATTACK-T1499
ATT&CK Page
View on MITRE

Tactics

Impact

Platforms

WindowsIaaSLinuxmacOS

Detection

Application Exhaustion Flood Detection Across Platforms

Mitigations

Filter Network Traffic: Employ network appliances and endpoint software to filter ingress, egress, and lateral network traffic. This includes protocol-based filtering, enforcing firewall rules, and blocking or restricting traffic based on predefined conditions to limit adversary movement and data exfiltration. This mitigation can be implemented through the following measures:

Ingress Traffic Filtering:

  • Use Case: Configure network firewalls to allow traffic only from authorized IP addresses to public-facing servers.
  • Implementation: Limit SSH (port 22) and RDP (port 3389) traffic to specific IP ranges.

Egress Traffic Filtering:

  • Use Case: Use firewalls or endpoint security software to block unauthorized outbound traffic to prevent data exfiltration and command-and-control (C2) communications.
  • Implementation: Block outbound traffic to known malicious IPs or regions where communication is unexpected.

Protocol-Based Filtering:

  • Use Case: Restrict the use of specific protocols that are commonly abused by adversaries, such as SMB, RPC, or Telnet, based on business needs.
  • Implementation: Disable SMBv1 on endpoints to prevent exploits like EternalBlue.

Network Segmentation:

  • Use Case: Create network segments for critical systems and restrict communication between segments unless explicitly authorized.
  • Implementation: Implement VLANs to isolate IoT devices or guest networks from core business systems.

Application Layer Filtering:

  • Use Case: Use proxy servers or Web Application Firewalls (WAFs) to inspect and block malicious HTTP/S traffic.
  • Implementation: Configure a WAF to block SQL injection attempts or other web application exploitation techniques.
SP 800-53
SP800-53-AC-3relatedvia ctid-attack-to-sp800-53
SP800-53-AC-4relatedvia ctid-attack-to-sp800-53
SP800-53-CA-7relatedvia ctid-attack-to-sp800-53
SP800-53-CM-6relatedvia ctid-attack-to-sp800-53
SP800-53-CM-7relatedvia ctid-attack-to-sp800-53
View in graphReport an issue
← Back to Impact
Impact33 controls
ATTACK-T1485Data DestructionATTACK-T1485.001Lifecycle-Triggered DeletionATTACK-T1486Data Encrypted for ImpactATTACK-T1489Service StopATTACK-T1490Inhibit System RecoveryATTACK-T1491DefacementATTACK-T1491.001Internal DefacementATTACK-T1491.002External DefacementATTACK-T1495Firmware CorruptionATTACK-T1496Resource HijackingATTACK-T1496.001Compute HijackingATTACK-T1496.002Bandwidth HijackingATTACK-T1496.003SMS PumpingATTACK-T1496.004Cloud Service HijackingATTACK-T1498Network Denial of ServiceATTACK-T1498.001Direct Network FloodATTACK-T1498.002Reflection AmplificationATTACK-T1499Endpoint Denial of ServiceATTACK-T1499.001OS Exhaustion FloodATTACK-T1499.002Service Exhaustion FloodATTACK-T1499.003Application Exhaustion FloodATTACK-T1499.004Application or System ExploitationATTACK-T1529System Shutdown/RebootATTACK-T1531Account Access RemovalATTACK-T1561Disk WipeATTACK-T1561.001Disk Content WipeATTACK-T1561.002Disk Structure WipeATTACK-T1565Data ManipulationATTACK-T1565.001Stored Data ManipulationATTACK-T1565.002Transmitted Data ManipulationATTACK-T1565.003Runtime Data ManipulationATTACK-T1657Financial TheftATTACK-T1667Email Bombing