Answer the question
In order to leave comments, you need to log in
What is the name of the attack when many parallel requests are sent (not DDOS)?
What is the name of the attack when many, many parallel requests are sent and, for example, some service is activated many times, because N requests together passed the "Is the service active?" check, and reached the "Activation" stage.
This is not ddos, but rather hits on a specific section of the site in order to get something several times.
For completeness, I found an example on Habré:
Let's say we are an online service that, in turn, uses some external paid API (service activation, paid content, or whatever you like), that is, our service itself pays money for using the API. The user in our system creates a request to activate the service, fills in all the fields and on the last page presses the button "Activate the service". That is, at the time of sending the HTTP request, we have a record in our database (a request to activate the service). What is our algorithm? - I ask and continue myself:
- we get the user's balance from the database;
- if the balance is enough, then pull the API;
- if everything is fine, then we write off the amount for the service from the balance, do an UPDATE, commit, otherwise we roll back;
- Reply to the user.
Everything seems to be trivial, but when I bring up the first and most obvious problem in the form of 10 competitive requests (that they all get the same balance at the beginning and start calling the API), the solutions begin to offer the most sophisticated ones, starting from performing 5 selects (I have to admit, I did not understand anything in this version), the use of auto-increment counters, external caches, new tables in the database, slips and still do not understand what.
Answer the question
In order to leave comments, you need to log in
This looks like exploiting Race Conditions in code.
I will not tell you the name of a specific attack, and I am not sure if it exists in principle.
Why not DOS then? This is just one of the variations: to flood the service with unnecessary requests to the point of denial of service for valid requests.
(D)DOS is not only about clogging the channel. The pool of serviced requests is also the target of this attack.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question