CPU Starvation Attacks

From the attacker's point of view, the object of a CPU starvation attack is to get your application to get stuck in a tight loop doing expensive calculations. For example, an attacker might issue multiple checkout requests to your Web site, exceeding system capacity. At that rate, your server will run out of CPU capacity in a very short time.

To mitigate CPU starvation attacks, you may partition the checkout servers and throttle the requests on the checkout servers. To do this, you direct checkouts to http://checkout.<mystore.com> in the links and place an IIS request throttle on that site.

Copyright © 2005 Microsoft Corporation.
All rights reserved.