Slowloris is a type of denial of service attack tool which allows a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports.
It tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to, but never completing, the request. Affected servers will keep these connections open, filling their concurrent connection pool, eventually denying additional connection attempts from clients.
The program was names after slow loris, a group of primates which are known for their slow movement.
Because Slowloris exploits problems handling thousands of connections, the attack has less of an effect on servers that handle large numbers of connections well. Proxying servers and caching accelerators such as nginx have been recommended to mitigate this particular kind of attack.
Mitigations against a slowloris attack include: increasing the maximum number of clients the server will allow, limiting the number of connections a single IP address is allowed to make, imposing restrictions on the minimum transfer speed a connection is allowed to have, and restricting the length of time a client is allowed to stay connected. Other mitigating techniques involve setting up reverse proxies, firewalls, load balancers, or content switches.
Are you sure you want to delete this article section? You can not undo this change.
Add a Comment
Annotate Article
Share Article
Successfully copied article URL to clipboard!
Something went wrong copying the article URL to the clipboard.
Successfully copied editor state to clipboard!
A previous, saved version of this article is saved. To compare the current version of the article with the previous version - or to replace the current version with the saved version - click the icon above the text editor.
Successfully copied URL to clipboard!
Copied code to clipboard.
Copied TeX code to clipboard.
Uploaded file must be an image of type .jpeg, .jpg, .png, .webp, .gif, .bmp, or .svg.
Image Size must be less than 5MB.
Uploaded file must be an image of type jpeg, jpg, png, webp, avif, tiff, or svg.
Something went wrong uploading the image to the database. Try reloading the page.
The maximum number of images you can upload is 30.
There was an error taking an image using the device's camera. Try uploading an image instead.
Uploaded file must be an audio file.
Audio file must be an audio file of type .m4a, .flac, .mp3, .mp4, .wav, .wma, .aac, .webm, or .mpeg.
Audio file must be less than 300 MB in size.
Something went wrong uploading the audio file. Try reloading the page.
The maximum number of audio files you can upload is 10.
There was an error capturing an audio recording using the device's microphone. Try uploading an audio recording or video instead.
Uploaded file must be an video file.
Video file must be an audio file of type .mp4, .mov, .avi, .wmv, .avchd, .webm, or .flv.
Video file must be less than 300 MB in size.
Something went wrong uploading the video file. Try reloading the page.
The maximum number of video files you can upload is 10.
There was an error taking a video using the device's camera / microphone. Try uploading a video instead.
Comments
You have to be logged in to add a comment
User Comments
There are currently no comments for this article.