slowloris

I want to learn more about the slowloris cyber attack because I cam across it when reading the Node.js documentation and I want to know more about it.

Date Created:
0 74

References



Notes


Slowloris is a type of denial of service attack tool which allows a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports.

It tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to, but never completing, the request. Affected servers will keep these connections open, filling their concurrent connection pool, eventually denying additional connection attempts from clients.

The program was names after slow loris, a group of primates which are known for their slow movement.

Because Slowloris exploits problems handling thousands of connections, the attack has less of an effect on servers that handle large numbers of connections well. Proxying servers and caching accelerators such as nginx have been recommended to mitigate this particular kind of attack.

Mitigations against a slowloris attack include: increasing the maximum number of clients the server will allow, limiting the number of connections a single IP address is allowed to make, imposing restrictions on the minimum transfer speed a connection is allowed to have, and restricting the length of time a client is allowed to stay connected. Other mitigating techniques involve setting up reverse proxies, firewalls, load balancers, or content switches.



You can read more about how comments are sorted in this blog post.

User Comments