[ISN] New Denial-Of-Service Attack Cripples Web Servers By Reading Slowly

From: InfoSec News <alerts_at_private>
Date: Fri, 6 Jan 2012 03:20:59 -0600 (CST)

By Kelly Jackson Higgins
Dark Reading
Jan 05, 2012

A researcher today published proof-of-concept code that takes a 
different spin on the slow HTTP denial-of-service (DoS) attack simply by 
dragging out the process of reading the server's response -- and 
ultimately overwhelming it.

Sergey Shekyan, senior software engineer with Qualys, also has added 
this new so-called Slow Read attack to his open-source slowhttptest 

Slow Read basically sends a legitimate HTTP request and then very slowly 
reads the response, thus keeping as many open connections as possible 
and eventually causing a DoS.

Shekyan's Slowhttptest attack tool initially was inspired by related 
open-source tools Slowloris and OWASP's Slow HTTP Post. Slowloris keeps 
connections open by sending partial HTTP requests and sends headers at 
regular intervals to prevent the sockets from closing, while the Slow 
HTTP POST distributed DoS (DDoS) tool simulates an attack using POST 
headers with a legitimate "content-length" field that lets the Web 
server know how much data is arriving. Once the headers are sent, the 
POST message body is transmitted slowly, thus gridlocking the connection 
and server resources.


Did a friend send you this article? Make it your
New Year's Resolution to subscribe to InfoSec News!
Received on Fri Jan 06 2012 - 01:20:59 PST

This archive was generated by hypermail 2.2.0 : Fri Jan 06 2012 - 01:26:05 PST