Nmap Development mailing list archives
Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack
From: Gutek <ange.gutek () gmail com>
Date: Thu, 14 Apr 2011 19:11:07 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 14/04/2011 18:31, Toni Ruottu a écrit :
Also, you mention some todo items in the comments. Are these still relevant. Do you just want some light testing and feedback before final polish, or is this still more like an early prototype?
Indeed, there are still some todos like adding some options but that's not a big deal, so you've exactly spotted my feeling: waiting for potential feedbacks and features expectations.
You are saying that performing the attack takes a long time. Slowloris site links a video where Sam Bowne demonstrates the attack in front of live audience, and it takes seconds rather than days. Is the nmap script different, or is it a server-side thing?
It's server-side related. For a demo purpose, Sam did the same I do : testing against a weakened target that can't handle an heavy load. As you can see in my Output sample, the script just takes a matter of minutes to drain the server out of ressources. But in the real world there are many mechanisms that work like an immune system fighting against the attack : smart webserver configurations that limit a given client's queries, load balancers, any filtering system, pending sessions held by legitimate users that (like Sam said) the Slowloris attack has to wait for their release etc.
I am just asking these additional questions, so we could look at this more efficiently while you are away. Have a good time abroad.
Thank you ! off topic, but I'll have to give courses, analysis and presentations to something like 400 attendees and I must admit that I'm a bit afraid... A.G. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk2nKqsACgkQ3aDTTO0ha7hdfACdEBHNszE8N/JlNtofayiT9JuH DpoAn2V8UqUGF4V1e9SsFATy4UN9EkJb =UP3e -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 10)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 10)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 23)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack David Fifield (Apr 29)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrik Karlsson (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Henri Doreau (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrik Karlsson (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (May 17)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 10)