Nmap Development mailing list archives
Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack
From: Gutek <ange.gutek () gmail com>
Date: Sat, 23 Apr 2011 17:18:38 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Here is an updated version with user-supplied arguments and Toni's suggestions about the output while attacking: - - Verbosity level 1, a status reminder - - Verbosity level 2, a real-time monitor Also the final script output has been modified accordingly. Sample : - -- Initiating NSE at 09:42 - -- NSE: http-slowloris(status reminder): target <ip> is still up... - -- NSE: http-slowloris(status reminder): (initial target response time is 263ms) - -- NSE: http-slowloris: 22 effective connections - -- NSE: http-slowloris(status reminder): target <ip> is still up... - -- NSE: http-slowloris(status reminder): HTTP stream started. - -- NSE: http-slowloris(status reminder): <ip> has slowed down by 290% - -- Verbosity Increased to 2. - -- NSE: http-slowloris(monitor): server has recovered its responsiveness (304ms). - -- NSE: http-slowloris(monitor): server slowing down by 367% (965ms). - -- NSE: http-slowloris: lost connection, 21 still remain - -- NSE: http-slowloris(monitor): server slowing down by 405% (1064ms). - -- NSE: http-slowloris: 22 effective connections - -- (...) - -- NSE: http-slowloris(monitor): server slowing down by 2418% (6359ms). - -- NSE: http-slowloris(monitor): server slowing down by 2418% (6359ms). - -- NSE: http-slowloris(monitor): DoS CONDITION REACHED ! server down. - -- 80/tcp open http syn-ack - -- | http-slowloris: Vulnerable: - -- | the DoS attack took <time> - -- | with <threads> concurrent connections - -- |_ and <queries> sent queries Happy Easter, A.G. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk2y7c0ACgkQ3aDTTO0ha7ikAwCfedhM2jcxUzAwa4acXwLdDOx7 sQMAniLW60dHaFu8lFyIgJJS6Yy5vG2t =1146 -----END PGP SIGNATURE-----
Attachment:
http-slowloris.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 10)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 10)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 23)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack David Fifield (Apr 29)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrik Karlsson (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Henri Doreau (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrik Karlsson (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (May 17)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (May 17)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 10)