Nmap Development mailing list archives

Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack

From: Gutek <ange.gutek () gmail com>
Date: Sat, 23 Apr 2011 17:18:38 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Here is an updated version with user-supplied arguments and Toni's
suggestions about the output while attacking:
- - Verbosity level 1, a status reminder
- - Verbosity level 2, a real-time monitor

Also the final script output has been modified accordingly.

Sample :
- -- Initiating NSE at 09:42                                          
- -- NSE: http-slowloris(status reminder): target <ip> is still up...
- -- NSE: http-slowloris(status reminder): (initial target response time
is 263ms)
- -- NSE: http-slowloris: 22 effective
connections                               
- -- NSE: http-slowloris(status reminder): target <ip> is still up...
- -- NSE: http-slowloris(status reminder): HTTP stream started.
- -- NSE: http-slowloris(status reminder): <ip> has slowed down by 290%
- -- Verbosity Increased to 2.                                        
- -- NSE: http-slowloris(monitor): server has recovered its
responsiveness (304ms).
- -- NSE: http-slowloris(monitor): server slowing down by 367%
(965ms).           
- -- NSE: http-slowloris: lost connection, 21 still
remain                        
- -- NSE: http-slowloris(monitor): server slowing down by 405%
(1064ms).          
- -- NSE: http-slowloris: 22 effective
connections                                
- -- (...)                        
- -- NSE: http-slowloris(monitor): server slowing down by 2418%
(6359ms).         
- -- NSE: http-slowloris(monitor): server slowing down by 2418% (6359ms).
- -- NSE: http-slowloris(monitor): DoS CONDITION REACHED ! server down.
- -- 80/tcp  open   http    syn-ack
- -- |  http-slowloris: Vulnerable:
- -- |  the DoS attack took <time>
- -- |  with <threads> concurrent connections
- -- |_ and <queries> sent queries

Happy Easter,

A.G.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk2y7c0ACgkQ3aDTTO0ha7ikAwCfedhM2jcxUzAwa4acXwLdDOx7
sQMAniLW60dHaFu8lFyIgJJS6Yy5vG2t
=1146
-----END PGP SIGNATURE-----

Attachment: http-slowloris.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 10)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 10)
  - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 14)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 14)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 14)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 14)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 23)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack David Fifield (Apr 29)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 30)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrik Karlsson (Apr 30)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Henri Doreau (Apr 30)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrik Karlsson (Apr 30)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (May 17)
    - Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (May 17)

(Thread continues...)