Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] http-slowloris-check

From: "Arturo 'Buanzo' Busleiman" <buanzo () buanzo com ar>
Date: Mon, 27 Aug 2012 13:02:09 -0300
In my testings, I've found some http security devices block the
script's requests because they consider the X-a header invalid.

Any chance of changing that? Reasons not to?

On an unrelated matter, current svn nmap rev 29762 is not cimpiling:

make[1]: *** No rule to make target `nmap_rpc.h', needed by `output.o'.  Stop.


make clean, ./configure, make, dies.


On Fri, Aug 24, 2012 at 6:20 AM, Aleksandar Nikolic
<nikolic.alek () gmail com> wrote:

The script has been merged into trunk as of 29657.

On 8/21/2012 9:34 PM, Arturo 'Buanzo' Busleiman wrote:

NICE, I'm glad you followed on my suggestion. Thank you so very much Aleksandar!

On Tue, Aug 21, 2012 at 4:25 PM, Aleksandar Nikolic
<nikolic.alek () gmail com> wrote:

Hi all,

I've written this more server friendly version of Slowloris DoS check.

It's pretty simple really. It makes two requests to the server, each
without the final CRLF. The second request differs from the first
in that it waits for 10 seconds and then sends additional header, as
slowloris attack would. Both requests then wait until they get a
connection reset from the server due to timeout.
On non-vulnerable servers, both requests should timeout at the same
time. If second request timeouts at least 10 seconds after the first, we
assume that it's timeout was prolonged by additional header and we
can therefore conclude that it is vulnerable to slowloris DoS attack.

Check the script and tell me what you think, I always welcome ideas
for improvements.

Aleksandar

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: