Nmap Development mailing list archives
Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack
From: Henri Doreau <henri.doreau () greenbone net>
Date: Fri, 17 Jun 2011 18:54:59 +0200
2011/6/12 Gutek <ange.gutek () gmail com>:
So where do I put the global cursor ? This would require asking the user about the presumed weakness of his server. For example, if he considers it "weak", then a 10 minutes max attack would be sufficient to state about this vulnerability. But if he considers it "strong", the script would have to run maybe a day long to be sure. But this means defining "weak" and "strong" in terms of numbers. Not speaking about "blind" conditions when testing an unkown target. On the other hand I agree that the attack can not last for ever. I just can't say "how" (in fact, "when") stop it.
Ok, as you understood I meant "give up if the server is still alive". The attack will reach a stable state (max number of alive connections) after a while. Wouldn't that make sense to give up and consider that the server is not vulnerable if the target is still alive at this point? It wouldn't mean that the target is not vulnerable to slowloris attacks, but it not with the selected --max-parallelism/MAX_ATTACK_THREADS combo.
don't know why, but this famous quote comes to my mind "This is not mission difficult, Mr. Hunt, it's mission impossible" :) A.G.
Actually I think that our Ethan Hunt (Patrik Karlsson) got it right, if you wait for all the worker threads to be done before you exit the main thread you get rid of that error. Can you fix this? (there is an example in stdnse.new_thread documentation). Regards. -- Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Ange Gutek (Jun 03)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Henri Doreau (Jun 10)
- Message not available
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Henri Doreau (Jun 10)
- Message not available
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrick Donnelly (Jun 11)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Jun 12)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrik Karlsson (Jun 12)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Henri Doreau (Jun 17)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Henri Doreau (Jun 10)
- <Possible follow-ups>
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Ron (Jun 17)