Nmap Development mailing list archives
Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Mon, 23 May 2011 01:36:06 +0300
Thank you. This was useful analyses. On Mon, May 23, 2011 at 12:35 AM, Gutek <ange.gutek () gmail com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 22/05/2011 16:27, Toni Ruottu a écrit :Can we/did you do performance testing to compare this with original slowloris? Maybe just running both a couple of times against the same target, and comparing the times, would do.Hard to say. Besides they obviousy share the same core principle, they work differently mainly because of the monitoring function in the nse version. This monitoring function aims to stop the attack when it seems to be successfull but it doesn't give the exact moment the webserver is down: it's a matter of timeouts and sockets dying. The original perl script is blind and attacks "forever". The original perl script also proposes some "expert" tuning options that are not implemented in the nse (delay between concurrent connections, timeout measurement to feed "on the edge" during the attack, etc.). Against specific targets they make the original script obviously more efficient, but I think a nse script doesn't need them : we are in the case where a proper third party tool is better than a complex nmap command line with a bunch of script-args. If I would have to give a comparison, I would say that, like most of the nse scripts, the original tool is better for a specific attack and the nse version is more usefull to test and report a potential issue. A.G. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk3ZgaEACgkQ3aDTTO0ha7iRrQCeIuvmuJ5ac9eysZykw3rpFIBX du8An099VpuQbFLXrTsKdfKSnw2e33m4 =yjvq -----END PGP SIGNATURE-----
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack, (continued)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrik Karlsson (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Henri Doreau (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrik Karlsson (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (May 17)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (May 17)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (May 22)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (May 22)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (May 22)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (May 22)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrick Donnelly (May 23)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrick Donnelly (May 01)