Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] http-slowloris

From: Toni Ruottu <toni.ruottu () iki fi>
Date: Mon, 16 Jul 2012 17:24:07 +0300
Thanks go to both of you. It is nice to see good work taken forward.
Also, one more reason to like nmap irc meetings. With enough people
present at once it seems to be a lot easier to plan script
development.

On Mon, Jul 16, 2012 at 4:59 PM, Gmail Gutek <ange.gutek () gmail com> wrote:

Hi Aleksandar,
You don't know how happy I am that you could achieve this work I've started many monthes ago ! I had this project at 
heart but this was maybe too big a piece of meat for my skills. It needed someone like you to relay on this project 
and I really want to thank you for this achievement.
As some of you may have noticed (or not...) I am rather inactive since... Well, a long time now. There are some 
battles we can't win in this life. I won't develop this private point but I just wanted to say that those simple 
things like a project finaly led to its terms, can bring someone, somewhere, some shine and courage even if you did 
not imagine that.

Thanks and congrats to you, Aleksandar, and to all of you Nmap devs.

Ange Gutek

--
Sent from my Ithing

Le 16 juil. 2012 à 15:26, Aleksandar Nikolic <nikolic.alek () gmail com> a écrit :


Hi all,

I've just commited the last changes to this script
and I think it's ready.

As the name suggests, it performs a slowloris DoS attack against a
http server.

As the script requires quite a few active connections, in order
for it to work you need to raise NSE's max parallelism setting
by specifying a high --max-parallelism value.
In my tests the appropriate value was 400 to 500, but the more
the merrier.

If you wish to actually test the script I suggest to set up
apache server (I've used latest version in ubuntu for my tests).
Do note that latest Apache version is not vulnerable, module
mod_reqtimeout prevents this attack , so you need to disable it.
mod_reqtimeout is enabled by default on all recent Apache instances
as far as I can tell.
Also, in order to test the server against an actual slowloris attack,
you should raise the MaxClients option for the Apache to some
large value (larger than what you are using for --max-parallelism).

By default, the script will run until it detects that the server is
unavailable (it runs a thread that acts like a monitor that tries to get
a reply from the server every 10 seconds and if it doesn't get a reply
4 times in a row, we consider the attack a success) or until the timeout
runs out (30 minutes by default (timelimit option)).

There's also an option to run the script forever (runforever option) which
when set, will run the attack indefinitely.

I'm attaching the script, so take a look and please share any ideas
or improvements.

Thanks to everyone who helped debug an issue with assert failure
due to sleep()ing threads.


Aleksandar
<http-slowloris.nse>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: