Nmap Development mailing list archives
Re: [NSE] http-slowloris
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Tue, 17 Jul 2012 17:04:33 +0200
That is odd, not sure what would cause it to hang forever. Will try to replicate this behavior and see what's up. Thanks, Aleksandar On Tue, Jul 17, 2012 at 4:55 PM, David Fifield <david () bamsoftware com> wrote:
On Mon, Jul 16, 2012 at 03:26:47PM +0200, Aleksandar Nikolic wrote:Hi all, I've just commited the last changes to this script and I think it's ready. As the name suggests, it performs a slowloris DoS attack against a http server. As the script requires quite a few active connections, in order for it to work you need to raise NSE's max parallelism setting by specifying a high --max-parallelism value. In my tests the appropriate value was 400 to 500, but the more the merrier.Nice work, Aleksandar. I found some surprising behavior when I kill the web server in the middle of the test. thttpd -p 8080 -D -l /dev/stdout ./nmap --script=http-slowloris --max-parallelism 400 localhost -p 8080 -d When I ctrl-C the server, I see a ton of these messages (with the "still remain" counter decrementing): NSE: MONITOR: (monitor on 127.0.0.1): Monitoring has shut down due to lack of response from the webserver. NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE: HALF_HTTP: : lost connection, 399 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE: HALF_HTTP: : lost connection, 398 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE: HALF_HTTP: : lost connection, 397 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! This goes on and on until finally: NSE: HALF_HTTP: : lost connection, -623 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE: HALF_HTTP: : lost connection, -624 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE: HALF_HTTP: : lost connection, -625 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE: HALF_HTTP: : lost connection, -626 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE Timing: About 99.90% done; ETC: 07:47 (0:00:00 remaining) NSE Timing: About 99.90% done; ETC: 07:47 (0:00:00 remaining) NSE Timing: About 99.90% done; ETC: 07:48 (0:00:00 remaining) And then it appears to hang forever. David Fifield
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-slowloris Aleksandar Nikolic (Jul 16)
- Re: [NSE] http-slowloris Gmail Gutek (Jul 16)
- Re: [NSE] http-slowloris Toni Ruottu (Jul 16)
- Re: [NSE] http-slowloris Aleksandar Nikolic (Jul 16)
- Re: [NSE] http-slowloris Arturo 'Buanzo' Busleiman (Jul 16)
- Re: [NSE] http-slowloris Toni Ruottu (Jul 16)
- Re: [NSE] http-slowloris Gmail Gutek (Jul 16)
- Re: [NSE] http-slowloris David Fifield (Jul 17)
- Re: [NSE] http-slowloris Aleksandar Nikolic (Jul 17)
- Message not available
- Re: [NSE] http-slowloris Aleksandar Nikolic (Jul 17)
- Re: [NSE] http-slowloris David Fifield (Jul 17)
- Re: [NSE] http-slowloris Aleksandar Nikolic (Jul 17)