Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] http-slowloris-check

From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Fri, 24 Aug 2012 11:20:32 +0200
The script has been merged into trunk as of 29657.

On 8/21/2012 9:34 PM, Arturo 'Buanzo' Busleiman wrote:

NICE, I'm glad you followed on my suggestion. Thank you so very much Aleksandar!

On Tue, Aug 21, 2012 at 4:25 PM, Aleksandar Nikolic
<nikolic.alek () gmail com> wrote:

Hi all,

I've written this more server friendly version of Slowloris DoS check.

It's pretty simple really. It makes two requests to the server, each
without the final CRLF. The second request differs from the first
in that it waits for 10 seconds and then sends additional header, as
slowloris attack would. Both requests then wait until they get a
connection reset from the server due to timeout.
On non-vulnerable servers, both requests should timeout at the same
time. If second request timeouts at least 10 seconds after the first, we
assume that it's timeout was prolonged by additional header and we
can therefore conclude that it is vulnerable to slowloris DoS attack.

Check the script and tell me what you think, I always welcome ideas
for improvements.

Aleksandar

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: