Re: [nmap-svn] r30412 - nmap/scripts

[Rob Nicholls <robert () robnicholls co uk>]

Isn't the http-slowloris-check script a fairly safe one? The original http-slowloris script is the far more 
dangerous/never ending one? According to the NSE documentation, the "check" version:

"Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack.
...
This script opens two connections to the server, each without the final CRLF. After 10 seconds, second connection sends 
additional header. Both connections then wait for server timeout. If second connection gets a timeout 10 or more 
seconds after the first one, we can conclude that sending additional header prolonged it's timeout and that the server 
is vulnerable to slowloris DoS attack."

Rob

commit-mailer () nmap org wrote:

> Author: batrick
> Date: Sat Dec 15 16:18:13 2012
> New Revision: 30412
>
> Log:
> This script never ends and seeks to crash the web server... why was this categorized as safe??
>
>
> Modified:
>   nmap/scripts/http-slowloris-check.nse
>
> Modified: nmap/scripts/http-slowloris-check.nse
> ==============================================================================
> --- nmap/scripts/http-slowloris-check.nse      (original)
> +++ nmap/scripts/http-slowloris-check.nse      Sat Dec 15 16:18:13 2012
> @@ -53,7 +53,7 @@
>
> author = "Aleksandar Nikolic"
> license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
> -categories = {"vuln", "safe"}
> +categories = {"vuln", "intrusive"}
>
>
> portrule = shortport.http
>
> _______________________________________________
> Sent through the svn mailing list
> http://nmap.org/mailman/listinfo/svn
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/