Scribd
Upload
39 views6 pages

Slow Loris by Hariom Patidar

The document discusses a Slowloris attack which is a denial of service attack that aims to exhaust a server's resources by keeping HTTP connections open. It works by opening multiple connections and sending partial requests to prevent timeouts. The attack occurs in 4 steps and can be mitigated by limiting connections, transfer speeds and connection times from individual IP addresses.

Uploaded by

amoghraje20
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
39 views6 pages

Slow Loris by Hariom Patidar

The document discusses a Slowloris attack which is a denial of service attack that aims to exhaust a server's resources by keeping HTTP connections open. It works by opening multiple connections and sending partial requests to prevent timeouts. The attack occurs in 4 steps and can be mitigated by limiting connections, transfer speeds and connection times from individual IP addresses.

Uploaded by

amoghraje20
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

CASE STUDY OF SLOW-LORIS ATTACK

What is Slowloris?
Slowloris is basically an HTTP Denial of Service attack that affects threaded
servers. It works like this:

1. We start making lots of HTTP requests.


2. We send headers periodically (every ~15 seconds) to keep the connections
open.
3. We never close the connection unless the server does so. If the server closes a
connection, we create a new one keep doing the same thing.

This exhausts the servers thread pool and the server can't reply to other people.

HOW DOES A SLOWLORIS ATTACK


WORK?
Slowloris is an application layer attack which operates by utilizing partial HTTP
requests. The attack functions by opening connections to a targeted Web server and
then keeping those connections open as long as it can.
Slowloris is not a category of attack but is instead a specific attack tool designed to
allow a single machine to take down a server without using a lot of bandwidth.
Unlike bandwidth-consuming reflection-based DDoS attacks such as NTP
amplification, this type of attack uses a low amount of bandwidth, and instead aims
to use up server resources with requests that seem slower than normal but otherwise
mimic regular traffic. It falls in the category of attacks known as “low and slow”
attacks. The targeted server will only have so many threads available to handle
concurrent connections. Each server thread will attempt to stay alive while waiting for
the slow request to complete, which never occurs. When the server’s maximum
possible connections has been exceeded, each additional connection will not be
answered and denial-of-service will occur.

A SLOWLORIS ATTACK OCCURS IN 4 STEPS:

1. The attacker first opens multiple connections to the targeted server by sending multiple
partial HTTP request headers.

2. The target opens a thread for each incoming request, with the intent of closing the
thread once the connection is completed. In order to be efficient, if a connection takes
too long, the server will timeout the exceedingly long connection, freeing the thread up
for the next request.

3. To prevent the target from timing out the connections, the attacker periodically sends
partial request headers to the target in order to keep the request alive. In essence
saying, “I’m still here! I’m just slow, please wait for me.”

4. The targeted server is never able to release any of the open partial connections while
waiting for the termination of the request. Once all available threads are in use, the
server will be unable to respond to additional requests made from regular traffic,
resulting in denial-of-service.

The key behind a Slowloris is its ability to cause a lot of trouble with very little
bandwidth consumption.
HOW IS A SLOWLORIS ATTACK
MITIGATED?
For web servers that are vulnerable to Slowloris, there are ways to mitigate some of
the impact. Mitigation options for vulnerable servers can be broken down into 3
general categories:

1. Increase server availability - Increasing the maximum number of clients the server will
allow at any one time will increase the number of connections the attacker must make
before they can overload the server. Realistically, an attacker may scale the number of
attacks to overcome server capacity regardless of increases.

2. Rate limit incoming requests - Restricting access based on certain usage factors will
help mitigate a Slowloris attack. Techniques such as limiting the maximum number of
connections a single IP address is allowed to make, restricting slow transfer speeds, and
limiting the maximum time a client is allowed to stay connected are all approaches for
limiting the effectiveness of low and slow attacks.

3. Cloud-based protection - Use a service that can function as a reverse proxy, protecting
the origin server

WHAT IS THE BEST WAY TO STOP A SLOWLORIS ATTACK?

Slow-loris attacks can be mitigated by:

 Limiting the number of connections a single IP address may


request to open.

 Increasing the minimum transfer speed allowed for any


connection.

 Limiting the time a client is allowed to stay connected.

 Increasing the maximum number of clients the server will


allow.

 Deploying robust cloud mitigation services, configuring robust


load balancers, using web application firewalls (WAFs) or
other virtual patching techniques, and rate-limiting the number
of requests per source.

INSTALL SLOWLORIS ATTACK?

BY PERFORMING THIS STEP U CAN PERFORM A


SLOWLORIS ATTACK

1. Check weather the python is or not

2. Then install slowloris with the command


3. Check whether the slowloris is installed or not ??

4. Now download and install the Xamp Control Panel server

5. Now Perform Slowloris attack

You might also like