Skip to content. | Skip to navigation

{Computer Science}

Sections

Personal tools

You are here: Home → Subsections → Network Security → News → Slowloris HTTP DoS

« November 2009 »

Log in: Login Name

Password

Cookies are not enabled. You must enable cookies before you can log in.; Forgot your password?; New user?

Slowloris HTTP DoS

A low-bandwidth DoS attack which many webservers are vulnerable to has been released.

"Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing. In this way webservers can be quickly tied up. In particular, servers that have threading will tend to be vulnerable, by virtue of the fact that they attempt to limit the amount of threading they'll allow."

Source - http://ha.ckers.org/slowloris/

There is also a Slashdot discussion on the topic here: http://it.slashdot.org/story/09/06/19/1243203/Attack-On-a-Significant-Flaw-In-Apache-Released

Document Actions

NetSec News: Man-In-the-Middle Vulnerability For SSL and TLS Nov 05, 2009; Widespread Linux bug may give root access Nov 04, 2009; PayPal Null-Prefix SSL Certificate Oct 06, 2009; Linux webserver botnet pushes malware Sep 12, 2009; Military set to lay out $42M to develop advanced network prioritization, security technology Sep 01, 2009; More…

Main News: EWU systems down for upgrade Nov 06, 2009; Server Maintenance Oct 08, 2009; CS Welcome Back BBQ - Fall 2009 Sep 29, 2009; More…

Upcoming Events: Colloquium F09-7: Santanu Chaudhuri CEB 204,
Nov 13, 2009; Colloquium F09-8: Rebecca Long CEB 204,
Nov 20, 2009; Previous events…; Upcoming events…

News: EWU systems down for upgrade Nov 06, 2009; Man-In-the-Middle Vulnerability For SSL and TLS Nov 05, 2009; Widespread Linux bug may give root access Nov 04, 2009; Graduate Studies - Fall Quarter 2009 - Newsletter Oct 30, 2009; Trojan Kill Switches In Military Technology Oct 28, 2009; Image Recognition Neural Networks, Open Sourced Oct 12, 2009; More news…