« Previous 1 2
Denial of service defense
Putting On the Brakes
Bombs Away
To carry out an initial test with Slowloris, type the command
python3 slowloris.py example.com
Don't forget to change the domain name from example.com to the domain you want to test in your own environment. Of course, you can customize Slowloris with a number of parameters (e.g., relating to the test intensity and type of attack). For example, you can change the number of open connections or the duration between transmitting individual headers and other factors. As you can see, you can work around the defenses deployed on the servers – provided you know the values you set on the servers.
For example, if you want to launch an attack with 5,000 connections, you would call Slowloris with the -s 5000 option. The following call launches an attack against a TLS-protected server on port 443:
python3 slowloris.py example.com -s 5000 --https -p 8443
You might notice a remarkable effect of the Apache configuration at this point: If you have not changed any settings there, you should not be able to open even 1,000 simultaneous connections, because that is the default value for the available connections in Apache. The number of available processes per threads and, in turn, the number of available connections are used up before you reach this limit, which means that legitimate users can no longer reliably connect to the web server until you terminate the above command.
Conclusions
The Slowloris example in this article shows how easy it is to carry out a denial-of-service attack (Table 1) and how you can protect your web server against this attack. If you discover a vulnerability in one of your web servers, no matter how small the effect might seem at first glance, you need to define and roll out possible countermeasures without delay.
Table 1
Known Denial-of-Service Attacks
| Type of Attack | Description | Resource consumption | DoS/DDoS* |
|---|---|---|---|
| Volume-based attacks | Flood the network with traffic to overload the bandwidth. | Network bandwidth | DDoS |
| UDP/ICMP flooding | Send a large number of UDP/ICMP packets to overload the target system. | Network bandwidth, CPU | DDoS |
| SYN flooding | Send a large number of SYN requests without completing the handshake to block connections. | Network resources, memory | DDoS |
| Ping of death | Send oversized or fragmented ping packets that cause the target system to crash. | Network bandwidth, memory | DoS |
| Slowloris | Keep HTTP connections open because of slow transmission of header data to reach the maximum connection limit. | Server connections, memory | DoS |
| HTTP slow POST/RUDY | Send very slow POST data to bind server resources. | Server connections, CPU, RAM | DoS |
| Reflection | Send requests to third-party servers with a spoofed sender address so that the responses flood the victim. | Network bandwidth | DDoS |
| Amplification | Exploit open servers (DNS, NTP, SSDP) to flood the victim's bandwidth with large volumes of data. | Network bandwidth | DDoS |
| *DoS, denial of service; DDoS, distributed denial of service; UDP, User Datagram Protocol; ICMP, Internet Control Message Protocol; RUDY, R U dead yet; DNS, domain name system; NTP, Network Time Protocol; SSDP, Simple Service Discovery Protocol. | |||
Infos
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Can Your Server Be Toppled with a Single Command?
The common Apache benchmarking tool known as ab can carry off a highly effective DoS attack if you're not prepared for it.
-
Distributed denial of service attacks from and against the cloud
In some particularly sophisticated DDoS attacks, the attackers rely on and target the cloud, allowing attackers to work around conventional defense mechanisms. We explain how a DDoS attack in the cloud works, and how you can defend against it. -
Denial of Service in the Cloud
In some particularly sophisticated DDoS attacks, the attackers rely on and target the cloud, which allows them to work around conventional defense mechanisms. We explain how a DDoS attack in the cloud works, and how you can defend against it.
-
Harden your Apache web server
Cyberattacks don't stop at the time-honored Apache HTTP server, but a smart configuration, timely updates, and carefully considered security strategies can keep it from going under. -
Building a defense against DDoS attacks
Targeted attacks such as distributed denial of service, with thousands of computers attacking your servers until one of them caves in, cannot be prevented, but they can be effectively mitigated.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
