A slow loris attack is an attack of incomplete GET requests to most famously an

Question

A slow loris attack is an attack of incomplete GET requests to most famously an Apache server because the server does not timeout the connection made after extremely long periods of time, from my understanding.

GET / HTTP/1.1 Host: hostname UserAgent: user-agent "
or

GET / HTTP/1.1 Host: hostname UserAgent: user-agent"
Here are two examples of incomplete get requests that could be used for slow loris attacks (correct me if I'm wrong).

My question is, for each connection, how are these meant to be sent. Is there meant to be a time interval? Is it meant to be sent in parts? Or could you just send them whole with/without a time interval and it would still work?

And lastly is the slow loris attack outdated?

Explanation / Answer

Each connection should be send completely (so send a complete incomplete request), the incomplete GET request will make the server think that you are on a poor connection and keeps waiting for the rest of the request.

Each connection does require its own port, for this reason slowloris doesn't work well on windows, which limits it to ~130 ports. Sending the requests with an interval will still have the same result, but keep in mind that you need to fill up all the incoming connections of the server before the first one starts to time-out.

It's not out dated, they even updated the script to also support ipv6, you can simply test this by setting up an apache2 server and run slowloris.pl. If you setup mod_status you can watch the connections filling up real time.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.