Slowloris – DoS attack with the 56k

That’s interesting. I found this little tool to perform effective DoS attacks against HTTP servers using only one machine and a simple 56k connection! How can it be? Well, instead of sending tons of flawed SYN/ACK packets (like many other DoS programs do), it just sends HTTP GET requests, one at a time until the pool of remote ports is completely full. The HTTP GET requests lack of the final two bytes “\n\r”, so the remote server waits for completion which will never sent out. Very clever trick.

Slowloris can take down an entire apache server in a matter of minutes. How about get the webserver working again? No problem, just shutdown Slowloris and the webserver will be available almost instantly.

Check it out at:

Here the presentation at DEFCON 17:

Tagged .

Leave a Reply