While there are no reliable configurations of the affected web servers that will prevent the Slowloris attack, there are ways to mitigate or reduce the impact of the attack. Also, certain servers are more resistant to attack by design, including Hiawatha, IIS, lighttpd, etc. Proxy servers and caching accelerators such as Varnish, nginx, and Squid have been recommended to mitigate this particular type of attack. Slowloris is, without a doubt, one of the favorite attacks of many hackers, due to its simplicity and effectiveness and because Slowloris takes advantage of the problems when handling thousands of connections, the attack has less effect on the servers they handle. The affected servers will keep these connections open, filling their maximum pool of concurrent connections, and will eventually deny additional connection attempts from clients. Periodically, it will send subsequent HTTP headers, adding, but never completing, the request.
It does this by opening connections to the destination web server and sending a partial request. Slowloris tries to keep many connections open to the target web server and keep them open for as long as possible. Slowloris is a type of denial of service attack tool that allows a single machine to kill another machine’s web server with minimal bandwidth and side effects on unrelated services and ports.
0 kommentar(er)
