Monday, May 16, 2011
HTTP DoS-attack tool on Apache web server.
Do you like this story?
Robert Hansen, a guru in the field of security, has released a new tool for DoS-attacks, exposing serious Web server’s vulnerabilities including Apache and other servers.
Hansen called his tool Slowloris
, the most interesting in this utility that it can cause a DoS attack without using a huge amount of traffic as we usually find in other DoS tools.
, the most interesting in this utility that it can cause a DoS attack without using a huge amount of traffic as we usually find in other DoS tools.According to Hansen typically 1000 machine are required to crash down a web server by bombarding the site with traffic but for Slowloris is not the case because it takes up all the available connection for the server by sending unlimited http requests without closing those connections and this makes Apache waiting for the response too long. Apache web servers do have a limit for number of threads which can be used to deplete the memory and cause defacement.
This vulnerability concerns Apache 1.x, Apache 2.x, dhttpd, GoAhead WebServer, and Squid, but still not subject to IIS6,IIS7 and lighttpd because these systems deal with the number of open connections.
This tool is available for free on http://ha.ckers.org/slowloris/
but it is important to note that the attack will not work against the large Web sites with load balancing mechanisms 
so just try it locally and it should be used just for the educational purposes.iam not responsible for any illegal activities done using my articles.
This post was written by: Ashif Ismail
Ashif Ismail is a professional blogger, Software Programmer and front end web developer. Follow him on Twitter
Subscribe to:
Post Comments (Atom)
0 Responses to “HTTP DoS-attack tool on Apache web server.”
Post a Comment