Tip:
Highlight text to annotate it
X
Low and Slow
Attacks are an attacker or
perpetrators attempt to be able to
disrupt an organization or otherwise attack an organization without using
volume.
Essentially, the major point of a low and slow attack is to
either getting in under a volume attack, in conjunction with a volume attack
or essentially hit an adversary
with an attack that maybe under the radar screen, somewhat obfuscated.
So the best way to think about this, the best way I think about this attack is
that if I had a bridge
from which there's toll booths that you have to pay and cross on the other side
of the bridge
and that you be able to see clearly an arming amass Amada
and you be able to keep them off the bridge but if you had a single actors
her passing on to the bridge and they were up to
disrupting that bridge they can actually enter the toll booth all at the same
time
and begin the process of just putting
one coin in the in a box at a time and taking
all of the available spots. Everybody there is essentially legitimate,
everybody is acting within the bounds of
legitimacy, however, the whole system fails. Low and slow attacks are HTTP oriented
attacks that take advantage of legitimate connections
and RC protocols, to make certain
that your website and services in your businesses never function.
They by definition are legitimate, are within standards,
however, are nefarious. They require very special
application-level detection and cannot be scrubbed
by cloud scrubbers and require premise-based
advanced application-based detection.