Tip:
Highlight text to annotate it
X
Slowloris, named after the slow-mannered primate who can be found in Asia, is a
low and slow attack tool that generates a denial of service attack.
Slowloris is categorized as a low and slow attack tool because it generates a
slow rate and low volume of traffic and therefore it is difficult to detect by
standard anti-DoS mitigation systems. It is one of the first known slow rate
DoS tools developed.
The Slowloris attack tool exploits a weakness in the HTTP protocol
requiring every HTTP request to be terminated by a sequence of new line
characters. A legitimate HTTP get request is normally contained in one
packet and is terminated quickly by the sequence of new lines at the end of the
message.
However, when an attacker is using the Slowloris tool the HTTP request
is sent without the termination sequence. This causes the webserver to leave the
connection open and to allocate resources that are waiting for the
termination sequence.
The typical webserver allocates limited resources for handling open connections,
as it expects the connections to be short and terminated quickly.
Slowloris takes advantage of this behavior and generates thousands of
requests over several minutes, where none of the requests are terminated.
This consumes the available open connections resources of the web server
causing it to stop handling new requests and prevent the service from legitimate users,
hence achieving a denial of service.
The Slowloris attack tool manages to evade traditional anti-DDoS mitigation
systems, as it doesn't generate volumetric traffic or high rate of packets.
However, it is a lethal attack on web servers that can easily prevent
legitimate users from accessing online service.
Want to know how to protect your online business from Slowloris?
Contact Radware today.