httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julien Pauli <doctorroc...@gmail.com>
Subject [users@httpd] New DOS HTTP tool
Date Wed, 17 Jun 2009 20:59:51 GMT
Hi community.
Just for information :

"In considering the ramifcations of a slow denial of service attack against
particular services, rather than flooding networks, a concept emerged that
would allow a single machine to take down another machine's web server with
minimal bandwidth and side effects on unrelated services and ports. The
ideal situation for many denial of service attacks is where all other
services remain intact but the webserver itself is completely inaccessible.
Slowloris was born from this concept, and is therefore relatively very
stealthy compared to most flooding tools."

You can find all (including Perl source code) here :
http://ha.ckers.org/slowloris/ -
http://ha.ckers.org/blog/20090617/slowloris-http-dos/

That seems interesting. I've been told about mods, such as mod_security or
mod_evasive that could take care of that (no tested, on my way)

Any suggestions, ideas ? ;)

Julien.P

Mime
View raw message