Slowloris is a type of denial of service attack tool that allows a single machine to kill another machine’s web server with minimal bandwidth and side effects on unrelated services and ports. Slowloris tries to keep many connections open to the target web server and keep them open for as long as possible. It does this by opening connections to the destination web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding, but never completing, the request.
The affected servers will keep these connections open, filling their maximum pool of concurrent connections, and will eventually deny additional connection attempts from clients.
Slowloris is, without a doubt, one of the favorite attacks of many hackers, due to its simplicity and effectiveness and because Slowloris takes advantage of the problems when handling thousands of connections, the attack has less effect on the servers they handle. well a large number of connections. Proxy servers and caching accelerators such as Varnish, nginx, and Squid have been recommended to mitigate this particular type of attack. Also, certain servers are more resistant to attack by design, including Hiawatha, IIS, lighttpd, etc.
While there are no reliable configurations of the affected web servers that will prevent the Slowloris attack, there are ways to mitigate or reduce the impact of the attack. In general, they involve increasing the maximum number of clients that the server will allow, limiting the number of connections that a single IP address can make, imposing restrictions on the minimum transfer speed that a connection is allowed to have, and restricting time. a customer can stay connected.
Other mitigation techniques involve configuring reverse proxies, firewalls, load balancers, or content switches. Administrators could also change the affected web server to software that is not affected by this form of attack. For example, lighttpd and nginx do not succumb to this specific attack.
Related reads:
SYN Flood variant of DDoS attack
Ping of Death, One of the first threats on the net
NTP Amplification Attack is a high impact DDoS attack
