Derrick Cramer
Derrick joined MyBroadband in 2011 as a junior journalist with a strong background in computer hardware and gaming - he lives for that new motherboard...
A proof-of-concept tool shows how a hard to detect slow motion DoS attack could potentially cripple web servers
Sergey Shekyan, a researcher at Qualys Security Labs has created a proof-of-concept tool that could be used to shut down websites from a single computer, with a low threat of detection.
The tool makes use of an attack that exploits the nature of the Transmission Control Protocol used by Internet servers. It forces a target server to keep a network connection open by performing a ?slow read? of responses from the server.
This ?slow read? attack is different to Slowloris, a tool used in the 2009 attack on Iranian government websites during the protests that followed the Iranian presidential election. Slowloris congests server networking ports by making partial HTTP requests, and continues to send pieces of a page request at intervals to prevent the web server from dropping the connection.
Meanwhile Slow Read sends a full request to the server, and then holds up the server response by reading the response very slowly from the buffer. An attacker could use the TCP window size field to limit how quickly information is read by the requesting computer, slowing the server connection to a crawl.
The server will keep polling the connection to see if the client (in this case the attacker) is ready for more data, clogging up server memory with unsent data. Enough simultaneous attacks using this method would use all available server resources, meaning legitimate users can not gain access.
Read the full story at: Ars Technica.
Source: http://mybroadband.co.za/news/quick-news/40785-slow-motion-dos-attack-is-hard-to-detect.html
blue ivy jon huntsman ted nugent devil inside right to work dash diet how to make moonshine
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.