But then again if you know how to set up a slowloris flood correctly 1 server can be like getting slapped with a small planet 
Vulnerability in 1.0.4?
- Thread starter bottiger
- Start date
But then again if you know how to set up a slowloris flood correctly 1 server can be like getting slapped with a small planet
Is that a low orbit ion cannon?
loic was a tcp system iirc?
I honestly can't remember, nor am I thinking straight right now, could be though.
Forsaken
Well-known member
If you're on Apache, yeah.
Nginx, Lighttpd, LiteSpeed, and most other servers aren't affected, or can easily fend off attacks.
Just opened it up on my "other" pc. Yup, Loic lets you run a tcp or udp flood.
Slowloris fully opens a tcp connection and runs a syn flood over http, thats why it is so effective
Most high performance web services can fend off attacks quite well, obviously there are some specialised varients for each service, but for the average site owner using apache slowloris will cripple them with next to no recourse.
Just opened it up on my "other" pc. Yup, Loic lets you run a tcp or udp flood.
Slowloris fully opens a tcp connection and runs a syn flood over http, thats why it is so effective
Ugh, that horrible. Time to crank out that DDoS guy.
Brandon Sheley
Well-known member
I couldn't stop laughing when I read this part.
syn flood =/= tcp flood
slowloris is kinda different, it opens the tcp connection and sends partial periodical http header requests, so it holds the connection open waiting for the full http header... which never arrives. Eventually it uses up the servers resources as it opens more and more connections (if using servers like apache / dhttpd etc). The reason it is hard to defend against on these servers is it is very hard to distinguish real legitimate trafic and the attacking traffic.
A SYN drop unit was placed in front of the server, where it would initiate a response verifying the packet, before sending it through.
http://www.accumuli.com/flood-protection-i-3321.php
That's what was used. PS, if you use that, reference Jon Shallow or Paul Bristow.
As great as these systems are, at the end of the day, if someone realy wants to knock your site offline they will.
It comes down to who has more firepower, the guy running the service or the guy running the attack
As great as these systems are, at the end of the day, if someone realy wants to knock your site offline they will.
It comes down to who has more firepower, the guy running the service or the guy running the attack
I haven't seen anything take this down. Their customer base is probably a good testimony, without mentioning names, let's just say that even football fans know how to send SYN floods
and I mean, super angry fans.
I haven't seen anything take this down. Their customer base is probably a good testimony, without mentioning names, let's just say that even football fans know how to send SYN floods
I did have a giggle. Would those angry fans have something to do with a certain manager ?YGPM
YGPM
yep
a legacy reborn
Well-known member
Ah...I needed a good laugh. Thank you so much! lulz FTW.
F
Floris
Guest
Replace slow with F, .. Coincidence? yeah .. yeah it is hehe.
F
Floris
Guest
Yeah, but in this discussion a DDoS attack is not 'hacking', plain and simple.As great as these systems are, at the end of the day, if someone realy wants to knock your site offline they will.
It comes down to who has more firepower, the guy running the service or the guy running the attack
He could also go to the data center and bomb it, his site will be offline too.
Then it's a bomb-attack, not hacking still.
SchmitzIT
Well-known member
Boom, headshot?
Similar threads
