Vulnerability in 1.0.4?

:D But then again if you know how to set up a slowloris flood correctly 1 server can be like getting slapped with a small planet :sneaky:
If you're on Apache, yeah.

Nginx, Lighttpd, LiteSpeed, and most other servers aren't affected, or can easily fend off attacks.
 
I honestly can't remember, nor am I thinking straight right now, could be though.

Just opened it up on my "other" pc. Yup, Loic lets you run a tcp or udp flood.

Slowloris fully opens a tcp connection and runs a syn flood over http, thats why it is so effective ;)
 
If you're on Apache, yeah.

Nginx, Lighttpd, LiteSpeed, and most other servers aren't affected, or can easily fend off attacks.

Most high performance web services can fend off attacks quite well, obviously there are some specialised varients for each service, but for the average site owner using apache slowloris will cripple them with next to no recourse.
 
Just opened it up on my "other" pc. Yup, Loic lets you run a tcp or udp flood.

Slowloris fully opens a tcp connection and runs a syn flood over http, thats why it is so effective ;)

Ugh, that horrible. Time to crank out that DDoS guy.
 
Wait, SYNfloods are easy to drop. That's how I killed a DDos against a site on a client's VPS.

syn flood =/= tcp flood
slowloris is kinda different, it opens the tcp connection and sends partial periodical http header requests, so it holds the connection open waiting for the full http header... which never arrives. Eventually it uses up the servers resources as it opens more and more connections (if using servers like apache / dhttpd etc). The reason it is hard to defend against on these servers is it is very hard to distinguish real legitimate trafic and the attacking traffic.
 
syn flood =/= tcp flood
slowloris is kinda different, it opens the tcp connection and sends partial periodical http header requests, so it holds the connection open waiting for the full http header... which never arrives. Eventually it uses up the servers resources as it opens more and more connections (if using servers like apache / dhttpd etc). The reason it is hard to defend against on these servers is it is very hard to distinguish real legitimate trafic and the attacking traffic.

A SYN drop unit was placed in front of the server, where it would initiate a response verifying the packet, before sending it through.

http://www.accumuli.com/flood-protection-i-3321.php

That's what was used. PS, if you use that, reference Jon Shallow or Paul Bristow.
 
A SYN drop unit was placed in front of the server, where it would initiate a response verifying the packet, before sending it through.

http://www.accumuli.com/flood-protection-i-3321.php

That's what was used. PS, if you use that, reference Jon Shallow or Paul Bristow.

As great as these systems are, at the end of the day, if someone realy wants to knock your site offline they will.

It comes down to who has more firepower, the guy running the service or the guy running the attack ;)
 
As great as these systems are, at the end of the day, if someone realy wants to knock your site offline they will.

It comes down to who has more firepower, the guy running the service or the guy running the attack ;)

I haven't seen anything take this down. Their customer base is probably a good testimony, without mentioning names, let's just say that even football fans know how to send SYN floods :) and I mean, super angry fans.
 
I haven't seen anything take this down. Their customer base is probably a good testimony, without mentioning names, let's just say that even football fans know how to send SYN floods :) and I mean, super angry fans.

;) I did have a giggle. Would those angry fans have something to do with a certain manager :D?

YGPM :)
 
As great as these systems are, at the end of the day, if someone realy wants to knock your site offline they will.

It comes down to who has more firepower, the guy running the service or the guy running the attack ;)
Yeah, but in this discussion a DDoS attack is not 'hacking', plain and simple.

He could also go to the data center and bomb it, his site will be offline too.
Then it's a bomb-attack, not hacking still.
 
Top Bottom