Now Serving:Slow and Steady Ddos

Sergey Shekyan over at Qualys put out a SlowRead Ddos concept a little while back. To step it up a notch, and give us a nice New Years gift, he and a couple others put out an improvement to the Slowhttptest code that integrates the slow read test:

http://code.google.com/p/slowhttptest/

(It also contains code for other slow Ddos Attacks)

So, worried about your webservers vulnerability profile?  Pull it down, run it against your test configs.  Does it fail?  Does it succeed?

If you don’t want to attack your test site, check for the following:

Do you?

Accept initial SYN packets with an abnormally small advertised window?
Do you not send RST or FIN after 30 seconds when client can't accept the data due to a full receive window?
Are persistent connections or HTTP pipelining are enabled?

If you answered yes, you may want to examine you vulnerability profile a little closer to see if you are truly vulnerable or protected.

Reference:

PCworld Article


Published Jan 05, 2012
Version 1.0
ddos
research
security
us

Was this article helpful?

No CommentsBe the first to comment