What is a Slowloris Attack?
Slowloris is a type of DDoS attack. Slowloris is distinctly different from others in that this tool is not a TCP DoS; rather, it uses perfectly legitimate HTTP traffic. It makes a full TCP connection and then requires only a few hundred requests at long term and regular intervals. As a result, the tool doesn’t need to send a lot of traffic to exhaust the available connections on a server. Eventually all the connections will be used up and no other server will be able to connect until at least some of the held connections are released. This makes it possible for hackers with limited traffic resources to successfully mount an attack.
HOW TO PROTECT AGAINST SLOWLORIS:
Protection against what some have called “death by partial request” requires a denial of service solution that can figure out what’s going on with the HTTP traffic and mitigate it. Given that Slowloris features small volumes of legitimate traffic, this is a tough problem to solve. At Corero, we’re always working to improve SmartWall to be able to detect and mitigate in real-time even the toughest to detect attack vectors.
Additional & Related Information:
- Why Would a Cute Little Slow Loris Take Down a Web Server?
- SmartWall TDS Network Threat Defense Appliance