Qualys develops open source tool to negate 'slow HTTP' DDoS attacks

Slow HTTP attacks – aka Low-rate Denial-of-Service (LDoS) attacks – are attack vectors that exploit TCP’s retransmission time-out mechanism to reduce the data throughput without being detected, Infosecurity notes.

Compared to traditional flooding based DDoS attacks, LDoS attacks do not use the sledge-hammer approach of conventional attacks and are therefore difficult to detect.

According to Sergey Shekyan, a web application security researcher with Qualys, LDoS attacks are problematic because they are easy to execute – that is, they can be executed with minimal resources from the attacking machine.

Shekyan's utility - slowhttptest – is billed as opening and maintaining customisable slow connections to a target server, allowing IT professionals to get an idea of the server’s limitations and weaknesses. It includes features similar to Slowloris and the OWASP slow post utilities, as well as what the Qualys researcher describes as some additional configurable parameters plus formatting facilities.

“Care should be taken when using this tool to avoid inadvertently causing denial of service against your servers. For production servers, QualysGuard Web Application Scanner will perform passive (non-intrusive) automated tests that will indicate susceptibility to slow http attacks without the risk of causing denial of service”, he says.

“Any comments are highly appreciated, and I will review all feature requests posted on the project page. Many thanks to those who are contributing to this project”, he adds.

What’s hot on Infosecurity Magazine?