|
Mitigating the 'Slowloris' HTTP DoS Attack |
|
|
|
|
Written by Sjoeii
|
|
Tuesday, 23 June 2009 |
|
Today on Threatpost, Dennis Fisher discusses a new tool used for attacks called Slowloris, that takes advantage of some characteristics of the Apache Web server to keep HTTP connections open for long periods, which in turn deny service to legitimate users of a site. Unlike typical flooding attacks that use tons of packets to take down a router or web server, Slowloris attacks without sending an overabundance of TCP or HTTP traffic. Analysts at the SANS Internet Storm Center recommend that organizations running Web servers that are vulnerable to the tool's attack to make some configuration changes to their servers. Analysts from SANS also recommend using an Apache module like mod_limitpconn, which limits the number of connections that can come from one IP address.
http://cl.exct.net/?qs=b6114effa93be5ece093428dcada78363734761f9a167bee4cdd54204fdb7d72
|
