

Since the number of concurrent connections to the server has a certain upper limit, malicious occupation of all connections without releasing them will cause the server to fail to accept new requests, resulting in denial of service. The HTTP protocol stipulates that the HTTP request must be fully received before it can be processed, so in HTTP request The server will maintain the tcp connection before it is fully accepted by the server. The principle is to send HTTP requests to the server at a very low speed. Slowloris is an attack method provided by web security expert RSnake in 2009. Slowloris principle, attack experiment and corresponding defense measures Types of Dos/DDos attacks based on HTTP protocol a known feature database is established, and whether the detected traffic meets the feature parameters of the database to determine whether an attack occurs.

The attack can be detected using the feature matching method. Attackers take advantage of vulnerabilities in the application protocol to send and receive data packets at a low rate, occupying server resources, making the server unable to respond to normal user requests.Īccording to different time points of defense, defense methods can be divided into two categories:įor pre-attack prevention, you can start with improving server performance, such as improving network protocols, optimizing application code, and optimizing network architecture.ĭetection and filtering when an attack occursįor different attacks, the number of connection requests at the flow rate is different from the characteristics of normal flow, and the attacks are detected. But slow connection attacks are different.

Among the existing HTTP FLOOD attacks, CC attacks are more famous.įor flooding attacks, it is necessary to maintain a high rate state in order to achieve a good attack effect. Large resources cause websites to frequently perform cup and memory-intensive database operations. Unlike connection exhaustion attacks that only occupy connection resources, the target of HTTP FLOOD is the memory comparison on the victim's website. Attackers often make semantically legitimate requests to web pages. This attack method is an attack against a web server.

#APACHE SERVERS ATTACKED BY SLOWLORIS ATTACK HOW TO#
Principles and experiments of Dos/DDos attacks based on HTTP protocol, and how to defend (effective defense includes attack prevention, attack detection, tracing the source of the attack, and counterattack)īased on the research background of Dos attack and DDos attack
