Apache attacked by a "slow loris"
Jul 06, 2009, 19:02 (1 Talkback[s])
(Other stories by Christian Folini)
No-Size-Fits-All! An Application-Down Approach for Your Cloud Transformation REGISTER >
"The release of slowloris was only done after RSnake had
contacted the Apache security team. Their response, while quick,
was not quite what he expected:
"DoS attacks by tying up TCP connections are expected. Please
"RSnake commented that this response misses the point completely
and that the security tips advertised are of no help. Subsequently,
he released the slowloris script, which was followed by a confusing
discussion that ranged over multiple blog postings, comments on the
postings, as well as various mailing lists. On one side are those
hard-boiled experts that say they knew about this technique for
years and that it is nothing new. On the other side are those who
think this is genuinely new or at least new to the public, and that
it could have a devastating effect on the internet as a whole or at
least on the half of the world wide web that runs on Apache.
Another Internet Storm Center (ISC) post provides more context,
along with some useful comments."