Linux Today: Linux News On Internet Time.

Apache attacked by a "slow loris"

Jul 06, 2009, 19:02 (1 Talkback[s])
(Other stories by Christian Folini)

"The release of slowloris was only done after RSnake had contacted the Apache security team. Their response, while quick, was not quite what he expected:

"DoS attacks by tying up TCP connections are expected. Please see: http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos

"RSnake commented that this response misses the point completely and that the security tips advertised are of no help. Subsequently, he released the slowloris script, which was followed by a confusing discussion that ranged over multiple blog postings, comments on the postings, as well as various mailing lists. On one side are those hard-boiled experts that say they knew about this technique for years and that it is nothing new. On the other side are those who think this is genuinely new or at least new to the public, and that it could have a devastating effect on the internet as a whole or at least on the half of the world wide web that runs on Apache. Another Internet Storm Center (ISC) post provides more context, along with some useful comments."

Complete Story

Related Stories: