---

Home Infrastructure

Apache attacked by a “slow loris”

By

“The release of slowloris was only done after RSnake had
contacted the Apache security team. Their response, while quick,
was not quite what he expected:

“DoS attacks by tying up TCP connections are expected. Please
see:
http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos

“RSnake commented that this response misses the point completely
and that the security tips advertised are of no help. Subsequently,
he released the slowloris script, which was followed by a confusing
discussion that ranged over multiple blog postings, comments on the
postings, as well as various mailing lists. On one side are those
hard-boiled experts that say they knew about this technique for
years and that it is nothing new. On the other side are those who
think this is genuinely new or at least new to the public, and that
it could have a devastating effect on the internet as a whole or at
least on the half of the world wide web that runs on Apache.
Another Internet Storm Center (ISC) post provides more context,
along with some useful comments.”

Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.