Slow Loris attack at Apache web server part 2

snjup — Tue, 07 Feb 2017 21:37:50 +0000

In my previous post I wrote about Slow Loris atack. But this was theory, what does it look like in practice? From GitHub I downloaded pythoon code and just ran it. Just in case I made a copy.

git clone https://github.com/gkbrk/slowloris.git cd slowloris python3 slowloris.py example.com

For my blog I’m using CloudFlare DNS, so my IP is hidden behind their DNS servers. But if you know victims IP address or domain is resolving IP address, then you can have fun. But be aware, making this attacks is illegal!

So my web server is victim and my home server it attacker. Victim runs web server Apache 2.4.18 on Ubuntu 16.04. I started slowloris script to attack my web server:

Web server started in a minute processing new threads and web page was down.

This “slow” attack can be prevented using other web servers (during writing this post I found python script to attack NGINX web server) or using providers who protects you from DDOS. Guy at funtoo suggested to use load balancer or block connections with iptables.

iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 100 -j DROP

I tried to block Slow Loris attack with iptables, but in the end the web server still had a lot of threads and page was down. Googling about Slow Loris prevention, I found page Bed Against The Wall and writer recommends using mod_antiloris and mod_limitipconn for apache and fail2ban. This will follow in the next step.

Slow Loris attack at Apache web server part 1

snjup — Mon, 06 Feb 2017 20:39:23 +0000

My friend was under DDOS attack and during attack he found a video about Slow Loris Attack. Slow Loris Attack creates denial of service which relies on a flood of data. Dr Mike Pound explains on this video about sending packets veeery sloooow.

ddos – Hrčkov b(r)log

Slow Loris attack at Apache web server part 2

Slow Loris attack at Apache web server part 1