Skip to content

darshanc99/Slow-Loris-Attack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
checkStatus.py
checkStatus.py
 
 
config.txt
config.txt
 
 
script.py
script.py
 
 
startserver.py
startserver.py
 
 

Repository files navigation

Slow-Loris-Attack

SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks by prolonging HTTP connections in different ways.
It can be used to test your web servers for DoS vulnerabilities, or just to figure out how many concurrent connections it can handle.

Advantages

  • Helps to test against DoS vulnerabilities.
  • Helps to test the number of clients a server will be able to handle concurrently.

Disadvantages

  • Hackers may use it to bring down a server, thus bringing down that server’s services.

Understanding the Technique

The technique it follows to take down a server is:
  • Opening up multiple connections with the server in different intervals of time.
  • Sending Partial/incomplete HTTP requests to the server.
  • Thus, after a point in time, the server cannot accept anymore requests, as it gets overloaded with already sent multiple & partial requests in the pipeline.
    • Thus, the server goes into the Denial of Service state.
This is Slowloris DOS Attack.

How to migrate/prevent Slow Loris Attacks?

  • Increase the maximum number of clients the Web Server will allow.
  • Limit the number of connections a single IP address is allowed to attempt.
  • Place restrictions on the minimum transfer speed a connection is allowed.
  • Constrain the amount of time a client is permitted to stay connected.
Here is the original repository of this tool.

Original Tool Features:

  • Slowing down either the header or the body section of the request.
  • Random size of follow-up chunks, limited by optional value.
  • Configurable interval between follow-up data chunks.
  • Support for SSL.
  • Support for hosts names resolved to IPv6.
  • Verbosity levels in reporting.
  • Connection state change tracking.
  • Variable connection rate.
  • Detailed statistics available in CSV format and as a chart generated as HTML file using Google Chart Tools.

Features we have developed in this assignment

  • Creation of multiple client sockets with the server.
  • Slowing Down the server by slowing down the headers through HTTP Requests.
  • Analyze how many concurrent sockets the server can handle.

Testing this repository

  • Start the server by typing the following command in the terminal: 
    python startserver.py
  • Starting the Check Server script: 
    python checkstatus.py
  • Running the Script: 
    python script.py address portnumber numberofsockets
    • Note: In order to understand the capacity of how many sockets the server can handle, increase the numberofsockets gradually.

About

An implementation of Slow Loris DoS Attack

Topics

dos security-tools dos-attack slow-loris

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages