Nmap Development mailing list archives
Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Thu, 14 Apr 2011 19:31:06 +0300
Also, you mention some todo items in the comments. Are these still relevant. Do you just want some light testing and feedback before final polish, or is this still more like an early prototype? You are saying that performing the attack takes a long time. Slowloris site links a video where Sam Bowne demonstrates the attack in front of live audience, and it takes seconds rather than days. Is the nmap script different, or is it a server-side thing? I am just asking these additional questions, so we could look at this more efficiently while you are away. Have a good time abroad. On Thu, Apr 14, 2011 at 7:08 PM, Gutek <ange.gutek () gmail com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 14/04/2011 17:41, Toni Ruottu a écrit :Also, I wonder if the script should use verbose output instead of debugging output. On Sun, Apr 10, 2011 at 5:44 PM, Toni Ruottu <toni.ruottu () iki fi> wrote:I would change the output to something like | http-slowloris: | Vulnerable | The DoS attack took +3m40s | with 32 concurrent connections |_ and 66 sent queriesThanks Toni for your suggestions. Unfortunately I'll be abroad for a week, but I will apply those remarks asap. Any other ideas during this week are also welcome. Thanks again and regards, A.G. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk2nHAIACgkQ3aDTTO0ha7imOwCdFHeBymKMM+dlGxbMwKdFb4W/ clEAn3z3vIbZfHVQG/8xmzbsV+9T7CFo =lcEB -----END PGP SIGNATURE-----
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 10)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 10)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 23)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack David Fifield (Apr 29)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrik Karlsson (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Henri Doreau (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Patrik Karlsson (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Gutek (Apr 30)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 14)
- Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack Toni Ruottu (Apr 10)