Nmap Development mailing list archives
[NSE] http-slowloris
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Mon, 16 Jul 2012 15:26:47 +0200
Hi all, I've just commited the last changes to this script and I think it's ready. As the name suggests, it performs a slowloris DoS attack against a http server. As the script requires quite a few active connections, in order for it to work you need to raise NSE's max parallelism setting by specifying a high --max-parallelism value. In my tests the appropriate value was 400 to 500, but the more the merrier. If you wish to actually test the script I suggest to set up apache server (I've used latest version in ubuntu for my tests). Do note that latest Apache version is not vulnerable, module mod_reqtimeout prevents this attack , so you need to disable it. mod_reqtimeout is enabled by default on all recent Apache instances as far as I can tell. Also, in order to test the server against an actual slowloris attack, you should raise the MaxClients option for the Apache to some large value (larger than what you are using for --max-parallelism). By default, the script will run until it detects that the server is unavailable (it runs a thread that acts like a monitor that tries to get a reply from the server every 10 seconds and if it doesn't get a reply 4 times in a row, we consider the attack a success) or until the timeout runs out (30 minutes by default (timelimit option)). There's also an option to run the script forever (runforever option) which when set, will run the attack indefinitely. I'm attaching the script, so take a look and please share any ideas or improvements. Thanks to everyone who helped debug an issue with assert failure due to sleep()ing threads. Aleksandar
Attachment:
http-slowloris.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-slowloris Aleksandar Nikolic (Jul 16)
- Re: [NSE] http-slowloris Gmail Gutek (Jul 16)
- Re: [NSE] http-slowloris Toni Ruottu (Jul 16)
- Re: [NSE] http-slowloris Aleksandar Nikolic (Jul 16)
- Re: [NSE] http-slowloris Arturo 'Buanzo' Busleiman (Jul 16)
- Re: [NSE] http-slowloris Toni Ruottu (Jul 16)
- Re: [NSE] http-slowloris Gmail Gutek (Jul 16)
- Re: [NSE] http-slowloris David Fifield (Jul 17)
- Re: [NSE] http-slowloris Aleksandar Nikolic (Jul 17)
- Message not available
- Re: [NSE] http-slowloris Aleksandar Nikolic (Jul 17)
- Re: [NSE] http-slowloris David Fifield (Jul 17)
- Re: [NSE] http-slowloris Aleksandar Nikolic (Jul 17)