Nmap Development mailing list archives
Re: [NSE] http-slowloris
From: David Fifield <david () bamsoftware com>
Date: Tue, 17 Jul 2012 07:55:54 -0700
On Mon, Jul 16, 2012 at 03:26:47PM +0200, Aleksandar Nikolic wrote:
Hi all, I've just commited the last changes to this script and I think it's ready. As the name suggests, it performs a slowloris DoS attack against a http server. As the script requires quite a few active connections, in order for it to work you need to raise NSE's max parallelism setting by specifying a high --max-parallelism value. In my tests the appropriate value was 400 to 500, but the more the merrier.
Nice work, Aleksandar. I found some surprising behavior when I kill the web server in the middle of the test. thttpd -p 8080 -D -l /dev/stdout ./nmap --script=http-slowloris --max-parallelism 400 localhost -p 8080 -d When I ctrl-C the server, I see a ton of these messages (with the "still remain" counter decrementing): NSE: MONITOR: (monitor on 127.0.0.1): Monitoring has shut down due to lack of response from the webserver. NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE: HALF_HTTP: : lost connection, 399 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE: HALF_HTTP: : lost connection, 398 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE: HALF_HTTP: : lost connection, 397 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! This goes on and on until finally: NSE: HALF_HTTP: : lost connection, -623 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE: HALF_HTTP: : lost connection, -624 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE: HALF_HTTP: : lost connection, -625 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE: HALF_HTTP: : lost connection, -626 still remain NSE: http-slowloris against 127.0.0.1:8080 threw an error! NSE Timing: About 99.90% done; ETC: 07:47 (0:00:00 remaining) NSE Timing: About 99.90% done; ETC: 07:47 (0:00:00 remaining) NSE Timing: About 99.90% done; ETC: 07:48 (0:00:00 remaining) And then it appears to hang forever. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-slowloris Aleksandar Nikolic (Jul 16)
- Re: [NSE] http-slowloris Gmail Gutek (Jul 16)
- Re: [NSE] http-slowloris Toni Ruottu (Jul 16)
- Re: [NSE] http-slowloris Aleksandar Nikolic (Jul 16)
- Re: [NSE] http-slowloris Arturo 'Buanzo' Busleiman (Jul 16)
- Re: [NSE] http-slowloris Toni Ruottu (Jul 16)
- Re: [NSE] http-slowloris Gmail Gutek (Jul 16)
- Re: [NSE] http-slowloris David Fifield (Jul 17)
- Re: [NSE] http-slowloris Aleksandar Nikolic (Jul 17)
- Message not available
- Re: [NSE] http-slowloris Aleksandar Nikolic (Jul 17)
- Re: [NSE] http-slowloris David Fifield (Jul 17)
- Re: [NSE] http-slowloris Aleksandar Nikolic (Jul 17)