Nmap Development mailing list archives

Re: [nmap-svn] r30412 - nmap/scripts

From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Sun, 16 Dec 2012 02:52:45 +0100

yep, the http-slowloris-check is perfectly safe, as it makes just two
http requests
and should finish pretty quickly, unlike http-slowloris one.
We decided to keep those two separate back during GSoC while I wrote them.

cheers,
Aleksandar

On 12/16/2012 1:35 AM, Rob Nicholls wrote:

Isn't the http-slowloris-check script a fairly safe one? The original http-slowloris script is the far more 
dangerous/never ending one? According to the NSE documentation, the "check" version:

"Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack.
...
This script opens two connections to the server, each without the final CRLF. After 10 seconds, second connection 
sends additional header. Both connections then wait for server timeout. If second connection gets a timeout 10 or 
more seconds after the first one, we can conclude that sending additional header prolonged it's timeout and that the 
server is vulnerable to slowloris DoS attack."

Rob

commit-mailer () nmap org wrote:

Author: batrick
Date: Sat Dec 15 16:18:13 2012
New Revision: 30412

Log:
This script never ends and seeks to crash the web server... why was this categorized as safe??


Modified:
  nmap/scripts/http-slowloris-check.nse

Modified: nmap/scripts/http-slowloris-check.nse
==============================================================================
--- nmap/scripts/http-slowloris-check.nse    (original)
+++ nmap/scripts/http-slowloris-check.nse    Sat Dec 15 16:18:13 2012
@@ -53,7 +53,7 @@

author = "Aleksandar Nikolic"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
-categories = {"vuln", "safe"}
+categories = {"vuln", "intrusive"}


portrule = shortport.http

_______________________________________________
Sent through the svn mailing list
http://nmap.org/mailman/listinfo/svn

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [nmap-svn] r30412 - nmap/scripts Henri Doreau (Dec 15)
- <Possible follow-ups>
- Re: [nmap-svn] r30412 - nmap/scripts Rob Nicholls (Dec 15)
  - Re: [nmap-svn] r30412 - nmap/scripts Aleksandar Nikolic (Dec 15)
    - Re: [nmap-svn] r30412 - nmap/scripts Patrick Donnelly (Dec 15)