Search This Blog

Powered by Blogger.

Blog Archive

Labels

Few PCs enough to Crash a server(DOS attack); Read the httpResponse slowly


Security Researcher "Sergey Shekyan" at Qualys Security Labs found a new Denial of Service(DOS) Attack method, he managed to make the server crash by reading the response of the server slowly instead of sending continuous request(usual DDOS attack). 

Researcher explains the POC with a Burger scenario:
Imagine a queue at fast food restaurant,  the customer orders hundreds of burgers but he can take only 5 burgers at time to his car, this results in slowing down the business.

Slow Reading: Likewise, we send a full request to server(order 100 burgers) ,the server response immediately.  But we read the response slowly(5 burgers at time), the server have to wait until we finish reading the response. It results in Denial of Service.



All Servers ( Apache, nginx, lighttpd, IIS 7.5) are vulnerable in their default configuration.

Detecting the Vulnerability in your server:
Passive method:
the presence of several conditions could be checked
  • The server accepts initial SYN packets with an abnormally small advertised window
  • The server doesn’t send RST or FIN for some time (30 seconds should be more than enough), if recipient cannot accept the data
  • Persistent connections (keep-alive) and HTTP pipelining are enabled

If all three conditions are met, we can assume server is vulnerable to Slow Read DoS attack.

Active Method:

For this method,Use slowhttptest version 1.3 and later version.

Mitigation:
Know how to Mitigate the 'Slow Read" Denial of Service Attack here.


Share it:

DDOS Attacks

Featured

Vulnerability

Web Application Vulnerability