OWASP HTTP POST DoS Apache Webserver Attack

Discuss the many weaknesses of browser security and ways to mitigate the threat

OWASP HTTP POST DoS Apache Webserver Attack

Post by mauristechchannel on Wed Jan 25, 2012 11:05 pm
([msg=63887]see OWASP HTTP POST DoS Apache Webserver Attack[/msg])

This Tutorials shows, how you can easily take out an Apache Webserver with one HTTP POST Tool using a std. slow DSL Connection.

This is NO Slowloris Attack!

Limitations of HTTP GET DDOS attack:

- Does not work on IIS web servers or web
servers with timeout limits for HTTP headers.

- Easily defensible using popular load balancers,
such as F5 and Cisco, reverse proxies and
certain Apache modules, such as mod_antiloris.

- Anti-DDOS systems may use "delayed
binding"/"TCP Splicing" to defend against HTTP
GET attacks.

Why HTTP POST DDOS attack works

- This attack can evade Layer 4 detection
techniques as there is no malformed TCP, just
like Slowloris.

- Unlike Slowloris, there is no delay in sending
HTTP Header, hence nullifying IIS built-in
defense, making IIS vulnerable too.

- Size, character sets and time intervals can be
randomised to foil any recognition of Layer 7
traffic patterns by DDOS protection systems.

- Difficult to differentiate from legit connections
which are slow

Despite the fact that this is not very new, its a serious threat to many mostly apache powered websites.
New User
New User
Posts: 5
Joined: Tue Jan 24, 2012 5:31 am
Blog: View Blog (0)

Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests