Learn more about DDoS attack Slowloris from our experts. Our Server Management Support team is here to help you with your questions and concerns.

DDoS attack Slowloris | About

Slowloris can be described as a type of DDoS attack that exploits web servers to handle incoming connections. During a Slowloris attack, the attacker sends several HTTP requests to the target web server. However, the requests are sent out slowly unlike a regular DDoS attack.

The Slowloris attack sends incomplete HTTP requests. This keeps the connections open for as long as possible. This allows the attacker to consume the server’s memory and CPU as it tries to keep track of all the open connections. In time, the server becomes overwhelmed and can no longer respond to legitimate requests.

As Slowloris sends partial packets, intrusion detection systems often fail to detect the attack. Furthermore, Slowloris DDoS attacks tend to go on for a longer time period as well. In fact, Slowloris reinstates the connection when the attacked sockets time out. It continues sending partial packets till it overloads the server.

Interestingly, Slowloris is considered dangerous since they are stealthy and hard to detect. Additionally, it prevents log file creation. This prevents red flags from appearing in log file entries, making the attack invisible.

Let’s take a quick look at how the Slowloris attack works:

1. First, the attacker identifies a target web server.
2. Then, the attacker opens multiple connections to the target server via a script.
3. After that, the attacker sends partial requests to the server. These requests often contain the request header without the request body.
4. These partial requests are sent out slowly with a delay of several seconds between each request. This keeps the connection to the server open for as long as possible.
5. The attacker keeps the connection open by continuing to send partial requests. These requests take up server resources like memory and CPU time. In time, sever becomes overloaded with the requests, and hence will be unable to handle legitimate requests.
6. Then, the website or web application hosted on the server stops responding and may even crash.

How to stop a Slowloris attack?

Slowloris attacks can be stopped with these steps:

• Limit the number of connections requested by a single IP address.
• Increase the minimum transfer speed for every connection.
• Limit the time a client can stay connected.
• Increase the maximum number of clients allowed by the server.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

To conclude, our Support Techs introduced us to DDoS attack Slowloris and hope they attack servers.