标签:
https://www.owasp.org/images/0/04/Roberto_Suggi_Liverani_OWASPNZDAY2010-Defending_against_application_DoS.pdf
slowloris
http://www.huffingtonpost.co.uk/-frontier/slow-loris_b_8541930.html
- slow: adj. 1.慢的,缓慢的 (opp. fast; qu ...
- loris: n. (pl. loris) 【动物;动物学】懒猴属;懒 ...
消耗掉所有的线程。
Change http headers to simulate multiple connections/browsers
?
Exhaust all threads available
HTTP POST DoS
No delay in sending HTTP Headers (!= Slowloris)
?
Content
-
Length = 1000 bytes
?
HTTP message body is sent 1 byte each 110 seconds till the
last byte
?
Require a good number of threads per each machine
–
<10k connections to bring down Apache
–
~60k connections for IIS (if rapid fail protection is on)
HTTP Flooders/DDoS Attack
Most common L7 attack
?
Typically launched from botnets
?
Black Energy botnet C&C interface
?
Frequencies, thread and command option
Apache
Key Directives
?
Maxclients, Timeout, KeepAlive and KeepAlive Timeout
?
Traffic Shaping
?
mod_throttle
-
limit the frequency of requests allowed from a
single client within a window of time
?
mod_bwshare
-
bandwidth throttling by HTTP client IP address
?
mod_limitipconn
-
limit the number of simultaneous downloads
permitted from a single IP address
?
mod_dosevasive
-
detects too many connections and
temporaribly block offending IP address
?
mod_security
–
WAF, filtering, monitoring, loggi
Web 服务器 low bandth DOS attack
标签:
原文地址:http://www.cnblogs.com/lightsong/p/5793930.html
