SlideShare a Scribd company logo

Web - Resource Exhaustion Attacks

Download as PPTX, PDF
Nihal Pasham, CISSP
Nihal Pasham, CISSP

Slow Web DoS Attacks

Software
1 of 10
Web Resource Exhaustion  Slow DoS Attacks
Resource Exhaustion – Slow DOS Attacks  Goal of Attacker: • Exhaust pool of available TCP connections on server so that no new legitimate connections can be established  Types of Attacks: • Slow Header Attacks • Slow POST Attacks • Slow Read Attacks
Slow Header Attacks  Sends HTTP headers very slowly and never completes the header send process.
Slow Header Attacks  Tools • Slowloris (Pyloris, QSlowloris) • OWASP HTTP Post Tool • Slowhttptest  Who is Affected? • Any server that does not have HTTP header timeouts (notably Apache 1.x/2.x)  How to Mitigate • Web server settings (max conns, conns/IP, min bps/conn, max total transfer time) • Switch to non-affected web server (ex: IIS) • Reverse proxy / SLB device • CDNs – CDN edge nodes usually do not take action until all headers are read
Slow POST Attacks  Sends HTTP POST body very slowly and never completes the POST body process.
Slow POST Attacks  Tools • R-U-Dead-Yet (RUDY) • OWASP HTTP Post Tool • Slowhttptest  Who is Affected? • Any site that has forms (login, comments, feedback, etc.) and accepts HTTP POSTs  How to Mitigate • Set max POST body size of each form • Web server settings (max conns, conns/IP, min bps/conn, max total transfer time) • WAF
WAF – Slow POST Additional Details  Inspection Buffer • Usually up to 8KB by default is inspected • If POST is larger than configured buffer, overrun content is uninspected and unmeasured  Best Practices • Increase buffer size if larger than 8KB POSTs are expected • Set max POST body size so that larger POSTs will be denied  Note: If max body size < buffer size then all content will be inspected
Slow Read Attacks  Keeps server sockets busy by throttling down the receipt of large HTTP responses.
Slow Read Attacks  Tools • Slowhttptest • Nkiller2 • Sockstress  Who is Affected? • Any TCP-based application  How to Mitigate • Web server settings (max conns, conns/IP, min bps/conn, max total transfer time) • WAF
Resources • https://www.owasp.org/images/a/a6/Owasp_KS_slowDoS.pdf • http://media.blackhat.com/bh-dc- 11/Brennan/BlackHat_DC_2011_Brennan_Denial_Service- Slides.pdf • http://vimeo.com/7618090 (Defcon Slowloris video) • http://blog.spiderlabs.com/2011/07/advanced-topic-of-the- week-mitigating-slow-http-dos-attacks.html • https://en.wikipedia.org/wiki/Slowloris • https://community.qualys.com/blogs/securitylabs/2012/01/05/ slow-read

Recommended

Load Balancing with Apache
Load Balancing with ApacheLoad Balancing with Apache
Load Balancing with Apache
Bradley Holt
 
Benchmarking NGINX for Accuracy and Results
Benchmarking NGINX for Accuracy and ResultsBenchmarking NGINX for Accuracy and Results
Benchmarking NGINX for Accuracy and Results
NGINX, Inc.
 
Introduction to NGINX web server
Introduction to NGINX web serverIntroduction to NGINX web server
Introduction to NGINX web server
Md Waresul Islam
 
HAProxy 1.9
HAProxy 1.9HAProxy 1.9
HAProxy 1.9
HAProxy Technologies
 
Nginx in production
Nginx in productionNginx in production
Nginx in production
Graham Weldon
 
HAProxy
HAProxy HAProxy
HAProxy
Arindam Nayak
 
Web Server Load Balancer
Web Server Load BalancerWeb Server Load Balancer
Web Server Load Balancer
MobME Technical
 
HA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and KeepalivedHA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and Keepalived
Ganapathi Kandaswamy
 

Recommended

Load Balancing with Apache
Load Balancing with ApacheLoad Balancing with Apache
Load Balancing with Apache
Bradley Holt
 
Benchmarking NGINX for Accuracy and Results
Benchmarking NGINX for Accuracy and ResultsBenchmarking NGINX for Accuracy and Results
Benchmarking NGINX for Accuracy and Results
NGINX, Inc.
 
Introduction to NGINX web server
Introduction to NGINX web serverIntroduction to NGINX web server
Introduction to NGINX web server
Md Waresul Islam
 
HAProxy 1.9
HAProxy 1.9HAProxy 1.9
HAProxy 1.9
HAProxy Technologies
 
Nginx in production
Nginx in productionNginx in production
Nginx in production
Graham Weldon
 
HAProxy
HAProxy HAProxy
HAProxy
Arindam Nayak
 
Web Server Load Balancer
Web Server Load BalancerWeb Server Load Balancer
Web Server Load Balancer
MobME Technical
 
HA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and KeepalivedHA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and Keepalived
Ganapathi Kandaswamy
 
ChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy IntroChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy Intro
ChinaNetCloud
 
Extending functionality in nginx, with modules!
Extending functionality in nginx, with modules!Extending functionality in nginx, with modules!
Extending functionality in nginx, with modules!
Trygve Vea
 
Basics of NGINX
Basics of NGINXBasics of NGINX
Basics of NGINX
Squash Apps Pvt Ltd
 
Consul scale
Consul scaleConsul scale
Consul scale
Ariel Moskovich
 
HLS WWDC2020
HLS WWDC2020HLS WWDC2020
HLS WWDC2020
you-hsuan yu
 
Nginx
NginxNginx
Nginx
Geeta Vinnakota
 
HTTP Request Smuggling
HTTP Request SmugglingHTTP Request Smuggling
HTTP Request Smuggling
Akash Ashokan
 
Http smuggling 1 200523064027
Http smuggling 1 200523064027Http smuggling 1 200523064027
Http smuggling 1 200523064027
n|u - The Open Security Community
 
Maximizing PHP Performance with NGINX
Maximizing PHP Performance with NGINXMaximizing PHP Performance with NGINX
Maximizing PHP Performance with NGINX
NGINX, Inc.
 
Nginx - Tips and Tricks.
Nginx - Tips and Tricks.Nginx - Tips and Tricks.
Nginx - Tips and Tricks.
Harish S
 
Load Balancing with HAproxy
Load Balancing with HAproxyLoad Balancing with HAproxy
Load Balancing with HAproxy
Brendan Jennings
 
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTPAltitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Fastly
 
Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...
Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...
Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...
Ontico
 
Donatas Mažionis, Building low latency web APIs
Donatas Mažionis, Building low latency web APIsDonatas Mažionis, Building low latency web APIs
Donatas Mažionis, Building low latency web APIs
Tanya Denisyuk
 
Using HAProxy to Scale MySQL
Using HAProxy to Scale MySQLUsing HAProxy to Scale MySQL
Using HAProxy to Scale MySQL
Bill Sickles
 
QUIC
QUICQUIC
QUIC
Apache Traffic Server
 
HAProxy tech talk
HAProxy tech talkHAProxy tech talk
HAProxy tech talk
icebourg
 
Troubleshooting RabbitMQ and services that use it
Troubleshooting RabbitMQ and services that use itTroubleshooting RabbitMQ and services that use it
Troubleshooting RabbitMQ and services that use it
Michael Klishin
 
What's New in NGINX Plus R12?
What's New in NGINX Plus R12? What's New in NGINX Plus R12?
What's New in NGINX Plus R12?
NGINX, Inc.
 
Ensuring Consistency in a Replicated World
Ensuring Consistency in a Replicated WorldEnsuring Consistency in a Replicated World
Ensuring Consistency in a Replicated World
Yelp Engineering
 
Http - All you need to know
Http - All you need to knowHttp - All you need to know
Http - All you need to know
Gökhan Şengün
 
Http2 in practice
Http2 in practiceHttp2 in practice
Http2 in practice
Patrick Meenan
 

More Related Content

What's hot

Maximizing PHP Performance with NGINX
Maximizing PHP Performance with NGINXMaximizing PHP Performance with NGINX
Maximizing PHP Performance with NGINX
NGINX, Inc.
 
Nginx - Tips and Tricks.
Nginx - Tips and Tricks.Nginx - Tips and Tricks.
Nginx - Tips and Tricks.
Harish S
 
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTPAltitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Fastly
 
Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...
Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...
Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...
Ontico
 
Donatas Mažionis, Building low latency web APIs
Donatas Mažionis, Building low latency web APIsDonatas Mažionis, Building low latency web APIs
Donatas Mažionis, Building low latency web APIs
Tanya Denisyuk
 
HAProxy tech talk
HAProxy tech talkHAProxy tech talk
HAProxy tech talk
icebourg
 
What's New in NGINX Plus R12?
What's New in NGINX Plus R12? What's New in NGINX Plus R12?
What's New in NGINX Plus R12?
NGINX, Inc.
 

What's hot (20)

ChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy IntroChinaNetCloud Training - HAProxy Intro
ChinaNetCloud Training - HAProxy Intro
 
Extending functionality in nginx, with modules!
Extending functionality in nginx, with modules!Extending functionality in nginx, with modules!
Extending functionality in nginx, with modules!
 
Basics of NGINX
Basics of NGINXBasics of NGINX
Basics of NGINX
 
Consul scale
Consul scaleConsul scale
Consul scale
 
HLS WWDC2020
HLS WWDC2020HLS WWDC2020
HLS WWDC2020
 
Nginx
NginxNginx
Nginx
 
HTTP Request Smuggling
HTTP Request SmugglingHTTP Request Smuggling
HTTP Request Smuggling
 
Http smuggling 1 200523064027
Http smuggling 1 200523064027Http smuggling 1 200523064027
Http smuggling 1 200523064027
 
Maximizing PHP Performance with NGINX
Maximizing PHP Performance with NGINXMaximizing PHP Performance with NGINX
Maximizing PHP Performance with NGINX
 
Nginx - Tips and Tricks.
Nginx - Tips and Tricks.Nginx - Tips and Tricks.
Nginx - Tips and Tricks.
 
Load Balancing with HAproxy
Load Balancing with HAproxyLoad Balancing with HAproxy
Load Balancing with HAproxy
 
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTPAltitude SF 2017: QUIC - A low-latency secure transport for HTTP
Altitude SF 2017: QUIC - A low-latency secure transport for HTTP
 
Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...
Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...
Как сделать высоконагруженный сервис, не зная количество нагрузки / Олег Обле...
 
Donatas Mažionis, Building low latency web APIs
Donatas Mažionis, Building low latency web APIsDonatas Mažionis, Building low latency web APIs
Donatas Mažionis, Building low latency web APIs
 
Using HAProxy to Scale MySQL
Using HAProxy to Scale MySQLUsing HAProxy to Scale MySQL
Using HAProxy to Scale MySQL
 
QUIC
QUICQUIC
QUIC
 
HAProxy tech talk
HAProxy tech talkHAProxy tech talk
HAProxy tech talk
 
Troubleshooting RabbitMQ and services that use it
Troubleshooting RabbitMQ and services that use itTroubleshooting RabbitMQ and services that use it
Troubleshooting RabbitMQ and services that use it
 
What's New in NGINX Plus R12?
What's New in NGINX Plus R12? What's New in NGINX Plus R12?
What's New in NGINX Plus R12?
 
Ensuring Consistency in a Replicated World
Ensuring Consistency in a Replicated WorldEnsuring Consistency in a Replicated World
Ensuring Consistency in a Replicated World
 

Similar to Web - Resource Exhaustion Attacks

Stuart Larsen, attacking http2implementations-rev1
Stuart Larsen, attacking http2implementations-rev1Stuart Larsen, attacking http2implementations-rev1
Stuart Larsen, attacking http2implementations-rev1
PacSecJP
 
Comet: by pushing server data, we push the web forward
Comet: by pushing server data, we push the web forwardComet: by pushing server data, we push the web forward
Comet: by pushing server data, we push the web forward
NOLOH LLC.
 
Interactive web. O rly?
Interactive web. O rly?Interactive web. O rly?
Interactive web. O rly?
timbc
 

Similar to Web - Resource Exhaustion Attacks (20)

Http - All you need to know
Http - All you need to knowHttp - All you need to know
Http - All you need to know
 
Http2 in practice
Http2 in practiceHttp2 in practice
Http2 in practice
 
Woo: Writing a fast web server @ ELS2015
Woo: Writing a fast web server @ ELS2015Woo: Writing a fast web server @ ELS2015
Woo: Writing a fast web server @ ELS2015
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
 
computer networking
computer networkingcomputer networking
computer networking
 
Past, Present, and Future of Apache Storm
Past, Present, and Future of Apache StormPast, Present, and Future of Apache Storm
Past, Present, and Future of Apache Storm
 
HTTP/2 Prioritization
HTTP/2 PrioritizationHTTP/2 Prioritization
HTTP/2 Prioritization
 
Stuart Larsen, attacking http2implementations-rev1
Stuart Larsen, attacking http2implementations-rev1Stuart Larsen, attacking http2implementations-rev1
Stuart Larsen, attacking http2implementations-rev1
 
SPDY Talk
SPDY TalkSPDY Talk
SPDY Talk
 
Comet: by pushing server data, we push the web forward
Comet: by pushing server data, we push the web forwardComet: by pushing server data, we push the web forward
Comet: by pushing server data, we push the web forward
 
From Device to Data Center to Insights
From Device to Data Center to InsightsFrom Device to Data Center to Insights
From Device to Data Center to Insights
 
haproxy-150423120602-conversion-gate01.pdf
haproxy-150423120602-conversion-gate01.pdfhaproxy-150423120602-conversion-gate01.pdf
haproxy-150423120602-conversion-gate01.pdf
 
«Scrapy internals» Александр Сибиряков, Scrapinghub
«Scrapy internals» Александр Сибиряков, Scrapinghub«Scrapy internals» Александр Сибиряков, Scrapinghub
«Scrapy internals» Александр Сибиряков, Scrapinghub
 
EKON27-FrameworksTuning.pdf
EKON27-FrameworksTuning.pdfEKON27-FrameworksTuning.pdf
EKON27-FrameworksTuning.pdf
 
Web server for cbse 10 FIT
Web server for cbse 10 FITWeb server for cbse 10 FIT
Web server for cbse 10 FIT
 
Scalable Web Apps
Scalable Web AppsScalable Web Apps
Scalable Web Apps
 
Attacking http2 implementations (1)
Attacking http2 implementations (1)Attacking http2 implementations (1)
Attacking http2 implementations (1)
 
From Device to Data Center to Insights: Architectural Considerations for the ...
From Device to Data Center to Insights: Architectural Considerations for the ...From Device to Data Center to Insights: Architectural Considerations for the ...
From Device to Data Center to Insights: Architectural Considerations for the ...
 
Apache HTTPd Server 2.2 Presentation
Apache HTTPd Server 2.2 PresentationApache HTTPd Server 2.2 Presentation
Apache HTTPd Server 2.2 Presentation
 
Interactive web. O rly?
Interactive web. O rly?Interactive web. O rly?
Interactive web. O rly?
 

Recently uploaded

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 

Recently uploaded (20)

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 

Web - Resource Exhaustion Attacks

  • 1. Web Resource Exhaustion  Slow DoS Attacks
  • 2. Resource Exhaustion – Slow DOS Attacks  Goal of Attacker: • Exhaust pool of available TCP connections on server so that no new legitimate connections can be established  Types of Attacks: • Slow Header Attacks • Slow POST Attacks • Slow Read Attacks
  • 3. Slow Header Attacks  Sends HTTP headers very slowly and never completes the header send process.
  • 4. Slow Header Attacks  Tools • Slowloris (Pyloris, QSlowloris) • OWASP HTTP Post Tool • Slowhttptest  Who is Affected? • Any server that does not have HTTP header timeouts (notably Apache 1.x/2.x)  How to Mitigate • Web server settings (max conns, conns/IP, min bps/conn, max total transfer time) • Switch to non-affected web server (ex: IIS) • Reverse proxy / SLB device • CDNs – CDN edge nodes usually do not take action until all headers are read
  • 5. Slow POST Attacks  Sends HTTP POST body very slowly and never completes the POST body process.
  • 6. Slow POST Attacks  Tools • R-U-Dead-Yet (RUDY) • OWASP HTTP Post Tool • Slowhttptest  Who is Affected? • Any site that has forms (login, comments, feedback, etc.) and accepts HTTP POSTs  How to Mitigate • Set max POST body size of each form • Web server settings (max conns, conns/IP, min bps/conn, max total transfer time) • WAF
  • 7. WAF – Slow POST Additional Details  Inspection Buffer • Usually up to 8KB by default is inspected • If POST is larger than configured buffer, overrun content is uninspected and unmeasured  Best Practices • Increase buffer size if larger than 8KB POSTs are expected • Set max POST body size so that larger POSTs will be denied  Note: If max body size < buffer size then all content will be inspected
  • 8. Slow Read Attacks  Keeps server sockets busy by throttling down the receipt of large HTTP responses.
  • 9. Slow Read Attacks  Tools • Slowhttptest • Nkiller2 • Sockstress  Who is Affected? • Any TCP-based application  How to Mitigate • Web server settings (max conns, conns/IP, min bps/conn, max total transfer time) • WAF
  • 10. Resources • https://www.owasp.org/images/a/a6/Owasp_KS_slowDoS.pdf • http://media.blackhat.com/bh-dc- 11/Brennan/BlackHat_DC_2011_Brennan_Denial_Service- Slides.pdf • http://vimeo.com/7618090 (Defcon Slowloris video) • http://blog.spiderlabs.com/2011/07/advanced-topic-of-the- week-mitigating-slow-http-dos-attacks.html • https://en.wikipedia.org/wiki/Slowloris • https://community.qualys.com/blogs/securitylabs/2012/01/05/ slow-read