> Explanation of Attack:
This exploits a weakness in the HTTP services: Apache, dhttp and Goahead web server and only works if DNS and HTTP loadbalancing is not found. It generates traffic at a slow rate, hence making it very difficult for anti-DOS mitigation systems to detect it. It works by sending packets without the termination sequence, hence making the server to allocate more resources to attempt to terminate the sequence. Interesting fact is that this type of attack was able to shutdown WikiLeaks with just 10Gbps.
> Lab and Requirements:
A linux distribution, for this it will be Kali.
Some knowledge of dosing/ddosing attack to grasp the information presented.
Firstly, let's download slowloris, you may do so by typing:
git clone https://github.com/llaera/slowloris.pl/blob/master/slowloris.pl
Now you'll need to give it permissions by typing:
chmod +x slowloris.pl
Now, before we attempt to attack the server, we need to know if it's vulnerable, let's first check if DNS or HTTP loadbalancing is found:
lbd <sites address>Note: This will take some time, so calm your tits and don't rage.
Now if it states at the end load-balancing was not found, it means success, it doesn't use it. Now, if you see in the scanning it says what HTTP service it is using. If it is using either Apache, dhttp or Goahead, it is fully vulnerable to the attack. Services like ngnix are unfortunately not vulnerable.
Now that we've found out the server is vulnerable, let's attack it. Firstly, just test if slowloris works by typing:
./slowloris.plIf a picture of the slowloris animal (from South Asia) appears in ASCII, it works. Now to stress the site, we need to input the following:
./slowloris.pl -dns <Site's IP> -port <port, usually 80> -num <usually 500 - 2000 works fine> -timeout 1
Now the it should be building sockets, if the site is small it should be taken down in seconds, if it is hosted on decent servers, it could take up to minutes. You may check if the site is down by either refreshing it or go to isitup.org and checking there.
