slowloris的等等,其他

| No Comments | No TrackBacks

啥叫DDOS? 某同学在内网测试并发2000个视频请求导致内网无法访问就是DDOS...

slowloris的流量消耗相比洪水DDOS来说低了不少,但是有点出乎我意料的少, retry5秒 10k并发才200Kbits/s的均速, 难怪通过Tor主机也能攻击, 我用slowloris测试攻击内网的的Dell1950纯属浪费,  或许应该找几个真实的生产服务器试试slowloris的效果?

curl看了几个有名的站,不是IIS+squid就是Nginx,后面还负载均衡..., 这年头谁用lone Apache啊...

===============================

It basically uses a concept of keeping an HTTP session alive indefinitely (or as long as possible) and repeating that process a few hundred times

rfc2616上没有说是header上做手脚怎么样怎么样的,一贯遵循rfc的IIS,我人肉telnet模拟了一下slowloris的发包,发了个X-a:b 之后再怎么CRLF也拿不到数据了, 也没有发现IIS会主动断掉或者怎么样的, 果然是搞不清IIS的实现...这或许是闭源的好处? 有时候看看IIS的实现也是个不错的事情(1, 2)

下面是解决办法:

Apache HTTP DoS tool mitigation

Mitigating the Slowloris HTTP DoS Attack

其实slowloris的这个方法有点老了, 大概在2000年就有人用了? 当然这个攻击的技术含量没法跟人家低速洪水攻击10cent的路由器比。

 

No TrackBacks

TrackBack URL: http://blog.suchasplus.com/mt/mt-tb.cgi/236

Leave a comment

About this Entry

This page contains a single entry by suchasplus published on June 24, 2009 9:01 PM.

Apache和Squid的末日? -- 试用Slowloris HTTP DoS was the previous entry in this blog.

putty/pietty使用PublicKey登录openSSH is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.2.7