Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: Prevent slowloris Attack  (Read 2636 times)

0 Members and 1 Guest are viewing this topic.

rohitj

  • Guest
Prevent slowloris Attack
« on: October 26, 2013, 05:07:56 pm »
Prevent Slowloris Attack

Slowloris allows a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports.
Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to—but never completing—the request. Affected servers will keep these connections open, filling their maximum concurrent connection pool, eventually denying additional connection attempts from clients.

You can use the following command to prevent the attack in iptables.

=========
iptables -A INPUT -p tcp –syn –dport 80 -m connlimit –connlimit-above 100 -j DROP
=========


 ;)