Hello, I think that it should be possible to write some form of signature to detect this without actually performing a DoS. First , it should be mentions that the check would not determine the specific vulnerable application but the underlying architecture issue.
To summarize the attack (please correct me if I'm wrong!): Create a sufficiently large number of open HTTP connections to saturate the connection pool. This results in the DoS condition (until connections time out). This is not a TCP/IP layer attack but an application layer attack. If one was able to open (and keep open) a safe number of connections for a specified threshold, one may be able to determine the existence of the flaw. This would require additional testing and research of course. Jeremy On Fri, Jun 26, 2009 at 5:54 PM, Andres Riancho <[email protected]>wrote: > Carlos, > > On Fri, Jun 26, 2009 at 6:17 PM, Carlos perez<[email protected]> > wrote: > > Slowloris is part of the architecture of apache not a bug so the only way > to > > check if an admin took preventive measures for his specific environent > would > > be to check the apache.conf file > > But if the admin took preventive measures, can't I test it using black box? > > > Sent from my iPhone > > > > On Jun 26, 2009, at 3:25 PM, Andres Riancho <[email protected]> > > wrote: > > > >> List, > >> > >> Does anyone know if it's possible to test for the ""slowris > >> vulnerability"" [0] without DoS'ing the web server? I was thinking > >> that if that was possible, we could add it to w3af. Someone already > >> did something in python [1], so it shouldn't be hard to add it to > >> w3af. > >> > >> [0] http://ha.ckers.org/slowloris/ > >> [1] > http://motomastyle.com/pyloris-a-python-implementation-of-slowloris/ > >> > >> Cheers, > >> -- > >> Andrés Riancho > >> Founder, Bonsai - Information Security > >> http://www.bonsai-sec.com/ > >> http://w3af.sf.net/ > >> > >> > >> > ------------------------------------------------------------------------------ > >> _______________________________________________ > >> W3af-users mailing list > >> [email protected] > >> https://lists.sourceforge.net/lists/listinfo/w3af-users > > > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > > > ------------------------------------------------------------------------------ > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users >
------------------------------------------------------------------------------
_______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
