On Jun 26, 2009, at 7:51 PM, Jeremy Richards wrote: > Hello, > > I think that it should be possible to write some form of signature > to detect this without actually performing a DoS. First , it should > be mentions that the check would not determine the specific > vulnerable application but the underlying architecture issue. > > To summarize the attack (please correct me if I'm wrong!): > Create a sufficiently large number of open HTTP connections to > saturate the connection pool. This results in the DoS condition > (until connections time out). This is not a TCP/IP layer attack but > an application layer attack. > > If one was able to open (and keep open) a safe number of connections > for a specified threshold, one may be able to determine the > existence of the flaw. This would require additional testing and > research of course. >
This is rather interesting possibility, the only question I have is, how can you tell that your session is still 'active' if you are not communicating with it at all? > Jeremy > > > > On Fri, Jun 26, 2009 at 5:54 PM, Andres Riancho <[email protected] > > wrote: > Carlos, > > On Fri, Jun 26, 2009 at 6:17 PM, Carlos perez<[email protected]> > wrote: > > Slowloris is part of the architecture of apache not a bug so the > only way to > > check if an admin took preventive measures for his specific > environent would > > be to check the apache.conf file > > But if the admin took preventive measures, can't I test it using > black box? > > > Sent from my iPhone > > > > On Jun 26, 2009, at 3:25 PM, Andres Riancho <[email protected] > > > > wrote: > > > >> List, > >> > >> Does anyone know if it's possible to test for the ""slowris > >> vulnerability"" [0] without DoS'ing the web server? I was thinking > >> that if that was possible, we could add it to w3af. Someone already > >> did something in python [1], so it shouldn't be hard to add it to > >> w3af. > >> > >> [0] http://ha.ckers.org/slowloris/ > >> [1] http://motomastyle.com/pyloris-a-python-implementation-of-slowloris/ > >> > >> Cheers, > >> -- > >> Andrés Riancho > >> Founder, Bonsai - Information Security > >> http://www.bonsai-sec.com/ > >> http://w3af.sf.net/ > >> > >> > >> > ------------------------------------------------------------------------------ > >> _______________________________________________ > >> W3af-users mailing list > >> [email protected] > >> https://lists.sourceforge.net/lists/listinfo/w3af-users > > > > > > -- > Andrés Riancho > Founder, Bonsai - Information Security > http://www.bonsai-sec.com/ > http://w3af.sf.net/ > > ------------------------------------------------------------------------------ > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > > ------------------------------------------------------------------------------ > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users ------------------------------------------------------------------------------ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
