Attack: Slowloris

Attack: Slowloris

The Slowloris Attack: Low and Slow

The Slowloris DDoS attack has emerged as a silent yet formidable challenge for businesses. This sophisticated form of cyber assault, unlike its more blatant counterparts, operates under the radar, exploiting the very mechanics that keep web servers running to incapacitate them.

Understanding the Slowloris Attack

The Slowloris technique involves sending partial HTTP or HTTPS requests to a target server, which keeps the connections open by not completing them. This seemingly innocuous activity slowly but surely exhausts the server's resources, preventing legitimate requests from being processed and potentially leading to a complete server shutdown​.

Why Slowloris Attacks Are Different

What sets Slowloris apart from traditional DDoS attacks is its low-and-slow approach. It doesn't bombard the server with traffic but instead preys on the server’s limits for open connections. This makes Slowloris particularly hard to detect, as it operates within the normal bounds of server activity, slipping past conventional cybersecurity defenses unnoticed.

Recent News Highlights

Although specifics about recent Slowloris attacks are not openly detailed in the news due to security reasons, there has been a notable rise in DDoS attacks across the board. In India, a report by Indusface highlighted that 5 million DDoS requests were being blocked every day on a sampling of 1400 websites during the later months of 2022. This statistic underlines the broader trend of increasing DDoS attacks, within which Slowloris is becoming a more common tool among cybercriminals​​​.

Mitigating the Threat

Defending against Slowloris requires specialized strategies. These include employing reverse proxies, limiting the number of connections per IP, reducing the maximum request duration, setting rate limits, and ensuring regular system and software updates. A specialized DDoS mitigation service, which offers bundled managed services integrating AI-driven technologies, can provide robust defense mechanisms against such nuanced threats​.

The Iranian Presidential Elections in 2009

One of the most famous uses of the Slowloris attack occurred during the 2009 Iranian presidential election protests. Activists used Slowloris to target Iranian government websites, intending to disrupt their online communication and control systems. This was significant because the attack required relatively low bandwidth, which was crucial given the country's internet infrastructure at the time, which would have struggled under more bandwidth-intensive attack methods. The choice of Slowloris allowed the attackers to maximize impact while minimizing the risk of collateral damage to Iran's broader network, which was being used by both the government and the protesters to communicate

Related Articles: