Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Thu, 14 Apr 2011 19:31:06 +0300

Also, you mention some todo items in the comments. Are these still
relevant. Do you just want some light testing and feedback before
final polish, or is this still more like an early prototype?

You are saying that performing the attack takes a long time. Slowloris
site links a video where Sam Bowne demonstrates the attack in front of
live audience, and it takes seconds rather than days. Is the nmap
script different, or is it a server-side thing?

I am just asking these additional questions, so we could look at this
more efficiently while you are away. Have a good time abroad.

On Thu, Apr 14, 2011 at 7:08 PM, Gutek <ange.gutek () gmail com> wrote:
Hash: SHA1

Le 14/04/2011 17:41, Toni Ruottu a écrit :
Also, I wonder if the script should use verbose output instead of
debugging output.

On Sun, Apr 10, 2011 at 5:44 PM, Toni Ruottu <toni.ruottu () iki fi> wrote:
I would change the output to something like

 | http-slowloris:
 |   Vulnerable
 |   The DoS attack took +3m40s
 |   with 32 concurrent connections
 |_  and 66 sent queries

Thanks Toni for your suggestions. Unfortunately I'll be abroad for a
week, but I will apply those remarks asap. Any other ideas during this
week are also welcome.

Thanks again and regards,


Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/


Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]