Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] http-slowloris, check if a webserver is prone to the Slowloris DoS attack
From: Gutek <ange.gutek () gmail com>
Date: Sun, 22 May 2011 23:35:29 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 22/05/2011 16:27, Toni Ruottu a écrit :
Can we/did you do performance testing to compare this with original
slowloris? Maybe just running both a couple of times against the same
target, and comparing the times, would do.

Hard to say. Besides they obviousy share the same core principle, they
work differently mainly because of the monitoring function in the nse
version.
This monitoring function aims to stop the attack when it seems to be
successfull but it doesn't give the exact moment the webserver is down:
it's a matter of timeouts and sockets dying. The original perl script is
blind and attacks "forever".

The original perl script also proposes some "expert" tuning options that
are not implemented in the nse (delay between concurrent connections,
timeout measurement to feed "on the edge" during the attack, etc.).
Against specific targets they make the original script obviously more
efficient, but I think a nse script doesn't need them : we are in the
case where a proper third party tool is better than a complex nmap
command line with a bunch of script-args.

If I would have to give a comparison, I would say that, like most of the
nse scripts, the original tool is better for a specific attack and the
nse version is more usefull to test and report a potential issue.

A.G.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk3ZgaEACgkQ3aDTTO0ha7iRrQCeIuvmuJ5ac9eysZykw3rpFIBX
du8An099VpuQbFLXrTsKdfKSnw2e33m4
=yjvq
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]