Slowloris HTTP denial of service

posted Jun 17th 2009 3:42pm by Zach Banks
filed under: misc hacks, security hacks

[RSnake] has developed a denial of service technique that can take down servers more effectively. Traditionally, performing a denial of service attack entailed sending thousands of requests to a server, these requests needlessly tie up resources until the server fails. This repetitive attack requires the requests to happen in quick succession, and is usually a distributed effort. However, [RSnake]’s new technique has a client open several HTTP sessions and keeps them open for as long as possible. Most servers are configured to handle only a set number of connections; the infinite sessions prevent legitimate requests from being handled, shutting down the site. This vulnerability is present on webservers that use threading, such as Apache.

A positive side effect of the hack is that the server does not crash, only the HTTP server is affected. His example perl implementation, slowloris, is able to take down an average website using only one computer. Once the attack stops, the website will come back online immediately.

Update: Reader [Motoma] sent in a python implementation of slowloris called pyloris

[photo: cutebreak]

Microsoft’s data centers growing by the truckload

posted Aug 21st 2008 11:22am by Kimberly Lau
filed under: pcs hacks

The growing demands of Microsoft’s core customers necessitate dramatic alterations in the way Microsoft’s data centers are set up. Before their server racks were replaced one at a time, Microsoft’s new solution to server management is to truck in servers in sealed shipping containers and set them up without even taking them out. If a core number of servers start to fail within the shipping container it is removed, returned to the manufacturer, and replaced. This strategy helps Microsoft manage the desires of its consumer base for search, video, photo services and other services provided under the Microsoft Online umbrella. Although Microsoft’s method of server management makes the process of running data centers more efficient, thereby saving costs and power, Microsoft still has to contend with old networking protocols. It’s counting on the industry to innovate in these areas.

[via Boing Boing]

Read




Hack a Day serves up fresh hacks each day, every day from around the web and a special How-To hack each week.

Send us your hacks