perl

24 Articles

Slowloris HTTP Denial Of Service

June 17, 2009 by 40 Comments

[RSnake] has developed a denial of service technique that can take down servers more effectively. Traditionally, performing a denial of service attack entailed sending thousands of requests to a server, these requests needlessly tie up resources until the server fails. This repetitive attack requires the requests to happen in quick succession, and is usually a distributed effort. However, [RSnake]’s new technique has a client open several HTTP sessions and keeps them open for as long as possible. Most servers are configured to handle only a set number of connections; the infinite sessions prevent legitimate requests from being handled, shutting down the site. This vulnerability is present on webservers that use threading, such as Apache.

A positive side effect of the hack is that the server does not crash, only the HTTP server is affected. His example perl implementation, slowloris, is able to take down an average website using only one computer. Once the attack stops, the website will come back online immediately.

Update: Reader [Motoma] sent in a python implementation of slowloris called pyloris

[photo: cutebreak]

Twitter IRC Server, Tircd

January 5, 2009 by 22 Comments

tircd

tircd is an ircd proxy for talking to the Twitter API. It should work with any standard IRC client. After running the Perl script, you authenticate to the IRC server using your Twitter username as your /nick. Join the room #twitter and the /topic will be set to your last update. Any message you type will update Twitter and the room’s topic. All of the people you are following show up in the room as users and post messages as they tweet. If you private message one of them, it will become a direct message on Twitter. Other commands work too: /whois to get a person’s bio, /invite to start following, and /kick to unfollow. The project is brand new and will be added new features in the future like Search API support. Follow @tircd for updates.

Data Manipulation With Sprog

July 6, 2008 by 5 Comments


Linux Journal’s [Mike Diehl] pointed out an interesting tool for manipulating data: Sprog. Sprog lets you assemble machines to complete specific data processing tasks. You snap together gears that read input data, process the data in different ways, and then output the results. The input could be a file, URL, database query results, or even MIDI notes. For processing you could be matching patterns, selecting csv columns, converting to uppercase, or executing arbitrary Perl code amongst many other options. Finally the output could be shown in a text window, inserted into a database, written to a file, or sent to your spreadsheet application. Sprog’s site has a section for user uploaded gears and a recipe section for examples like this crossword puzzle solver. Everything Sprog does could be done with scripting, but this is a simple graphical tool that could help you solve a problem without having to know the gory machinery behind it.