summaryrefslogtreecommitdiff
path: root/network/slowhttptest
diff options
context:
space:
mode:
Diffstat (limited to 'network/slowhttptest')
-rw-r--r--network/slowhttptest/README46
1 files changed, 29 insertions, 17 deletions
diff --git a/network/slowhttptest/README b/network/slowhttptest/README
index 9d1a6bf83a..61eaf15d50 100644
--- a/network/slowhttptest/README
+++ b/network/slowhttptest/README
@@ -1,21 +1,33 @@
-SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks.
-It works on majority of Linux platforms, OSX and Cygwin - a Unix-like environment and command-line interface
-for Microsoft Windows.
+slowhttptest (stress testing tool/DoS simulator)
-It implements most common low-bandwidth Application Layer DoS attacks, such as slowloris, Slow HTTP POST,
-Slow Read attack (based on TCP persist timer exploit) by draining concurrent connections pool, as well
-as Apache Range Header attack by causing very significant memory and CPU usage on the server.
+SlowHTTPTest is a highly configurable tool that simulates some Application
+Layer Denial of Service attacks. It works on majority of Linux platforms,
+OSX and Cygwin - a Unix-like environment and command-line interface for
+Microsoft Windows.
-Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires
-requests to be completely received by the server before they are processed. If an HTTP request is not
-complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the
-rest of the data. If the server keeps too many resources busy, this creates a denial of service.
-This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server.
+It implements most common low-bandwidth Application Layer DoS attacks,
+such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist
+timer exploit) by draining concurrent connections pool, as well as Apache
+Range Header attack by causing very significant memory and CPU usage on
+the server.
-Slow Read DoS attack aims the same resources as slowloris and slow POST, but instead of prolonging
-the request, it sends legitimate HTTP request and reads the response slowly.
+Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP
+protocol, by design, requires requests to be completely received by the
+server before they are processed. If an HTTP request is not complete,
+or if the transfer rate is very low, the server keeps its resources busy
+waiting for the rest of the data. If the server keeps too many resources
+busy, this creates a denial of service.
-DISCLAIMER: Keep in mind that slowhttptest is of little use as a script kiddie tool. It cannot
-be pointed blindly at arbitrary targets, like e.g. LOIC. Rather, where it excels is in its
-breadth of attack options, high customizability and its in-depth analytics. As such, it will be
-mostly useful for server administrators trying to stress test their systems.
+This tool is sending partial HTTP requests, trying to get denial of
+service from target HTTP server.
+
+Slow Read DoS attack aims the same resources as slowloris and slow POST,
+but instead of prolonging the request, it sends legitimate HTTP request
+and reads the response slowly.
+
+DISCLAIMER: Keep in mind that slowhttptest is of little use as a
+script kiddie tool. It cannot be pointed blindly at arbitrary targets,
+like e.g. LOIC. Rather, where it excels is in its breadth of attack
+options, high customizability and its in-depth analytics. As such, it
+will be mostly useful for server administrators trying to stress test
+their systems.