diff options
Diffstat (limited to 'network/slowhttptest')
-rw-r--r-- | network/slowhttptest/README | 46 |
1 files changed, 29 insertions, 17 deletions
diff --git a/network/slowhttptest/README b/network/slowhttptest/README index 9d1a6bf83a..61eaf15d50 100644 --- a/network/slowhttptest/README +++ b/network/slowhttptest/README @@ -1,21 +1,33 @@ -SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks. -It works on majority of Linux platforms, OSX and Cygwin - a Unix-like environment and command-line interface -for Microsoft Windows. +slowhttptest (stress testing tool/DoS simulator) -It implements most common low-bandwidth Application Layer DoS attacks, such as slowloris, Slow HTTP POST, -Slow Read attack (based on TCP persist timer exploit) by draining concurrent connections pool, as well -as Apache Range Header attack by causing very significant memory and CPU usage on the server. +SlowHTTPTest is a highly configurable tool that simulates some Application +Layer Denial of Service attacks. It works on majority of Linux platforms, +OSX and Cygwin - a Unix-like environment and command-line interface for +Microsoft Windows. -Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires -requests to be completely received by the server before they are processed. If an HTTP request is not -complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the -rest of the data. If the server keeps too many resources busy, this creates a denial of service. -This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server. +It implements most common low-bandwidth Application Layer DoS attacks, +such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist +timer exploit) by draining concurrent connections pool, as well as Apache +Range Header attack by causing very significant memory and CPU usage on +the server. -Slow Read DoS attack aims the same resources as slowloris and slow POST, but instead of prolonging -the request, it sends legitimate HTTP request and reads the response slowly. +Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP +protocol, by design, requires requests to be completely received by the +server before they are processed. If an HTTP request is not complete, +or if the transfer rate is very low, the server keeps its resources busy +waiting for the rest of the data. If the server keeps too many resources +busy, this creates a denial of service. -DISCLAIMER: Keep in mind that slowhttptest is of little use as a script kiddie tool. It cannot -be pointed blindly at arbitrary targets, like e.g. LOIC. Rather, where it excels is in its -breadth of attack options, high customizability and its in-depth analytics. As such, it will be -mostly useful for server administrators trying to stress test their systems. +This tool is sending partial HTTP requests, trying to get denial of +service from target HTTP server. + +Slow Read DoS attack aims the same resources as slowloris and slow POST, +but instead of prolonging the request, it sends legitimate HTTP request +and reads the response slowly. + +DISCLAIMER: Keep in mind that slowhttptest is of little use as a +script kiddie tool. It cannot be pointed blindly at arbitrary targets, +like e.g. LOIC. Rather, where it excels is in its breadth of attack +options, high customizability and its in-depth analytics. As such, it +will be mostly useful for server administrators trying to stress test +their systems. |