-
January 23rd, 2012, 02:46 PM
#1
Slow motion Dos attacks!
Hi guys,
A little heads up if you havent seen this. Apparently there is a proof of concept for a new type of DOS attack. From what I understand it works by opening a TCP connection then sending no free buffer packet to the server. This blocks the server connection open as it will then send ACK packets waitiing for the buffer to clear. Here is a link to the story :
http://mybroadband.co.za/news/quick-...to-detect.html
Any one have a take on this?
cheers
Muracu
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
January 23rd, 2012, 10:22 PM
#2
As this says
Shekyan said in his post about the tool that this type of attack could be prevented by setting up rules in the Web server's configuration that refuse connections from clients with abnormally small data window settings, and limit the lifetime of an individual request.
Anyhow, surely your HIPS system would pick this up.
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
Albert Einstein
-
January 24th, 2012, 03:31 AM
#3
I'm pretty sure you could test this out using Hping or IPSorcery; Two tools I've been using and swear by, for a long time now.
I don't know if there are versions for Windows so I can't give any info about that. Basically they are packet creation tools to make your own packets.
-
January 24th, 2012, 12:25 PM
#4
Here is Sergey Shekyan blog with the POC.
https://community.qualys.com/blogs/s...1/05/slow-read
Effectively once the attack is known it seems easy enought block. I doubt if your HIS would pick it up by default as it uses very low traffic to perform the DOS and it is a new attack type. Still it will be interesting to see it this evolves and starts poping up in the wild.
edit :
Link to the TCP vulnerabilty exploited :
http://www.kb.cert.org/vuls/id/723308
Last edited by MURACU; January 24th, 2012 at 12:34 PM.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
Similar Threads
-
By qod in forum The Security Tutorials Forum
Replies: 6
Last Post: February 27th, 2004, 03:03 AM
-
By qod in forum The Security Tutorials Forum
Replies: 18
Last Post: January 5th, 2004, 02:30 PM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By NullDevice in forum The Security Tutorials Forum
Replies: 21
Last Post: December 17th, 2003, 10:03 PM
-
By Striek in forum The Security Tutorials Forum
Replies: 10
Last Post: December 16th, 2003, 09:30 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|