Slide Show: DDoS With The Slow HTTP POST Attack
Researchers demonstrate attack that picks on inherent flaw in HTTP
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltc94608acf452fd67/655cf371ab171e040a838b2a/329050_DR23_Graphics_Website_V5_Default_Image_v1.png?width=700&auto=webp&quality=80&disable=upscale)
The HTTP POST Attack presentation at OWASP 2010 Application Security Conference.
Web server vendors don't consider this an actual vulnerability.
How the HTTP POST attack works.
The "content-length" field in the HTTP header alerts the Web server the size of the message body.
But the HTTP message body is sent at a slow rate, such as one byte per 110 seconds.
Sample code simulating a HTTP POST DDoS attack.
Sample code simulating an HTTP POST DDoS attack. (con'd)
Sample code simulating an HTTP POST DDoS attack. (con'd)
Why the HTTP POST attack works.
Why the HTTP POST attack works. (con'd)
How different Web servers fare in this attack.
It took only 20,000 HTTP POST connections to DDoS IIS in this configuration.
Layer 7 botnet attacks could replace Layer 4-based ones in botnets in the next few years.
Possible defenses for this attack.
Limiting the size of a POST request or establishing a "speed floor" are some potential mitigation methods.
But many of these defenses can either be defeated or pose other limitations.
But many of these defenses can either be defeated or pose other limitations.
But many of these defenses can either be defeated or pose other limitations.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024