11/29/2010
04:45 PM
Connect Directly
Twitter
RSS
E-Mail

Slide Show: DDoS With The Slow HTTP POST Attack

Researchers demonstrate attack that picks on inherent flaw in HTTP




The HTTP POST Attack presentation at OWASP 2010 Application Security Conference.




Web server vendors don't consider this an actual vulnerability.


How the HTTP POST attack works.


The "content-length" field in the HTTP header alerts the Web server the size of the message body.


But the HTTP message body is sent at a slow rate, such as one byte per 110 seconds.


Sample code simulating a HTTP POST DDoS attack.




Sample code simulating an HTTP POST DDoS attack. (con'd)


Sample code simulating an HTTP POST DDoS attack. (con'd)


Why the HTTP POST attack works.


Why the HTTP POST attack works. (con'd)


How different Web servers fare in this attack.




It took only 20,000 HTTP POST connections to DDoS IIS in this configuration.


Layer 7 botnet attacks could replace Layer 4-based ones in botnets in the next few years.


Possible defenses for this attack.


Limiting the size of a POST request or establishing a "speed floor" are some potential mitigation methods.


But many of these defenses can either be defeated or pose other limitations.

 

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service