Denial of Service

=Found this sample, haven't test it yet=


 * source: http://www.securitytube.net/video/6547
 * youtube vide: http://www.youtube.com/watch?v=lYQFF4Ki8_s&feature=youtu.be

Description: This Tutorials shows, how you can easily take out an Apache Webserver with one HTTP POST Tool using a std. slow DSL Connection.

This is NO Slowloris Attack!

Limitations of HTTP GET DDOS attack:

- Does not work on IIS web servers or web servers with timeout limits for HTTP headers.

- Easily defensible using popular load balancers, such as F5 and Cisco, reverse proxies and certain Apache modules, such as mod_antiloris.

- Anti-DDOS systems may use "delayed binding"/"TCP Splicing" to defend against HTTP GET attacks.

Why HTTP POST DDOS attack works

- This attack can evade Layer 4 detection techniques as there is no malformed TCP, just like Slowloris.

- Unlike Slowloris, there is no delay in sending HTTP Header, hence nullifying IIS built-in defense, making IIS vulnerable too.

- Size, character sets and time intervals can be randomised to foil any recognition of Layer 7 traffic patterns by DDOS protection systems.

- Difficult to differentiate from legit connections which are slow Tags: OWASP, DoS , Apache , Attack , Http Post , Latest from the SecurityTube Blog:

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying. Original Source: http://www.youtube.com/watch?v=lYQFF4Ki8_s&feature=youtu.be