HOME

TheInfoList



Click Here for Items Related To - Slow DoS Attack
OR:
Slow DoS Attack on:   [Wikipedia]   [Google]   [Amazon]

The term slow DoS attack (SDA) was introduced in 2013, to clearly define a specific category of
denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host co ...
s which make use of low-bandwidth rate to accomplish their purpose. Similar terms can be found in literature, such as: * application layer DoS, focusing on attacks targeting the application layer only, while a slow DoS attack may exploit lower-layers of the ISO/OSI stack * low-rate DoS, focusing on the characteristics of using a limited amount of attack bandwidth, hence, for instance, including also exploit-based threats Particularly, in order to reduce bandwidth, a slow DoS attack often acts at the application layer of the ISO/OSI stack (e.g. in case of ''timeout exploiting'' threatsCambiaso, Enrico; Papaleo, Gianluca; Chiola, Giovanni; Aiello, Maurizio (2015). "Designing and modeling the slow next DoS attack". ''Computational Intelligence in Security for Information Systems Conference (CISIS 2015)''. 249-259. Springer.), although this is not a requirement. Such layer is however easier to exploit in order to successfully attack a victim even by sending it a few bytes of malicious requests. The purpose of a slow DoS attack is (often, but not always) to cause unavailability of a network service, by seizing all the connections the
daemon A demon is a malevolent supernatural being, evil spirit or fiend in religion, occultism, literature, fiction, mythology and folklore. Demon, daemon or dæmon may also refer to: Entertainment Fictional entities * Daemon (G.I. Joe), a character ...
is able to concurrently manage, at the application layer. Under such conditions, any new incoming connection, even from potentially legitimate clients, will not be accepted by the daemon, hence leading to a denial of service. In addition, once a connection is established/sized by the attacker, the adversary would keep it alive as long as possible (hence, avoiding connection closures, which could potentially free-up resources for legitimate clients). In order to keep connections alive, reducing at the same time the attack bandwidth, considering a single connection, data are sent to the target service only at specific times, by exploiting the so-called ''Wait Timeout'' parameter, scheduling a periodic data sending activity (at the application layer): once the timeout expires, a specific
payload Payload is the object or the entity that is being carried by an aircraft or launch vehicle. Sometimes payload also refers to the carrying capacity of an aircraft or launch vehicle, usually measured in terms of weight. Depending on the nature of t ...
(depending on the attack type and the approach used by the malicious user) is sent to the targeted daemon. While at lower layers of the ISO/OSI stack, timeouts may be relatively short, in this case, it may assume particularly long values, in the order of minutes.


Exploited parameters

According to Cambiaso et al, slow DoS attacks exploit one or more parameters characteristics of TCP-based connections. Such parameters are exploited to keep connections alive longer than expected by preserving the attack bandwidth, hence seizing the
server Server may refer to: Computing *Server (computing), a computer program or a device that provides requested information for other programs or devices, called clients. Role * Waiting staff, those who work at a restaurant or a bar attending custome ...
resources for long times, by at the same time reducing attack resources.


See also

*
Slowloris (computer security) Slowloris is a type of denial of service attack tool which allows a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports. Slowloris tries to keep many connections to t ...
* SlowDroid *
Trinoo The trinoo or trin00 is a set of computer programs to conduct a DDoS attack. It is believed that trinoo networks have been set up on thousands of systems on the Internet that have been compromised by remote buffer overrun exploits. The first sus ...
*
Stacheldraht Stacheldraht (German for "barbed wire") is malware which performs a distributed denial-of-service (DDoS) attack. It was written by "Thomas Stacheldraht", a member of the Austrian hacker group TESO. It was first released in 1999. Stacheldraht us ...
*
Denial of service In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host co ...
*
LAND Land, also known as dry land, ground, or earth, is the solid terrestrial surface of Earth not submerged by the ocean or another body of water. It makes up 29.2% of Earth's surface and includes all continents and islands. Earth's land sur ...
*
Low Orbit Ion Cannon Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and denial-of-service attack application written in C#. LOIC was initially developed by Praetox Technologies, however it was later released into the public domain and is cur ...
*
High Orbit Ion Cannon High Orbit Ion Cannon (HOIC) is an open-source network stress testing and denial-of-service attack application designed to attack as many as 256 URLs at the same time. It was designed to replace the Low Orbit Ion Cannon which was developed by Pr ...


References

{{Reflist Denial-of-service attacks