<\/span><\/h4>\nThe problem with such settings as timeouts is that most default values do not work for every application.\u00a0Site A may produce millions of small static images, while Site B uses a rich dynamic framework for all content, and sites C to Z are not really sure what they’re doing.\u00a0But what the hell, the web server works so well, so why care about the default values?\u00a0Also, the Linux distributors barely change the default settings on delivered packages, because that would be a hell of a lot of work.\u00a0So most of the time the end user has to trust the software project to choose the presets – after all, the programmers understand their software best.\u00a0That’s why you’re running a web server,<\/p>\n
In this case, the web server stops working very quickly.\u00a0That is, it still works, but it is severely limited in its ability to act.\u00a0If the handling of 1000 requests does not mean much effort, the server may no longer have a resource to answer legitimate requests.\u00a0Malicious people can use this situation for an attack from a single computer that does not even have to have a particularly fast network connection.\u00a0Cracker tools like Slowloris are still helping him<\/p>\n
You could just limit the number of connections for an IP address or a certain range.\u00a0However, this is bad when clients are behind a proxy, because then all appear on the server with the same address.\u00a0The difficulty for the admin is finding a number that averts damage from the server but does not hinder legitimate users.<\/p>\n
A generic approach to such a limit is using the rate limit of IPTables, which is also applicable to individual ports.\u00a0This makes it possible to set the maximum number of connections in a given period of time.\u00a0The following instructions allow a maximum of five connections in 60 seconds.\u00a0In the sixth and the following, IPTables discards the data packets, causing the client to continue trying.\u00a0When an earlier connection is closed, the rule allows a new one.<\/p>\n
iptables -I INPUT -p tcp --dport 80 -m state\u21a9\r\n --state NEW -m recent --set\r\niptables -I INPUT -p tcp --dport 80 -m state\u21a9\r\n --state NEW -m recent --update --seconds 60\u21a9\r\n --hitcount 6 -y DROP<\/pre>\nAn attacker who really wants it will probably use multiple botnet computers, but at least you can make life a little harder for him.<\/p>\n
The simplest method against Slowlor Attack is to set the ”\u00a0TimeOut<\/code>” of its default value 300 to five seconds.\u00a0To prevent the abuse of HTTP Keepalive, you can turn it off by setting \u00bb\u00a0KeepAlive<\/code>\u00ab to \u00bb\u00a0off<\/code>\u00ab.\u00a0None of these measures provides complete immunity, especially against invaders with a lot of resources, but mostly they help\u00a0.\u00a0Incidentally, not only Apache is affected by the Slowlor attack, but also the Squid proxy and some other web servers.<\/p>\n<\/span>Long-term protection<\/span><\/h4>\nEven if complete security against denial-of-service attacks is not possible.\u00a0You can set up systems that survive minor attacks and at least drive the effort for attackers upwards.\u00a0In the long term, the best solution seems to be to build in smart protection directly into the applications and, above all, to allow them to dynamically adjust their settings themselves.\u00a0So they could reduce the connection timeout if they receive more requests, or simply cut off connections to slow clients.\u00a0In this way, applications would not only survive denial-of-service attacks, but would generally be better equipped for heavy load.<\/p>\n
An example of this is the Apache patch by Andreas Krennmair, which arms the web server against Slowlaris attacks.\u00a0It monitors the web server load using the Apache scoreboard.\u00a0When the load goes up, it adjusts the timeout value: at 60 percent it halves the timeout, at 70 percent it halves the timeout, and at 70 percent it halves the timeout, and so on.\u00a0Although quite simple, this patch is a good example of how to integrate some intelligence and “survival instinct” into software.\u00a0Unfortunately, the patch can not terminate existing connections, so an attacker with enough resources can still paralyze the server.<\/p>\n
<\/span>Costs and benefits<\/span><\/h4>\nThe irony of such attacks with extremely slow connections is that the server is not particularly stressed.\u00a0Legitimate clients can simply no longer establish connections because the connection pool of the web server is already exhausted.\u00a0If any are available again, the attacker will usually try to establish new connections before the legitimate clients.<\/p>\n
The benefit of countermeasures against attacks such as Slowlaris is that it also tends to increase a server’s ability to handle peak performance.\u00a0In this respect, this too has its good.<\/p>\n","protected":false},"excerpt":{"rendered":"
A little thought experiment: You want to write a web server, so program a socket-based server.\u00a0When a browser connects to it and requests a file, it delivers it, the client terminates the connection, and everyone is satisfied.\u00a0But then suddenly there is a bug report from someone whose web server is<\/p>\n","protected":false},"author":3,"featured_media":1297,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[5,3],"tags":[],"class_list":["post-1296","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase","category-tutorial-how-to"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2018\/01\/ddos-attack-ex-100695385-large.jpg?fit=699%2C474&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7ISfL-kU","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":214,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/secure-socket-layer-ssl\/","url_meta":{"origin":1296,"position":0},"title":"Secure Socket Layer (SSL)","author":"Daniel Draga","date":"July 30, 2016","format":false,"excerpt":"SSL stands for Secure Socket Layer. Secure Socket Layer (SSL) technology allows web browsers and web servers to communicate over a secure connection Originally developed by Netscape, SSL has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers. Responsible for the emergence\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/2.jpg?fit=376%2C286&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":218,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/introduction-to-server\/","url_meta":{"origin":1296,"position":1},"title":"INTRODUCTION TO SERVER","author":"Daniel Draga","date":"July 30, 2016","format":false,"excerpt":"Servers are the one that is responsible to provide response to each client\u2019s request simultaneously. A Server may be responsible to process a single request or more than one request at a time. \u00a0 A\u00a0server\u00a0is a system (software\u00a0and suitable\u00a0computer hardware) that responds to requests across a\u00a0computer network\u00a0to provide, or help\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/server-rack1.jpg?fit=1200%2C857&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/server-rack1.jpg?fit=1200%2C857&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/server-rack1.jpg?fit=1200%2C857&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/server-rack1.jpg?fit=1200%2C857&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/server-rack1.jpg?fit=1200%2C857&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":267,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/types-of-servers\/","url_meta":{"origin":1296,"position":2},"title":"Types Of Servers","author":"Daniel Draga","date":"July 30, 2016","format":false,"excerpt":"File Servers A file server may be dedicated or non-dedicated. \u00a0A dedicated server is designed specifically for use as a file server\u00a0 not for other database purposes. File servers may also be categorized by the method of access: Internet file servers are frequently accessed by File Transfer Protocol (FTP) or\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/ic-3.jpg?fit=940%2C500&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/ic-3.jpg?fit=940%2C500&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/ic-3.jpg?fit=940%2C500&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/07\/ic-3.jpg?fit=940%2C500&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":714,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/tips-to-make-your-server-secure\/","url_meta":{"origin":1296,"position":3},"title":"Tips To Make your Server Secure","author":"Daniel Draga","date":"October 21, 2016","format":false,"excerpt":"Use secure password \u2022 Insecure passwords are the most common security vulnerability. > Use minimum 8 character passwords with alphanumeric ,grammatical symbols, etc Never use a significant date and dictionary words. \u2022Secure SSH Move SSH access to a different port to deter anyone without specific knowledge of your server from\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/10\/secure-server.jpg?fit=504%2C260&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":1714,"url":"https:\/\/www.virtono.com\/community\/tutorial-how-to\/install-and-configure-proxy-server-on-centos-7-8-server-squid-proxy\/","url_meta":{"origin":1296,"position":4},"title":"Install and configure Proxy Server on Centos 7\/8 Server: Squid Proxy","author":"Shreyash Sharma","date":"June 16, 2020","format":false,"excerpt":"If you would like to read what are proxy servers and how they can benefit you, please refer: Click If you would like to buy a VPS to make your own Proxy Server along with this tutorial check out: Click Squid Proxy Little introduction about the proxy of the article:\u2026","rel":"","context":"In "Tutorials"","block_context":{"text":"Tutorials","link":"https:\/\/www.virtono.com\/community\/category\/tutorial-how-to\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2020\/06\/remote-denial-of-service-vulnerability-patched-in-squid-proxy-cache-server-523492-2.png?fit=1200%2C900&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2020\/06\/remote-denial-of-service-vulnerability-patched-in-squid-proxy-cache-server-523492-2.png?fit=1200%2C900&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2020\/06\/remote-denial-of-service-vulnerability-patched-in-squid-proxy-cache-server-523492-2.png?fit=1200%2C900&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2020\/06\/remote-denial-of-service-vulnerability-patched-in-squid-proxy-cache-server-523492-2.png?fit=1200%2C900&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2020\/06\/remote-denial-of-service-vulnerability-patched-in-squid-proxy-cache-server-523492-2.png?fit=1200%2C900&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":711,"url":"https:\/\/www.virtono.com\/community\/news-announcements\/web-servers-must-know-introduction\/","url_meta":{"origin":1296,"position":5},"title":"Web Servers : Must Know Introduction","author":"Daniel Draga","date":"October 21, 2016","format":false,"excerpt":"Web Server Definition A Web server is a program that generates and transmits responses to client requests for Web resources. \uf0a7 Handling a client request consists of several key steps: \uf0d8 Parsing the request message \uf0d8 Checking that the request is authorized \uf0d8 Associating the URL in the request with\u2026","rel":"","context":"In "Announcements"","block_context":{"text":"Announcements","link":"https:\/\/www.virtono.com\/community\/category\/news-announcements\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/10\/smtp-server.jpg?fit=1200%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/10\/smtp-server.jpg?fit=1200%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/10\/smtp-server.jpg?fit=1200%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/10\/smtp-server.jpg?fit=1200%2C800&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2016\/10\/smtp-server.jpg?fit=1200%2C800&ssl=1&resize=1050%2C600 3x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/1296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/comments?post=1296"}],"version-history":[{"count":1,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/1296\/revisions"}],"predecessor-version":[{"id":1298,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/1296\/revisions\/1298"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media\/1297"}],"wp:attachment":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media?parent=1296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/categories?post=1296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/tags?post=1296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}