From f7554fabdb40a8366702af43c22f8d2716afb82f Mon Sep 17 00:00:00 2001 From: "B. Watson" Date: Sun, 6 Nov 2016 22:33:23 -0500 Subject: network/slowhttptest: Update README. --- network/slowhttptest/README | 46 ++++++++++++++++++++++++++++----------------- 1 file changed, 29 insertions(+), 17 deletions(-) (limited to 'network/slowhttptest') diff --git a/network/slowhttptest/README b/network/slowhttptest/README index 9d1a6bf83a..61eaf15d50 100644 --- a/network/slowhttptest/README +++ b/network/slowhttptest/README @@ -1,21 +1,33 @@ -SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks. -It works on majority of Linux platforms, OSX and Cygwin - a Unix-like environment and command-line interface -for Microsoft Windows. +slowhttptest (stress testing tool/DoS simulator) -It implements most common low-bandwidth Application Layer DoS attacks, such as slowloris, Slow HTTP POST, -Slow Read attack (based on TCP persist timer exploit) by draining concurrent connections pool, as well -as Apache Range Header attack by causing very significant memory and CPU usage on the server. +SlowHTTPTest is a highly configurable tool that simulates some Application +Layer Denial of Service attacks. It works on majority of Linux platforms, +OSX and Cygwin - a Unix-like environment and command-line interface for +Microsoft Windows. -Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires -requests to be completely received by the server before they are processed. If an HTTP request is not -complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the -rest of the data. If the server keeps too many resources busy, this creates a denial of service. -This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server. +It implements most common low-bandwidth Application Layer DoS attacks, +such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist +timer exploit) by draining concurrent connections pool, as well as Apache +Range Header attack by causing very significant memory and CPU usage on +the server. -Slow Read DoS attack aims the same resources as slowloris and slow POST, but instead of prolonging -the request, it sends legitimate HTTP request and reads the response slowly. +Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP +protocol, by design, requires requests to be completely received by the +server before they are processed. If an HTTP request is not complete, +or if the transfer rate is very low, the server keeps its resources busy +waiting for the rest of the data. If the server keeps too many resources +busy, this creates a denial of service. -DISCLAIMER: Keep in mind that slowhttptest is of little use as a script kiddie tool. It cannot -be pointed blindly at arbitrary targets, like e.g. LOIC. Rather, where it excels is in its -breadth of attack options, high customizability and its in-depth analytics. As such, it will be -mostly useful for server administrators trying to stress test their systems. +This tool is sending partial HTTP requests, trying to get denial of +service from target HTTP server. + +Slow Read DoS attack aims the same resources as slowloris and slow POST, +but instead of prolonging the request, it sends legitimate HTTP request +and reads the response slowly. + +DISCLAIMER: Keep in mind that slowhttptest is of little use as a +script kiddie tool. It cannot be pointed blindly at arbitrary targets, +like e.g. LOIC. Rather, where it excels is in its breadth of attack +options, high customizability and its in-depth analytics. As such, it +will be mostly useful for server administrators trying to stress test +their systems. -- cgit v1.2.3