Can you perform an effective DOS attack with low bandwidth?
Not all people can manage to get high bandwidth. What if we tell you there is a tool called Slow loris which doesn’t require much bandwidth but can be very effective? Before all of that, you must know the concept and difference between the DOS attack and DDOS attack.
DOS(Denial of Service) attack usually uses one computer and a single internet connection to flood a server. But DDOS(Distributed Denial of Service) attack uses lots of computers and multiple internet connections. To perform a DDOS attack multiple computers are silently hijacked via botnets and use them in order to flood a targeted server.
Now, How Slow loris DOS attack works?
Slow loris holds the connection opened to a targeted server using partial HTTP requests(Provides data downloads pause and resume function) and keeps sending headers at a regular interval of time and prevents the connection from closing. In this way, sometimes the server fails to handle the requests and stops responding.
Normally when we send an HTTP request to a server, it responses quickly but Slow loris sends the request in pieces, not the whole in one time. This makes the server open the connection for a long time. Slow loris continues to send multiple requests in pieces and that opens up many incomplete connections on the server which the server fails to handle and crashes and it becomes inaccessible.
So, let’s get into the tutorial.
How to Configure Slow loris on Kali Linux
Fire up your Kali Linux machine and download the Slow loris tool from Github. Here we are going to use the Apache server to test the attack. You can also use your local server if you don’t want to buy a server. To start the apache server open the terminal and give the command service apache start.
Now go to the downloaded Slow loris folder and open up the terminal. Now run the Slow loris python script on the targeted server by giving the command-
The IP address is our apache server. You put yours if you’ve configured your Apache server. Now it will ask you to enter the number of sockets you want to open. You can see the attack is started successfully.
Let’s see what is going on with the server. Normally apache local servers loads instantly but in this case, it will load slowly. You can increase the socket numbers to make the attack more effective. The tool takes a little effort to finish its work. Stay with patience.
The sockets by default set to 150 but modify the script with your desired socket numbers in case the 150 sockets don’t work. To do that simply go to the Slowloris folder you’ve downloaded and open up the slowloris.py script with any text editor and change the socket number.
How to save yourself from Slow loris attack?
These days all web servers come preconfigured to prevent these types of attacks. They do not accept partial HTTP requests. Also if your server is not configured to prevent this attack you can manually set the limit of requests per IP address.
Slow loris attacks not a new method anymore but it is still useful if you use it on the right server. These tools don’t help you to hack things, they just boost up your skills, techniques, and thinking. It depends on you how you use it.
What’s your opinion about Slow loris? Leave a comment in the comment box below and let us know. If you face any problem regarding installing the tool, Explain the problem and attach a screenshot in the comment box. The screenshot helps us to identify your problem.
The tutorial you found on this website is only for educational purposes. Misuse of this information can lead you to jail or punishment. Anything you damage, we are not responsible for that. Do use it on your own property. If you want to test it on other’s property, take written permission from them.