SlowLOIC Attack

SlowLoris (originally by RSnake) keeps the connections alive as long as possible by sending partial headers but nether completing the request.


In the "subsite" you can specify the page to request.
If "Append random chars" is checked, 6 random characters are added at the end of the subsite. (usefull with dynamic pages and get-parameters)
The "Timeout" field is for the wait time in seconds between sending a new part of the header. This must be less than the read timeout on the target side.
The amount of worker "threads" can be changed during the attack at any time. This value should be initially lower than the maximum allowed half-open connections.
Check "use gZip" to check for CEV-2009-1891.
Check "use GET" to use the GET-command instead of POST. (mods like http-ready mitigate GET-attacks)
In the "Sockets / Thread" field you can define the number of connections per thread. (this number should not be insanely high - if you go over 100 it might be better to increase the amount of threads!)
the speed-slider sets just the delay between the creation of sockets.


The "requested" value shows the amount of currently connected sockets.
If no thread is in the "Connecting" state you should increase the number of threads - if all your threads or most of them are connecting you should lower the amount of threads.
"Failed" counts the connections which were reset by the server.
If "failed" goes up too fast you are doing it WRONG!


If you target a system which is not vulnerable to this attack you can always go for port-starving!
Just use up all max possible 64K connections and you are done! (running 16 clients with 5.000 connections each should do the trick!)