Attack against CIA Website could have been “Slowloris”

The CIA’s website may have been attacked earlier this week by “Slowloris” according  to Government Computer News:

The most recent attack, against http://www.cia.gov, does not appear to be particularly sophisticated. LulzSec described that attack as a simple packet flood, which overwhelms a server with volume.

Analysts at F5, which focuses on application security and availability, speculated that it actually was a Slowloris attack, a low-bandwidth technique that ties up server connections by sending partial requests that are never completed. Such an attack can come in under the radar because of the low volume of traffic it generates and because it targets the application layer, Layer 7 in the OSI model, rather than the network layer, Layer 3.

Slowloris works by sending numerous partial requests to a web server, eventually tying up the webserver so it will not allow other users to connect. The web server is not taken down by a thousand system zombie botnet that tries to bog down the server by sheer numbers, but by a single system that attacks the web server at the software level.

Slowloris is not new by any stretch of the imagination. It was created in 2009, so it would seem that by now Apache would have fixed the problem, and government system would be patched against it.

A demo of Slowloris was given at Defcon 17 and a video of it can be found on vimeo.com:

Advertisements