Attack against CIA Website could have been “Slowloris”

The CIA’s website may have been attacked earlier this week by “Slowloris” according  to Government Computer News:

The most recent attack, against http://www.cia.gov, does not appear to be particularly sophisticated. LulzSec described that attack as a simple packet flood, which overwhelms a server with volume.

Analysts at F5, which focuses on application security and availability, speculated that it actually was a Slowloris attack, a low-bandwidth technique that ties up server connections by sending partial requests that are never completed. Such an attack can come in under the radar because of the low volume of traffic it generates and because it targets the application layer, Layer 7 in the OSI model, rather than the network layer, Layer 3.

Slowloris works by sending numerous partial requests to a web server, eventually tying up the webserver so it will not allow other users to connect. The web server is not taken down by a thousand system zombie botnet that tries to bog down the server by sheer numbers, but by a single system that attacks the web server at the software level.

Slowloris is not new by any stretch of the imagination. It was created in 2009, so it would seem that by now Apache would have fixed the problem, and government system would be patched against it.

A demo of Slowloris was given at Defcon 17 and a video of it can be found on vimeo.com:

~ by D. Dieterle on June 17, 2011.

2 Responses to “Attack against CIA Website could have been “Slowloris””

  1. it was first created in 2005.
    gwt your facts right.

    • Thank you Bill for the feedback. You are partially correct, the attack was discussed in 2005 under the heading of “Programming Model Attacks” and again in 2007 in a Security Focus forum.

      But the tool to do it was not created until later.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: