Attack against CIA Website could have been “Slowloris”

The CIA’s website may have been attacked earlier this week by “Slowloris” according  to Government Computer News:

The most recent attack, against, does not appear to be particularly sophisticated. LulzSec described that attack as a simple packet flood, which overwhelms a server with volume.

Analysts at F5, which focuses on application security and availability, speculated that it actually was a Slowloris attack, a low-bandwidth technique that ties up server connections by sending partial requests that are never completed. Such an attack can come in under the radar because of the low volume of traffic it generates and because it targets the application layer, Layer 7 in the OSI model, rather than the network layer, Layer 3.

Slowloris works by sending numerous partial requests to a web server, eventually tying up the webserver so it will not allow other users to connect. The web server is not taken down by a thousand system zombie botnet that tries to bog down the server by sheer numbers, but by a single system that attacks the web server at the software level.

Slowloris is not new by any stretch of the imagination. It was created in 2009, so it would seem that by now Apache would have fixed the problem, and government system would be patched against it.

A demo of Slowloris was given at Defcon 17 and a video of it can be found on

2 thoughts on “Attack against CIA Website could have been “Slowloris””

    1. Thank you Bill for the feedback. You are partially correct, the attack was discussed in 2005 under the heading of “Programming Model Attacks” and again in 2007 in a Security Focus forum.

      But the tool to do it was not created until later.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.