SlowReq: A Weapon for Cyberwarfare Operations. Characteristics, Limits, Performance, Remediations

  • Maurizio Aiello
  • Gianluca Papaleo
  • Enrico Cambiaso
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 239)

Abstract

In the last years, with the advent of the Internet, cyberwarfare operations moved from the battlefield to the cyberspace, locally or remotely executing sabotage or espionage operations in order to weaken the enemy. Among the technologies and methods used during cyberwarfare actions, Denial of Service attacks are executed to reduce the availability of a particular service on a network. In this paper we present a Denial of Service tool that belongs to the Slow DoS Attacks category. We describe in detail the attack functioning and we compare the proposed threat with a similar one known as slowloris, showing the enhancements provided by the proposed tool.

Keywords

slow dos attack denial of service cyberwarfare 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Greengard, S.: The new face of war. Communications of the ACM 53, 20–22 (2010)CrossRefGoogle Scholar
  2. 2.
    Chen, T.M.: Stuxnet, the real start of cyber warfare? IEEE Network 24, 2–3 (2010)Google Scholar
  3. 3.
    Combs, M.M.: Impact of the Stuxnet Virus on Industrial Control Systems. In: XIII International Forum Modern Information Society Formation Problems, Perspectives, Innovation Approaches, pp. 5–10 (2012)Google Scholar
  4. 4.
    Cambiaso, E., et al.: Slow DoS Attacks: Definition and Categorization. International Journal of Trust Management in Computing and Communications (in press article, 2013)Google Scholar
  5. 5.
    Kuzmanovic, A., Knightly, E.W.: Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants. In: Proceedings of the 2003 conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 75–86 (2003)Google Scholar
  6. 6.
    Macia-Fernandez, G., et al.: Evaluation of a low-rate DoS attack against iterative servers. Computer Networks 51, 1013–1030 (2007)MATHCrossRefGoogle Scholar
  7. 7.
    Cambiaso, E., Papaleo, G., Aiello, M.: Taxonomy of Slow DoS Attacks to Web Applications. In: Thampi, S.M., Zomaya, A.Y., Strufe, T., Alcaraz Calero, J.M., Thomas, T. (eds.) SNDS 2012. CCIS, vol. 335, pp. 195–204. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  8. 8.
    Damon, E., et al.: Hands-on denial of service lab exercises using SlowLoris and RUDY. In: Proceedings of the 2012 Information Security Curriculum Development Conference, pp. 21–29 (2012)Google Scholar
  9. 9.
    MaxConnections - IIS 6.0, http://msdn.microsoft.com/en-us/library/ms524491v=vs.90.aspx (accessed in 2013)
  10. 10.
    Slow request dos/oom attack, http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2010_01.txt (accessed in 2013)
  11. 11.
    Apache MPM Common Directives - MaxClients Directive, http://httpd.apache.org/docs/2.2/mod/mpm_common.html-maxclients (accessed in 2013)

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Maurizio Aiello
    • 1
  • Gianluca Papaleo
    • 1
  • Enrico Cambiaso
    • 1
  1. 1.National Research CouncilCNR-IEIITGenoaItaly

Personalised recommendations