Sunday, June 28, 2009

DoS in HTTP

This weekend, I've been spending time checking on a couple of posting about denial of service (DoS). Of course, it is all begin with the recently HTTP DoS (not TCP DoS), Slowloris.

This is an effort in performing DoS attack to vulnerable HTTP servers rather than TCP services. A few common web servers have been identified to be vulnerable to this type of attack including Apache 1.x and 2.x. But our favorite IIS is NOT vulnerable.

Ans don't forget to check out the DoS attack to HTTP using Google Analytics. This is interesting as it is targetting those shared sub-domain sites, such as blogspot.com, and browsers that allow top level domain cookies. The idea here is, if you can set a large enough cookie (8190 bytes), you can DoS someone's client from accessing the web page. The limit for a cookie is 4K, but you can use 2 cookies at Google Analytics as a attack vector. This is serious.

The other posts from WebSecurity are interesting too. It classifies HTTP DoS attacks for both the browser and web application. One very interesting post from WebSecurity is the "Recursive File Include DoS Attack". See the links below.

Check them out if you have time: