"Slow HTTP DoS"- New Denial of Service Vulnerability, Doesn't Require Many PCs


We all are very familiar with Distributed Denial Of Service (DDoS) attack where a massive number of computers are used (and often hijacked) in order to barrage a website with requests & huge traffic load and effectively shut it down or send it offline. What you may not know is that there are denial of service (DoS) methods that don't need to be so distributed. So says security researcher Sergey Shekyan, who has developed a proof of concept that is a "Slow HTTP DoS." The "slow" method essentially makes an HTTP request to a server but does so in a way that can cause the server to hang. This method means that thousands of PCs may not be needed in order to execute a DoS attack. Sheykan describes it with our favorite kind of analogy, the kind involving burgers:-
"Imagine a line at a fast food restaurant that serves two types of burgers, and a customer at the cashier is stuck for a while deciding what he wants to order, making the rest of the line anxious, slowing down the business. Now imagine a line at the same restaurant, but with a sign saying "think ahead of your order," which is supposed to speed things up. But now the customer orders hundreds of burgers, pays, and the line is stuck again, because he can take only 5 burgers at time to his car, making signs ineffective"
The bad news, Sheykan says, is that the default configurations for popular webserver software like Apache, nginx, IIS 6 & 7, and lighttpd are all vulnerable. However, there are steps that server administrators can take to minimize exposure and it's just a proof of concept right now, not an in-the-wild attack.


To Know in details click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Categories: ,
Related Posts Plugin for WordPress, Blogger...