Member-only story
Most of web administrators that doesn’t care properly about the security of the servers, are often target of attacks that a lot of black hat hackers know how to perform in mass. One of those tricky attacks are the Slow HTTP attacks that target any kind of web server. Let’s explain quickly graphically what the attack looks like:
It’s just, pretty simple right? However for a bad configured server this can be the doom, the hardware won’t be pushed up to the limits, however it hangs basically for education … (bad example i know). Didn’t get it ? Imagine sending 100 old grandmas to a store, with all of them trying to tell a story from their childhood to the cashier so that no other customers can buy anything. For education, the cashier won’t kick the grandmas out of the store until they end up telling the story.
So, how you can perform such attack easily to a server and don’t die trying ? The SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks by prolonging HTTP connections in different ways. Use it to test your web server for DoS vulnerabilites, or just to figure out how many concurrent connections it can handle. SlowHTTPTest works on majority of Linux platforms, OS X and Cygwin — a Unix-like environment and command-line interface for Microsoft Windows, and comes with a…
