OWASP Periodic Table of Vulnerabilities - Denial of Service (Connection Based)

From OWASP
Revision as of 16:48, 14 May 2013 by James Landis (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Return to Periodic Table Working View

Contents

Denial of Service (Connection-Based)

Root Cause Summary

Applications are generally not designed to recognize and handle deliberately slowed connections or other abuses of HTTP below Layer 7. Some types of attacks won't even reach the application code because they prevent the web server from effectively processing requests.

Browser / Standards Solution

None

Perimeter Solution

Perimeter technologies should detect an event where many TCP or HTTP connections are opened but no data are sent (or sent at very slow speeds) over these connections. These connections should be dropped during the event, only allowing normal-data-rate connections to persist during the event.

Perimeter technologies should also detect an event where multiple uniquely-identifiable clients open more than the two connections allowed by HTTP standards and refuse these clients during the event. Clients can be identified by a unique username/authorization token, or a combination of unique attributes such as IP address and User-Agent.

Generic Framework Solution

None

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

None

References

OWASP HTTP Post Tool
slowloris