82499403ffba16bc6b1d689c5955c23dfbdc676d9dd2884f81 Complete Step By Step Tutorial on Slow loris DOS Attack | Kali Linux

Friday, November 1, 2019

Complete Step By Step Tutorial on Slow loris DOS Attack | Kali Linux

Can you perform an effective DOS attack with low bandwidth?

Not all people can manage to get high bandwidth. What if we tell you there is a tool called Slow loris which doesn't require much bandwidth but can be very effective? Before all of that, you must know the concept and difference between the DOS attack and DDOS attack

DOS(Denial of Service) attack usually uses one computer and a single internet connection to flood a server. But DDOS(Distributed Denial of Service) attack uses lots of computers and multiple internet connections. To perform a DDOS attack multiple computers are silently hijacked via botnets and use them in order to flood a targeted server.

Now, How Slow loris DOS attack works?

Slow loris holds the connection opened to a targeted server using partial HTTP requests(Provides data downloads pause and resume function) and keeps sending headers at a regular interval of time and prevents the connection from closing. In this way, after sometimes the server fails to handle the requests and stops responding.

Normally when we send an HTTP request to a server, it responses quickly but Slow loris sends the request in pieces, not the whole in one time. This makes the server open the connection for a long time. Slow loris continues to send multiple requests in pieces and that opens up many incomplete connections on the server which the server fails to handle and crashes and it becomes inaccessible.

So, let's get into the tutorial.

How to Configure Slow loris on Kali Linux

Fire up your Kali Linux machine and download the Slow loris tool from Github. Here we are going to use the Apache server to test the attack. You can also use your local server if you don't want to buy a server. To start the apache server open the terminal and give the command service apache start.

Now go to the downloaded Slow loris folder and open up the terminal. Now run the Slow loris python script on the targeted server by giving the command-

./slowloris.py 192.168.112.183 
Complete Step By Step Tutorial on Slow loris DOS Attack | Kali Linux

The IP address is our apache server. You put yours if you've configured your Apache server. Now it will ask you to enter the number of sockets you want to open. You can see the attack is started successfully.

Let's see what is going on with the server. Normally apache local servers loads instantly but in this case, it will load slowly. You can increase the socket numbers to make the attack more effective. The tool takes a little effort to finish its work. Stay with patience.
Complete Step By Step Tutorial on Slow loris DOS Attack | Kali Linux

The sockets by default set to 150 but modify the script with your desired socket numbers in case the 150 sockets don't work. To do that simply go to the Slowloris folder you've downloaded and open up the slowloris.py script with any text editor and change the socket number.
Complete Step By Step Tutorial on Slow loris DOS Attack | Kali Linux

How to save yourself from Slow loris attack?

These days all web servers come preconfigured to prevent these types of attacks. They do not accept partial HTTP requests. Also if your server is not configured to prevent this attack you can manually set the limit of requests per IP address.

Conclusion

Slow loris attacks not a new method anymore but it is still useful if you use it on the right server. These tools don't help you to hack things, they just boost up your skills, techniques, and thinking. It depends on you how you use it.

What's your opinion about Slow loris? Leave a comment in the comment box below and let us know. If you face any problem regarding installing the tool, Explain the problem and attach a screenshot in the comment box. The screenshot helps us to identify your problem.  

Disclaimer

The tutorial you found on this website is only for educational purposes. Misuse of this information can lead you to jail or punishment. Anything you damage, we are not responsible for that. Do use it on your own property. If you want to test it on other's property, take written permission from them.

Comments 0

Thanks for visiting us. Please Do comment with a valid name. Don't comment as Unknown.
(Warning: Do not spam in the comment box. Repetitive comments will not be moderated.)
EmoticonEmoticon

Submit Your Email Address to get Our Latest EASY TO READ Articles directly in Your Inbox