A study of slow denial of service mitigation tools and solutions deployed in the cloud

Larsson, Niklas, Ågren Josefsson, Fredrik

January 2019

Slow rate Denial of Service (DoS) attacks have been shown to be a very effective way of attacking vulnerable servers while using few resources. This thesis investigates the effectiveness of mitigation tools used for protection against slow DoS attacks, specifically slowheader and slow body. Finally, we propose a service that cloud providers could implement to ensure better protection against slow rate DoS attacks. The tools studied in this thesis are, a Web Application firewall, a reverse proxy using an event-based architecture and Amazon’s Elastic Load Balancing. To gather data a realistic HTTP load script was built that simulated load on the server while using probe requests to gather response time data from the server. The script recorded the impact the attacks had for each server configuration.The results show that it’s hard to protect against slow rate DoS attacks while only using firewalls or load balancers. We found that using a reverse proxy with an event-based architecture was the best way to protect against slow rate DoS attacks and that such a service would allow the customer to use their server of choice while also being protected.

slowloris

slow post

slow body

slow rate DoS

slow rate denail of service attack

DoS attacks

slow rate dos mitigation

apache

nginx

aws

elastic load balancer

Computer Engineering

Datorteknik

Slow rate denial of service attacks on dedicated- versus cloud based server solutions / En jämförelse mellan resursbindande denial of service attacker mot dedikerade och molnbaserade serverlösningar

Andell, Oscar, Andersson, Albin

January 2018

Denial of Service (DoS) attacks remain a serious threat to internet stability. A specific kind of low bandwidth DoS attack, called a slow rate attack can with very limited resources potentially cause major interruptions to the availability of the attacked web servers. This thesis examines the impact of slow rate application layer DoS attacks against three different server solutions. The server solutions are a static cloud solution and a load-balancing cloud solution running on AmazonWeb Services (AWS) as well as a dedicated server. To identify the impact in terms of responsiveness and service availability a number of experiments were conducted on the web servers using publicly available DoS tools. The response times of the requests were measured. The results show that the dedicated and static cloud based server solutions are severely impacted by the attacks while the AWS load-balancing cloud solution is not impacted nearly as much. We concluded that all solutions were impacted by the attacks and that the readily available DoS tools are sufficient for creating a denial of service state on certain web servers.

Denial of Service

DOS

Slow rate

Apache

Cloud

Computer Engineering

Datorteknik

Performance comparison between Apache and NGINX under slow rate DoS attacks

Al-Saydali, Josef, Al-Saydali, Mahdi

January 2021

One of the novel threats to the internet is the slow HTTP Denial of Service (DoS) attack on the application level targeting web server software. The slow HTTP attack can leave a high impact on web server availability to normal users, and it is affordable to be established compared to other types of attacks, which makes it one of the most feasible attacks against web servers. This project investigates the slow HTTP attack impact on the Apache and Nginx servers comparably, and review the available configurations for mitigating such attack. The performance of the Apache and NGINX servers against slow HTTP attack has been compared, as these two servers are the most globally used web server software. Identifying the most resilient web server software against this attack and knowing the suitable configurations to defeat it play a key role in securing web servers from one of the major threats on the internet. From comparing the results of the experiments that have been conducted on the two web servers, it has been found that NGINX performs better than the Apache server under slow rate DoS attack without using any configured defense mechanism. However, when defense mechanisms have been applied to both servers, the Apache server acted similarly to NGINX and was successful to defeat the slow rate DoS attack.

Apache

NGINX

slow HTTP

low rate HTTP

RUDY

slow rate DoS

Slowloris

Computer Sciences

Datavetenskap (datalogi)