A study of slow denial of service mitigation tools and solutions deployed in the cloud

Larsson, Niklas, Ågren Josefsson, Fredrik

January 2019

Slow rate Denial of Service (DoS) attacks have been shown to be a very effective way of attacking vulnerable servers while using few resources. This thesis investigates the effectiveness of mitigation tools used for protection against slow DoS attacks, specifically slowheader and slow body. Finally, we propose a service that cloud providers could implement to ensure better protection against slow rate DoS attacks. The tools studied in this thesis are, a Web Application firewall, a reverse proxy using an event-based architecture and Amazon’s Elastic Load Balancing. To gather data a realistic HTTP load script was built that simulated load on the server while using probe requests to gather response time data from the server. The script recorded the impact the attacks had for each server configuration.The results show that it’s hard to protect against slow rate DoS attacks while only using firewalls or load balancers. We found that using a reverse proxy with an event-based architecture was the best way to protect against slow rate DoS attacks and that such a service would allow the customer to use their server of choice while also being protected.

slowloris

slow post

slow body

slow rate DoS

slow rate denail of service attack

DoS attacks

slow rate dos mitigation

apache

nginx

aws

elastic load balancer

Computer Engineering

Datorteknik

Performance comparison between Apache and NGINX under slow rate DoS attacks

Al-Saydali, Josef, Al-Saydali, Mahdi

January 2021

One of the novel threats to the internet is the slow HTTP Denial of Service (DoS) attack on the application level targeting web server software. The slow HTTP attack can leave a high impact on web server availability to normal users, and it is affordable to be established compared to other types of attacks, which makes it one of the most feasible attacks against web servers. This project investigates the slow HTTP attack impact on the Apache and Nginx servers comparably, and review the available configurations for mitigating such attack. The performance of the Apache and NGINX servers against slow HTTP attack has been compared, as these two servers are the most globally used web server software. Identifying the most resilient web server software against this attack and knowing the suitable configurations to defeat it play a key role in securing web servers from one of the major threats on the internet. From comparing the results of the experiments that have been conducted on the two web servers, it has been found that NGINX performs better than the Apache server under slow rate DoS attack without using any configured defense mechanism. However, when defense mechanisms have been applied to both servers, the Apache server acted similarly to NGINX and was successful to defeat the slow rate DoS attack.

Apache

NGINX

slow HTTP

low rate HTTP

RUDY

slow rate DoS

Slowloris

Computer Sciences

Datavetenskap (datalogi)

Detection and analysis of low-rate attacks using network traffic analysis

Matta, Nagasai Deepak

13 August 2024

In this study, I used a dataset that contains low-rate and SYN flood traffic which was generated by a test bed to simulate a Slow DoS attack, stressing a local server by initiating several HTTP POST connections and causing the request payloads to be transmitted slowly. The attack causes problems including interrupted access and noticeably decreased network performance by sending a large number of little packets slowly, which keeps connections open and overloads server resources. I filtered traffic using Wireshark based on factors including tiny payloads, a lot of SYN packets without ACKs, high initial RTTs, small window sizes, and noticeable intervals between packets. Then, using these data, I ran a custom script I had created on the pcap files to identify possible attack sessions