Slow Loris Attack - Computerphile

preview_player
Показать описание
Denial of service usually relies on a flood of data. Slow Loris takes a more elegant approach, and almost bores a server to death. Dr Mike Pound explains.

Babbage's Analytical Engine: COMING SOON

This video was filmed and edited by Sean Riley.

  1. Computerphile
  2. computers
  3. computerphile
  4. computer
  5. science
  6. DOS
Рекомендации по теме
Slow Loris Attack 0:08:25

Slow Loris Attack - Computerphile

The Attack That 0:09:50

The Attack That Could Disrupt The Whole Internet - Computerphile

Slowloris Attack 0:18:27

Slowloris Attack

Running a Buffer 0:17:30

Running a Buffer Overflow Attack - Computerphile

Cracking Websites with 0:08:34

Cracking Websites with Cross Site Scripting - Computerphile

Running an SQL 0:17:11

Running an SQL Injection Attack - Computerphile

How to Perform 0:15:20

How to Perform a Slowloris Attack on Metasploitable2 using Msfconsole & Prevention Techniques

Understanding Slowloris DoS 0:10:02

Understanding Slowloris DoS Attacks: Implications and Defense Strategies

Hacking Websites with 0:08:59

Hacking Websites with SQL Injection - Computerphile

Denial of Service 0:09:53

Denial of Service Attack using slowloris

Bitcoin Mining in 0:04:02

Bitcoin Mining in 4 Minutes - Computerphile

Sorting Secret - 0:09:45

Sorting Secret - Computerphile

SHA: Secure Hashing 0:10:21

SHA: Secure Hashing Algorithm - Computerphile

how to do 0:07:03

how to do a dos attack with slow-loris

Securing Stream Ciphers 0:09:24

Securing Stream Ciphers (HMAC) - Computerphile

DOS attack using 0:05:13

DOS attack using Slowloris (Explanation Included)

How Signal Instant 0:09:44

How Signal Instant Messaging Protocol Works (& WhatsApp etc) - Computerphile

Exploiting the Tiltman 0:25:33

Exploiting the Tiltman Break - Computerphile

Slow Loris Attack 0:02:53

Slow Loris Attack

Mastering Slowloris.py: Python 0:02:47

Mastering Slowloris.py: Python Guide to Launching an Effective Slowloris Attack

Slowloris DoS Example 0:01:04

Slowloris DoS Example

How To Do 0:04:11

How To Do A Slow Loris Attack

Slowloris Attack using 0:01:42

Slowloris Attack using Metasploit

Looking at slowhttptest 0:07:17

Looking at slowhttptest slow loris attack with Wireshark

Комментарии
Автор

Express explanation: Imagine sending 100 old grandmas to a convenience store, with all of them trying to tell a story from their childhood to the cashier so that no other customers can buy anything.

mebezaccraft
Автор

The first rule of coding: All user input is evil.

WAMProducties
Автор

This is now my favorite Denial of Service attack as well

Energya
Автор

This is so beautifully evil it made me cry.

hrnekbezucha
Автор

All Mikes videos seem to be so simple to follow and his presentation makes you want to follow.... Where were you when I was at school?

paul
Автор

I understand why this is his favorite.

And I like the gleam in his eyes for this one..

rikwisselink-bijker
Автор

To add to that: Other webservers like nginx are not vulnerable to slowloris because they don't reserve a thread per connection. Instead, they have a worker thread pool. Each thread in that pool has a task queue. These threads run all tasks in their queues until the queues are empty. So, as soon as you insert a task in their queue, it eventually gets run. Every time a bit of data comes in from a client, a new task is created - "process this data". This task is then assigned to one of the worker threads whose task queue isn't full. The assigned thread then eventually runs the task. That way, even incredibly slowly arriving partial HTTP requests won't block anything, because the threads aren't exclusively reserved for handling one particular connection. The whole HTTP request handling is broken up into these small individual tasks instead.

dvdv
Автор

I love these kinds of videos. My favorite one is when tom scott talked about the NTP attack method.

mikopiko
Автор

It seems weird that he's using the Ubuntu machine for browsing and the Windows machine for serving.

Gooberslot
Автор

Dr. Mike Pound: writes 67 lines of codes and breakes a site
Me: writes 5000 lines of codes and my program is still useless.

Dusk-MTG
Автор

One of my favorite computerphile videos in recent memory!
Will you cover how servers would defend against this technique?

NeatNit
Автор

OMG! a computerphile that actually shows some code! Is it christmas or something?

osenseijedi
Автор

thanks gonna use this on the scientology website now

WWxeroWW.WERWKWWF__WPWWW.-_WWW
Автор

I love the videos with Dr Pound, he's always so enthusiastic and speaks clearly.

May-whrt
Автор

People calling themselves hackers because they did a DDoS attack, is like people calling themselves lock pickers for blowing up the safe.

jelleverest
Автор

My God, this guy is so freaking amazing.

aries_
Автор

I love how the amplifier was set to 11 :-)

Aragorn
Автор

I want Mike to explain RUDY as well! The most common DDoS attack methods would be awesome to hear more about. He explains it very nicely!

mortenmoulder
Автор

I could listen to Dr Pound explain things for hours. Such an interesting video! Thanks for the upload Computerphile :)

lewisb
Автор

Kind of a passive aggressive DOS. Totally agree … beautifully elegant and diabolical :D

diotough
join shbcf.ru