Skip to content

HANDSHAKE & Slowloris Attacks

Jump to bottom
yukı edited this page Aug 24, 2023 · 2 revisions

Introduction:

HANDSHAKE attacks and Slowloris attacks are two distinct types of Denial of Service (DoS) attacks that exploit vulnerabilities in network protocols to disrupt victim servers or networks. HANDSHAKE attacks utilize the legitimate connection establishment process to overwhelm resources, while Slowloris attacks exploit the limited number of concurrent connections that servers can handle.

Understanding HANDSHAKE Attacks:

HANDSHAKE attacks are a type of DoS attack that abuses the legitimate TCP three-way handshake process to exhaust server resources. During a standard TCP handshake, a client sends a SYN (synchronize) packet to initiate the connection, and the server responds with a SYN-ACK (synchronize-acknowledge) packet, followed by an ACK (acknowledge) packet from the client to complete the handshake.

Understanding Slowloris Attacks:

Slowloris attacks target servers by utilizing the limited number of concurrent connections that servers can handle. Instead of overwhelming the server with a high volume of packets, Slowloris attacks focus on establishing numerous connections and keeping them open for as long as possible without sending complete HTTP requests.

By sending partial HTTP requests and maintaining these open connections, Slowloris attacks consume server resources, such as threads or connection slots, preventing legitimate clients from establishing connections. The attacker gradually opens new connections while keeping existing connections alive, effectively slowing down or incapacitating the targeted server.

Implications of HANDSHAKE and Slowloris Attacks:

HANDSHAKE and Slowloris attacks can have significant consequences for targeted systems and networks, including:

  • Denial of Service (DoS): Both HANDSHAKE and Slowloris attacks aim to exhaust server resources, resulting in a denial of service for legitimate users. This disruption can lead to financial losses, customer dissatisfaction, and reputational damage.

  • Resource Exhaustion: HANDSHAKE attacks consume server resources, such as CPU processing power, memory, and connection slots. Slowloris attacks tie up server threads or connections, exhausting available resources. These resource limitations can cause performance degradation, system instability, or crashes.

  • Service Disruption: HANDSHAKE and Slowloris attacks disrupt the normal operation of targeted services, preventing legitimate users from accessing the services. This can lead to interruptions in critical business operations, loss of productivity, or impaired customer experience.

How we protect our users against these attacks:

  • Rate-Limits.
  • Opened connection limiting. (per-ip)
  • Other methods.
Clone this wiki locally