A researcher has developed a new method discovered to using a single computer a successful denial of service attack on a server. Normally, the bandwidth of considerably more pc’s needed for an attack.
The researcher Sergey Shekyan of Qualsys Security Labs, now has a proof of concept developed that could be used from a single computer, a server shelf. In addition, the researcher, is the chance to be discovered during the attack is very small.
Shekyan calls his attack, Slow Read attack, and earlier this week the operation of the canvases done. By exploiting a previously discovered vulnerability in the tcp protocol, an attacker can itself influence the speed at which a server the data is trying to deliver. During this process checks the server, however, also continuously or the system of the recipient, in this case, the attacker, is ready for more data to receive. This runs the server memory is full with data that still needs to be sent, which eventually resources more might be available to legitimate visitors access to the site.
For the attack to be able to successfully perform according to Shekyan need to set the send buffer size of the server to know because tcp this value is not self-releasing. For most servers, however, this is set to a default value between 65 and 128kb. Also, the response of the server is larger than the send buffer size, which according to the researcher, with the contemporary scope of web pages is not really a problem.
Can potentially the discovery of the researcher have far-reaching consequences. Although there is insofar as known no tools are those that this way to cause the servers to fall, it is the chance that this will be developed large.
The attack works in any case on default configurations of Apache, nginx, lighttpd and IIS 7.5. Really good defenses, there are according to Shekyan, other than not just persistent connections and http pipelining to allow on the server, and the absolute connection lifetime to limit to a realistic value.