This is done by reducing the client's ability to receive data to a value that is smaller than the server's send buffer.
#Signs of slowloris attack full
The second requirement is to keep the server's send buffer full for a long period with other data chunks pending in order to keep the connection with the client active. Large responses are split into smaller chunks and get sent individually. In order to achieve this, the size of the server's response must be larger than what its send buffer can hold at any given time. "The idea of the attack I implemented is pretty simple: Send a legitimate HTTP request and read the response slowly, aiming to keep as many connections as possible active," Shekyan said. Unlike Slowloris, which works by slowing down HTTP requests in order to fill the Web server's concurrent connection pool and prevent it from serving legitimate clients, Shekyan's Slow Read DoS attack works by slowing down the server's responses. Louis, who developed Sockstress, a proof-of-concept application that applies the slow read attack concept to TCP stacks. Shekyan's method is dubbed Slow Read DoS and is based on previous research by Robert Hansen, the creator of the Slowloris HTTP DoS tool and the late Jack C. Qualys senior software engineer Sergey Shekyan has devised a new HTTP denial-of-service (DoS) attack method which relies on prolonging the time clients need to read Web server responses.