Slow Loris Attack - Computerphile

Поділитися
Вставка
  • Опубліковано 30 жов 2024

КОМЕНТАРІ • 1,1 тис.

  • @mebezaccraft
    @mebezaccraft 8 років тому +5362

    Express explanation: Imagine sending 100 old grandmas to a convenience store, with all of them trying to tell a story from their childhood to the cashier so that no other customers can buy anything.

    • @MegaZsolti
      @MegaZsolti 7 років тому +444

      Yeah, while forgetting their stories halfway through and starting all over.

    • @ArunBasilLal
      @ArunBasilLal 7 років тому +90

      You should be on ELI5 subreddit.

    • @Kodufan
      @Kodufan 6 років тому +26

      shouldn't you be busy saving the world, Niko?

    • @godfreypoon5148
      @godfreypoon5148 6 років тому +13

      That variation of the attack is described in more detail in this video watch?v=tc_KJEwzq74

    • @danielsharp2402
      @danielsharp2402 6 років тому +25

      That's a clever IRL DoS.

  • @Energya01
    @Energya01 8 років тому +1718

    This is now my favorite Denial of Service attack as well

    • @TheAnimystro
      @TheAnimystro 8 років тому +6

      indeed

    • @chainingsolid
      @chainingsolid 8 років тому +44

      same I was laughing alot at how simple but effective this is.

    • @CGoody564
      @CGoody564 8 років тому +17

      Chaining Solid not really effective anymore except for unpatched web servers. but yeah, genius in it's conception by using the artificial limits used to stop DDoS against the server to DDoS it anyway. lol

    • @RealNovgorod
      @RealNovgorod 8 років тому +14

      Yeah, except it's useless because every sensible webserver has a connection limit per client or IP (something on the order of 2-10, beyond that you're blocked). It's true that it saves traffic, but there's no way around owning a botnet...

    • @murphy54000
      @murphy54000 8 років тому +5

      could just go through a few proxies/VPNs if you really needed to do it solo.

  • @WAMProducties
    @WAMProducties 8 років тому +4011

    The first rule of coding: All user input is evil.

    • @TechyBen
      @TechyBen 8 років тому +319

      Second rule of coding: Checking rule 1 is NP-hard!

    • @TheTrueSmitch
      @TheTrueSmitch 8 років тому +25

      Wouter Damen Ikr! All the parsing and data validation!

    • @greenanubis
      @greenanubis 8 років тому +82

      Like life: cant trust anyone. But obviously thats not the optimal strategy.

    • @simonfrohlich7766
      @simonfrohlich7766 8 років тому +2

      So true!

    • @ibrax1
      @ibrax1 7 років тому +1

      +TechyBen
      Why is it NP-hard?

  • @hrnekbezucha
    @hrnekbezucha 8 років тому +1786

    This is so beautifully evil it made me cry.

    • @power-max
      @power-max 8 років тому +13

      Dr EVIL would be proud!

    • @dvdr14eb
      @dvdr14eb 8 років тому +28

      Mojo Jojo would be proud

    • @RonJohn63
      @RonJohn63 8 років тому +12

      Cry? Like a girly man?
      This is so beautifully evil is makes me rage at myself for not thinking of it first!!

    • @sUmEgIaMbRuS
      @sUmEgIaMbRuS 7 років тому +31

      And your comment made me WannaCry

    • @cameronbarrett9808
      @cameronbarrett9808 7 років тому

      Ambrus Sümegi a

  • @paul3562
    @paul3562 8 років тому +927

    All Mikes videos seem to be so simple to follow and his presentation makes you want to follow.... Where were you when I was at school?

    • @astropgn
      @astropgn 8 років тому +80

      Yeah, he should have a dedicated channel

    • @bl33kselderij
      @bl33kselderij 8 років тому +111

      It's also great how he has to add the obligatory 'don't really do this', but you can see in his eyes that he thinks this stuff is awesome ;-)

    • @dariusduesentrieb
      @dariusduesentrieb 8 років тому +2

      would be cool, but i think its more complicate that it seems to be here

    • @DamagedSave
      @DamagedSave 8 років тому +34

      I am at the Uni he teaches at, very nice guy in general. Can occasionally hear him talking in an office and wonder if a new Computerphile video is on the way :)

    • @astropgn
      @astropgn 8 років тому +8

      DamagedSave Go talk to him! Say we would like to see his channel :P

  • @rikwisselink-bijker
    @rikwisselink-bijker 8 років тому +304

    I understand why this is his favorite.
    And I like the gleam in his eyes for this one..

    • @TTTT...
      @TTTT... 3 місяці тому

      serious npc behaviour

    • @rikwisselink-bijker
      @rikwisselink-bijker 3 місяці тому

      @@TTTT... Who is the NPC exactly? I don't really understand what you mean

  • @dvdv7777
    @dvdv7777 4 роки тому +36

    To add to that: Other webservers like nginx are not vulnerable to slowloris because they don't reserve a thread per connection. Instead, they have a worker thread pool. Each thread in that pool has a task queue. These threads run all tasks in their queues until the queues are empty. So, as soon as you insert a task in their queue, it eventually gets run. Every time a bit of data comes in from a client, a new task is created - "process this data". This task is then assigned to one of the worker threads whose task queue isn't full. The assigned thread then eventually runs the task. That way, even incredibly slowly arriving partial HTTP requests won't block anything, because the threads aren't exclusively reserved for handling one particular connection. The whole HTTP request handling is broken up into these small individual tasks instead.

    • @Dearth123
      @Dearth123 4 роки тому +2

      I really needed this! Thank you for your clear writing.

  • @Gooberslot
    @Gooberslot 8 років тому +667

    It seems weird that he's using the Ubuntu machine for browsing and the Windows machine for serving.

    • @tommessig2060
      @tommessig2060 8 років тому +60

      yeah, i was thinking the same thing. moreso that it's apache on windows.

    • @NickleJ
      @NickleJ 8 років тому +183

      That's what I was thinking. Though if you're deploying apache with the specific intention of breaking it, maybe windows is the better platform.

    • @matek9975
      @matek9975 7 років тому +14

      it doesn't matter and it's faster to install server on windows than on linux

    • @nimisidiv9244
      @nimisidiv9244 7 років тому +6

      He'll be using the university network which will most likely be windows enviroments.

    • @johnfrancisdoe1563
      @johnfrancisdoe1563 6 років тому +7

      Nimisidiv Except the other machine is Linux. Anyway, installing Apatchy httpd on Linux is very fast it's an OS feature. But installing Monty Python etc. on Windows is harder than installing Apache, so if he only had those two machines it's just easier to do the python script on the Linux machine and use a badly configured toy web server on Windows as the target.

  • @mikopiko
    @mikopiko 8 років тому +88

    I love these kinds of videos. My favorite one is when tom scott talked about the NTP attack method.

  • @osenseijedi
    @osenseijedi 8 років тому +1998

    OMG! a computerphile that actually shows some code! Is it christmas or something?

    • @simonfrohlich7766
      @simonfrohlich7766 8 років тому +58

      Well, seriously, you could probably find the code fairly quickly or writ it yourself knowing the idea behind it, so...

    • @xanderlewis
      @xanderlewis 7 років тому +139

      I'm pleased too, but computer science/computing isn't ALL about code. :)

    • @shala_shashka
      @shala_shashka 7 років тому

      tru tru

    • @aakksshhaayy
      @aakksshhaayy 7 років тому +13

      but its in a noob language like python

    • @tapwater424
      @tapwater424 7 років тому +138

      >noob language
      aakksshhaayy is living in 2080 with his "assembly code only" ideology

  • @NeatNit
    @NeatNit 8 років тому +348

    One of my favorite computerphile videos in recent memory!
    Will you cover how servers would defend against this technique?

    • @bidaubadeadieu
      @bidaubadeadieu 8 років тому +5

      +
      Yeah I'd love to know this too.

    • @NikkiDimesYT
      @NikkiDimesYT 8 років тому +31

      Use Lighttpd or nginx ;P

    • @sooooooooooomebody
      @sooooooooooomebody 8 років тому +4

      I wonder how many Apache threads some normal Linux box could handle.

    • @brodaclop
      @brodaclop 8 років тому +31

      One obvious answer is: don't spawn a new thread for every connection. If you keep your processing as lightweight as possible, attacks like this have a much smaller effect.

    • @sallerc
      @sallerc 8 років тому +97

      You could also limit the number of open concurrent connections to the same IP.

  • @May-wh1rt
    @May-wh1rt 5 років тому +10

    I love the videos with Dr Pound, he's always so enthusiastic and speaks clearly.

  • @Dusk-MTG
    @Dusk-MTG 4 роки тому +82

    Dr. Mike Pound: writes 67 lines of codes and breakes a site
    Me: writes 5000 lines of codes and my program is still useless.

    • @arttu1229
      @arttu1229 4 роки тому +2

      Emanuele Giordano he didnt write it as he said

    • @baronvonbeandip
      @baronvonbeandip 3 роки тому

      Well, maybe you should drop H and do something in JS or Python

    • @reda29100
      @reda29100 3 роки тому +1

      It's called denial of execution attack injected by the creator of the language to prevent your code from doing what you want it to do. Just like this very comment is denial of skill attack by me to prevent you ..
      [Okay, this joke took a mean turn, I'll stop now.]

  • @mortenmoulder
    @mortenmoulder 8 років тому +32

    I want Mike to explain RUDY as well! The most common DDoS attack methods would be awesome to hear more about. He explains it very nicely!

  • @WWxeroWW.WERWKWWF__WPWWW.-_WWW
    @WWxeroWW.WERWKWWF__WPWWW.-_WWW 8 років тому +813

    thanks gonna use this on the scientology website now

    • @aybmnn
      @aybmnn 8 років тому +2

      lol

    • @ricodelta1
      @ricodelta1 8 років тому +105

      and if you did that on an islamic website, youd be called a racist

    • @Brutaltronics
      @Brutaltronics 8 років тому +9

      they are gonna sue!

    • @DanDart
      @DanDart 8 років тому

      My idea too

    • @Brutaltronics
      @Brutaltronics 8 років тому +10

      they might be using apache, how can you tell before hand

  • @lewisb8634
    @lewisb8634 8 років тому +16

    I could listen to Dr Pound explain things for hours. Such an interesting video! Thanks for the upload Computerphile :)

  • @Aragorn450
    @Aragorn450 7 років тому +57

    I love how the amplifier was set to 11 :-)

  • @jelleverest
    @jelleverest 8 років тому +825

    People calling themselves hackers because they did a DDoS attack, is like people calling themselves lock pickers for blowing up the safe.

    • @egonzalez4294
      @egonzalez4294 8 років тому +91

      Simple rule.
      If you can make money out of it then you are a real hacker.
      Otherwise you are just an aficionado.

    • @koohikoo
      @koohikoo 8 років тому +128

      nah, script kiddie

    • @cookiesnmilkfilms9056
      @cookiesnmilkfilms9056 7 років тому +4

      Makes so much sense now

    • @martinkunev9911
      @martinkunev9911 6 років тому +17

      What is the relevance of this comment to the video?

    • @sixstringedthing
      @sixstringedthing 6 років тому +28

      Eh, but then you've destroyed the contents of the safe, which isn't what a DDoS does. It would be more like throwing the safe off a bridge into very deep water. Or launching it into space on an extrasolar trajectory. And then proclaiming yourself to be the greatest safecracker of all time. :)

  • @jpeg1991
    @jpeg1991 8 років тому +63

    6:34 CTRL+SHIFT+R will refesh whilst ignoring the cache.

  • @Remmes
    @Remmes 8 років тому +88

    Wow that's such a clever attack.

    • @duminicad
      @duminicad 8 років тому +1

      it is, but just glance at apache's documentation and you'll find timeouts for keep alives and "read timeout"

  • @GTOUranus
    @GTOUranus 8 років тому +7

    Dr Pounds videos are the best by far.

  • @aries_9130
    @aries_9130 8 років тому +95

    My God, this guy is so freaking amazing.

    • @aries_9130
      @aries_9130 8 років тому +13

      I don't really care for an accurate description as long as the concept behind it is described, which he did. If one were to want a more accurate description, I'm sure one could find one for themselves. I don't think that this video is meant as a walk-through to an exploit.

  • @chairwood
    @chairwood 8 років тому +198

    it would make things so much easier if viruses actually had the .virus extension like at 0:45

  • @Dearth123
    @Dearth123 7 років тому +1

    Always love to see the enthusiasm Dr. Pound puts in his explanations.

  • @seamusfrederick2927
    @seamusfrederick2927 8 років тому +4

    Now it's my new favourite too..thanks for giving me ideas computerphile

  • @amaarquadri
    @amaarquadri 4 роки тому +1

    One of my favorite computerphile videos!

  • @diotough
    @diotough 8 років тому +27

    Kind of a passive aggressive DOS. Totally agree … beautifully elegant and diabolical :D

  • @keyb0ard620
    @keyb0ard620 4 роки тому +1

    Every video i see from Computerphile(Mike) i am totally in love how excited he explains everything he always infect me to try it out on my next customer...

  • @wmramsey26
    @wmramsey26 8 років тому +25

    It's rare that I get excited like a little kid anymore but when I saw a new Dr Mike Pound video in my feed I almost started jumping up and down clapping my hands lol

  • @guywiththebottle
    @guywiththebottle 5 років тому +1

    Mike is great in front of a camera. Good at explaining and charismatic!

  • @SebastianLopez-nh1rr
    @SebastianLopez-nh1rr 7 років тому +21

    People! The first D in DDoS has a meaning, and it is DISTRIBUTED. If only one computer attacks, it's just a regular DoS.

  • @Pscribbled
    @Pscribbled 8 років тому +1

    This guy is the best computerphile host!

  • @ShaharNacht
    @ShaharNacht 6 років тому +45

    "Mike's Website"
    "It's purple"

  • @mohammadyousef2812
    @mohammadyousef2812 4 роки тому

    i hope you guys don't stop uploading like these informative videos. they are pretty informative and well organized. keep going with these videos

  • @CorneliusSneedley
    @CorneliusSneedley 8 років тому +3

    Very interesting. We so often get told about what something like this does, but this is the first time I have ever seen such a thing actually demonstrated. And, nice to see a Linux box on this channel. :)

  • @lesterjohnpulanco2579
    @lesterjohnpulanco2579 5 років тому

    ive been watching/listening your vids for 2 consecutive days while im at my work. it's so informative and how you deliver your explanations is so incomparable. i love it

  • @Yaxqb
    @Yaxqb 7 років тому +2

    Love these server and networking videos, keep 'em coming

  • @toastom
    @toastom 8 років тому +22

    I love Mike's videos explaining how to do these attacks! I would never do them (I don't want to go to jail :) ), but they are really interesting. Keep 'em coming!

    • @joukevandermeijden2433
      @joukevandermeijden2433 8 років тому

      Thomas Gourley

    • @joepelletier6694
      @joepelletier6694 8 років тому

      do you honestly think that you could go to jail for this?

    • @svnhddbst8968
      @svnhddbst8968 8 років тому +6

      +joe 10001001 you absolutely would go to jail for a denial of service attack like this. if i'm not mistaken, it's a federal offense.

    • @joepelletier6694
      @joepelletier6694 8 років тому

      it depends who you do it to and how effective it is tho right?

    • @joepelletier6694
      @joepelletier6694 8 років тому

      large companies rely on a lack of public knowledge on tech and bribery to make things like dos illegal. if you think about it dos is a form of peaceful protest (when the participants are willing). using current event as an example, ddos attacks are analogous to a crowd of people standing in front of trump tower to prevent people getting in and by extension, trump making money. this dos attack is perfectly understood by this hypothetical scenario. you fine out that a restraint has been steeling credit card numbers, so you gather a group of 30 friends who each take a table, then when a waiter comes to get their order they ask for 5 more minutes. in my opinion, you and your friends are not committing a crime, any loss in profit that the restaurant is facing is their fault because they chose not to kick you out.
      and with the normal ddos attack you are simply peacefully protesting (if you are using a botnet and not and not a community who agrees and wants to help the cause) you are guilty of a different crime.

  • @sebisuarez10
    @sebisuarez10 2 роки тому

    I love how excited he is about this DoS and explaining it. The explanation really helped with my studies for CEH! THanks!

  • @SuperWerdooo
    @SuperWerdooo 5 років тому +16

    I don’t know shit about programming but it’s always fun to see a nerd talk about their passion lmao

    • @Creepkido
      @Creepkido 5 років тому

      your profile pic is intresting lol

  • @blucat4
    @blucat4 9 місяців тому

    I love Mike Pound's videos, especially this one. Cheers. 🙂

  • @exm3266
    @exm3266 6 років тому +5

    "The same person looking at the website really slowly 200 times"

  • @AnesuC
    @AnesuC 8 років тому +23

    Yay Ubuntu, using it right now and have been for 3 years as my main OS. Used it before for like 2 or more years as a 2nd OS to play around with

    • @horseradish843
      @horseradish843 8 років тому +18

      Nobody cares m8

    • @ELYESSS
      @ELYESSS 8 років тому +4

      good for you

    • @AnesuC
      @AnesuC 8 років тому +4

      Speedyjens I was just sharing my experience with Ubuntu cos you rarely see people use it. If you don't care, you can skip along like everyone else does. I am sure you don't care about every UA-cam comment and you generally skip along. This one shows you somewhat care to make the effort to reply to....

    • @horseradish843
      @horseradish843 8 років тому +1

      Anesu C You comment really had nothing to do with the video.
      *cough* alot of servers uses ubuntuu *cough*

    • @AnesuC
      @AnesuC 8 років тому

      Speedyjens​​ They use Linux not specifically ubuntu, tha I have experienced first hand. Also it doesn't matter if it wasn't explicitly related to the topic, it's like watching a show and your favorite actor/singer/etc shows up. You will notice a lot of comments about that person rather than the topic of the show itself.... Just another note, this video pretty much covered the topic well, I had nothing else to add, hence I mentioned this instead.

  • @sasjadevries
    @sasjadevries 8 років тому +19

    You can just as well call it "the power of being lazy"

  • @omkhard1833
    @omkhard1833 3 роки тому

    best explaination ............ I am blessed to watch a Channel like computerphile, david bombal etc

  • @R0craida
    @R0craida 8 років тому +4

    Dude, I love these videos!

  • @freegameLP
    @freegameLP 8 років тому +1

    Wow, this attac honestly is quite beautiful

  • @DantalionNl
    @DantalionNl 8 років тому +6

    These videos are fun but I would have liked to see a part about how not to get downed by such a attack especially since a large portion of viewers possible has a website or server somewhere since most of us are working with computers every now and again.

    • @dustinjames1268
      @dustinjames1268 8 років тому +1

      I agree. Not much substance to this video without preventative measures.

    • @user255
      @user255 8 років тому

      Just drop the connection if it is unrealistically slow.

    • @DantalionNl
      @DantalionNl 8 років тому

      user255
      Sure could you give a example of how to setup a iptable rule or apache configuration that would do this for me then?

    • @user255
      @user255 8 років тому

      Dantali0n I think I spoke too soon... it is not as easy as I thought. But check this:
      insights.sei.cmu.edu/cert/2009/07/mitigating-slowloris.html

  • @luiss7989
    @luiss7989 7 років тому

    This is great for testing how much HTTP requests a server can handle aside from simulating a DOS attack it can really show you how much your server can handle.

  • @Pumbear
    @Pumbear 5 років тому +8

    It's the modern equivalent of standing behind 200 grandma's at the post office.

  • @Gersberms
    @Gersberms 8 років тому

    @computerphile: I love how the servers are in the cloud. You guys do great work!

  • @PlasmaHH
    @PlasmaHH 8 років тому +9

    Err, wait, we were using that in the 90s all the time, I always thought there had been countermeasures implemented even back then...

    • @garryiglesias4074
      @garryiglesias4074 8 років тому +4

      You don't need a thread per socket... A thread could handle "thousands" of slow socket...
      This is a design problem in a "optimisation" done on the Apache server. As he said, not all http server have this weakness.

    • @PlasmaHH
      @PlasmaHH 8 років тому +3

      Hendrik-Jan Smit You might want to research the C10k problem. For one you can make connection handling much much more effective, also you can rather easily detect a client misbehaving this way and block it.

    • @depravedone
      @depravedone 8 років тому

      As Morgan says, "Everything gets a return"

  • @NeonsStyleHD
    @NeonsStyleHD 8 років тому +8

    This guy reminds me a lot of that guy that played Spiderman in the movies.

  • @abhishekramchandran7855
    @abhishekramchandran7855 6 років тому

    The SYN flood is a more prevelant kind of DOS. Awesome video!

  • @gtcfktu
    @gtcfktu 8 років тому +61

    So....What's the fix? how to prevent such an attack?

    • @moaqyigl
      @moaqyigl 8 років тому +47

      I would think having a hard timeout on connections (as in having any single connection not be longer than a few seconds) would work, although it might make accessing the site from a very slow connection impossible.

    • @TurkishLoserInc
      @TurkishLoserInc 8 років тому +44

      Any server that doesn't have one thread dedicated for each socket will fair well against this attack. Nginx can handle 10k concurrent connections, probably more of these "pseudo"connections

    • @ELYESSS
      @ELYESSS 8 років тому +3

      I don't know but maybe limit the number of connections per user or don't use apache?

    • @stensoft
      @stensoft 8 років тому +26

      +Natanor That would not work. Apache already has hard timeout for requests but the script recreates each connection that was closed by the server.
      +ILYES You can limit the number of connections from an IP address but that may make your website unuseable from some large companies or organisations that have only a few external IP addresses.

    • @chainingsolid
      @chainingsolid 8 років тому +24

      I would try solving it by prioritizing the faster connections and having lower time outs.

  • @Kali9030
    @Kali9030 Рік тому

    Randomly ended up here and really enjoyed the demo.

  • @joebazooks
    @joebazooks 8 років тому +3

    beautiful

  • @nou1438
    @nou1438 6 років тому +1

    THis is one of my favorite videos

  • @TheActualTed
    @TheActualTed 4 роки тому +5

    Apache opening a new thread be like: *"Haii! I'm Mr. Meeseek, look at me!"*

  • @dwietr
    @dwietr 8 років тому +2

    You got to love those layer 7 attacks, abusing services with ...

  • @goeiecool9999
    @goeiecool9999 8 років тому +8

    While watching this video.... I casually used my toe to start up my ubuntu web server.... No reason....

  • @bavarecmk
    @bavarecmk 7 років тому +2

    I subscribed to this channel just because of how this person speaks, it's like a therapy :D

  • @enoua5222
    @enoua5222 8 років тому +3

    I accidently did this to my own server

  • @Plan36c
    @Plan36c 5 років тому

    Such an elegant explanation

  • @AxeLea3
    @AxeLea3 8 років тому +39

    This is the funniest DDOS

    • @AxeLea3
      @AxeLea3 8 років тому +8

      Where you're right, you're right. Thanks for your clarification

    • @dzikiLOS
      @dzikiLOS 8 років тому +5

      I'd like to give props to both of you guys - nidefawl for giving proper explanation and Axel for taking the lesson. If only internet was full of people like you! ;)

    • @AxeLea3
      @AxeLea3 8 років тому +6

      +dzikiLOS I guess the Internet will never be full of people like the ones in this comment section -_-
      But that's more in a conjunction to people in general. not the web

    • @breadleymcthicc5444
      @breadleymcthicc5444 6 років тому

      @nidefawl I'd thought it would be, given the amount of connections, and all of them distributing a connection. I don't know, though, because I have hardly any experience with any form of coding.

  • @Toimi
    @Toimi 5 років тому

    That is so clean and elegant.

  • @leungchinghim
    @leungchinghim 8 років тому +8

    now I know how to break my website, but how can I defend it?

    • @recklessroges
      @recklessroges 8 років тому

      #firewall might fix this for you
      ip6tables -I INPUT -p tcp --syn --dport 443 -m connlimit --connlimit-above 10 -j DROP
      iptables -I INPUT -p tcp --syn --dport 443 -m connlimit --connlimit-above 10 -j DROP

    • @wood-eye
      @wood-eye 8 років тому

      Can you elaborate? I assume that drops the slow connections, right?

    • @unaliveeveryonenow
      @unaliveeveryonenow 8 років тому +1

      I assume it limits the number of connections per IP to 10 on port 443. This might ban an entire country.

    • @unaliveeveryonenow
      @unaliveeveryonenow 8 років тому

      ***** Qatar has only one public IP. Everything I say is 100% serious.

    • @unaliveeveryonenow
      @unaliveeveryonenow 8 років тому +1

      ***** I don't know either. A different situation: a bunch of governments are blocking a lot of sites. If one were to use Tor to bypass it he would have found that some CDNs are blocking Tor IPs. I guess these are rare cases and generally shouldn't be worried about.

  • @cat47
    @cat47 4 роки тому

    This is awesome, I love this attack. I tried it out on a google site I made and it made the site really slow, but I didn’t feel like waiting for the site to go down.

  • @KittyBoom360
    @KittyBoom360 8 років тому +4

    I was giggling the whole time thinking this is my favorite too.
    So how is the wild dealing with this? Are servers cutting off slow connections now but the cutoff point is like where the battles are fought?

  • @MrReese
    @MrReese 3 роки тому +2

    I love this and the fact that he also loves it and tries to hide that he loves it makes it even better :D.

  • @Humance
    @Humance 8 років тому +30

    Ubuntu, Sublime Text and Python. I like that!

    • @Yuzuki1337
      @Yuzuki1337 6 років тому +1

      Daniele Dal Col Aka the "I just enlisted in an IT course but Ill still call myself a real programmer already" starter package :)
      /s

  • @alonsosa8272
    @alonsosa8272 8 років тому

    Excellent video! One of my favorites so far.

  • @SimonHuenecke
    @SimonHuenecke 5 років тому +4

    Is it possible to combine this attack with IP Spoofing, so that the IP adr is never the same? It would look like 200 different slow people would look at this at a time.

    • @dneendcreeper3239
      @dneendcreeper3239 4 роки тому +1

      Even better than that, the packets are so small that you can easily route them through the Tor network, maybe even with a separate connection for each socket. (Depending on the per socket timeout)

  • @BrunoJuncklaus
    @BrunoJuncklaus 8 років тому

    Dr. Pound is always so good.

  • @TwiiKuuTF2
    @TwiiKuuTF2 8 років тому +4

    It goes up to 11

  • @bluesquare23
    @bluesquare23 5 років тому

    I’m pretty sure you could configure monitoring on a web server to close connection which were slower once Apache’s max connections were reached. But I love the name of this attack!

  • @MD-pg1fh
    @MD-pg1fh 8 років тому +4

    Would you say the server technology is "a patchy" one?

  • @shmink2
    @shmink2 8 років тому

    Does this guy have his own channel? His stuff is the best on the channel and explained so succinctly.

  • @kushy3531
    @kushy3531 8 років тому +10

    Am i the only one who only likes this guy? :o

    • @contingenceBoston
      @contingenceBoston 8 років тому

      Nope.
      And I'll bet I'm not the only one who is happy to a Linux box from my own Linux box.

  • @IntheBleak
    @IntheBleak 7 років тому

    That is so dastardly and elegant.

  • @hellterminator
    @hellterminator 8 років тому +5

    6:03 Dude, that's a public IP.

    • @willway1234
      @willway1234 8 років тому +6

      It's probably local for the University, their local IP address usually look like public ones.

    • @ZacharyClaretScott
      @ZacharyClaretScott 8 років тому

      Probably public, Universities often give out public IP's to clients

    • @bitterlemonboy
      @bitterlemonboy 4 роки тому

      @@willway1234 Yes, it is.

  • @badgerlife9541
    @badgerlife9541 8 років тому

    That was educational and so fun to watch at the same time :) thanks for making this video! Please continue to show more code/ link code in the description.

  • @chongjunxiang3002
    @chongjunxiang3002 8 років тому +14

    Talking about DDoS, well, a lot of disappointed Americans did it to Canada Immigration Department, should it count as DDoS?

    • @anonymousyoutubeguy7940
      @anonymousyoutubeguy7940 4 роки тому

      So are you like the maple version of a Trump supporter. "Damn Americans, comings here too lazy to make hockey sticks like the rest of us; coming here go'n take my job at the hockey stick factory."

  • @johnhurley8918
    @johnhurley8918 7 років тому

    I'm taking a cyber security class now. I've learned about a lot of DoS attacks and this one is the most HILARIOUS attack i've heard of so far.

  • @AmxCsifier
    @AmxCsifier 8 років тому +11

    What's the solution?

    • @boothegoopc8417
      @boothegoopc8417 8 років тому +54

      Typewriters and postage stamps

    • @Hypernerdwithcam
      @Hypernerdwithcam 7 років тому +2

      boothegoo pc No, iptables

    • @critico4396
      @critico4396 7 років тому +4

      Design a thread to handle all the slow connections? ---> Two lorises having fun chatting with each other...

    • @porsche911CarreraRSR
      @porsche911CarreraRSR 7 років тому

      That's not an automatic solution though right? You need an administrator to recognize the problem and block their IP right?

    • @critico4396
      @critico4396 7 років тому

      @Yanni mouzakis I have no idea. Even if it's possible to handle/consolidate slow connections automatically, it just make the attacker pay as much resource as the server in the end.

  • @mynameismichael123
    @mynameismichael123 8 років тому

    love the spinal tap reference on the amplifier

  •  8 років тому +32

    Nginx, need I say more?

    • @noredine
      @noredine 8 років тому +2

      yes, say more please

    •  8 років тому +9

      I'll say that I used Apache 2.2 and then 2.4 for a few years and I'm so happy that I switched to Nginx.

    • @noredine
      @noredine 8 років тому +1

      thanks for more :)

    • @pr0kris
      @pr0kris 8 років тому +2

      Or Node.js

    •  8 років тому +2

      Ljón That's quite different though.

  • @tho207
    @tho207 8 років тому

    loved the video. also please tell Mike to retake neural nets series, I'm eager to see more

  • @modernkennnern
    @modernkennnern 8 років тому +17

    0.:55, look at that amp. 11 :P

  • @DrRChandra
    @DrRChandra 8 років тому +1

    sounds very similar to (or built on) the resource exhaustion attack, where you open up as many sockets as you can muster, but don't send anything. The server runs out of sockets, primarily because the OS is typically going to allocate only so many resources to maintaining sockets in general (just like in *ix there are upper bounds on number of systemwide open file descriptors, number of per-process open file descriptors, number of slots in the process table, number of shared memory segments, number of GIDs of which a process can be a member, and similar arbitrary and sometimes configurable constraints).

  • @jahobr
    @jahobr 8 років тому +5

    This ...................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    works ................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    for .....................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    comments .......................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    ...........................................................................................................................
    too.

  • @userou-ig1ze
    @userou-ig1ze 8 років тому

    thanks so much, the info is gold and the way you present it is perfect

  • @TheAkashicTraveller
    @TheAkashicTraveller 8 років тому +7

    Why not just go: Oh we have a few hundred stupidly slow connections; they're probably not legitimate; lets, for now, decrease the time out, any lost legitimate slow connection are just an acceptable loss.
    Edit: Actually you'd probably have to create a new time out that drops the connection regardless of weather it's still sending data.

    • @trbry.
      @trbry. 8 років тому +1

      sounds like a solution a business owner would agree with.

    • @stensoft
      @stensoft 8 років тому +9

      That is already implemented in Apache, requests have hard limit after which they are dropped. However, the script simply reopens every connection that the server closed. A few legitimate requests may skip through but that would hardly make a shop useable.
      The correct solution is to use a web server that does not spawn a new thread for each connection (usually as a reverse proxy that will collect and resend requests if you still need Apache for your website). Then they can easily handle tens of thousands of such connections.

    • @TeeDawl
      @TeeDawl 8 років тому +2

      That has the problem that the attacker still just opens up new requests. Even if you drop all of the connections quicker, the attacker will also open requests quicker. So the attacker still eats up your threads.

    • @ericsbuds
      @ericsbuds 8 років тому

      I wonder if there is a way that Apache servers can implement a non thread based connection scheme or something. There must be a common fix or prevention method if half of all webservers are running the most vulnerable system!

    • @TeeDawl
      @TeeDawl 8 років тому +1

      ericsbuds "non thread based" do you even know what threads are?

  • @jessemckeown5628
    @jessemckeown5628 8 років тому

    something like this was alluded to in Gibson's "Neuromancer"; fascinating that it sometimes works in the real world!

  • @Tuchulu
    @Tuchulu 8 років тому +6

    Where can I download that brownish windows theme?

    • @MikeTheFailboat
      @MikeTheFailboat 8 років тому +11

      It's actually a different operating system, a Linux distro called Ubuntu.

    • @red_isopat
      @red_isopat 8 років тому

      not windows

  • @Jeremy-fy1sz
    @Jeremy-fy1sz 8 років тому +1

    I was 95% certain at the start of the video that it would consist of uploading a slow loris video to the server and then posting a link on social media....

  • @18tn
    @18tn 8 років тому +110

    my school website is going down :)

    • @OwenPrescott
      @OwenPrescott 8 років тому +94

      Jails website is going down.

    • @fnvtyjkusg
      @fnvtyjkusg 8 років тому +42

      enjoy school

    • @15Redstones
      @15Redstones 8 років тому +31

      put a link to a batch file in a public directory of the school computer system that opens a window that says "I just learned batch!" like a program made from a tutorial so if someone opens it hes just like "k, someone accidentally put this file in the public folder" but it also launches the Slow Loris program as that curious person who opens it. Nobody can see who put that file in the public folder, even if they figure out that when you are curious to open that myfirstbachfile.bat you launch a DDOS on the school site in the background.

    • @toastom
      @toastom 8 років тому +15

      15 Redstones That's genius! Sadly, I'm too scared to even try to do that, because I'm afraid of getting caught. Sometimes I like to fantasize about this kind of stuff, too, but I'd never do it.

    • @15Redstones
      @15Redstones 8 років тому +5

      Thomas Gourley I wouldn't do it either, because I'm actually in our IT club and working on the school homepage, so I am working on making sure that nobody can XSS or SQL-Inject it. Altough maybe I would try it on the local server where we test stuff, since it's our server it would be legal to hack it if I ask my teacher first.

  • @realeques
    @realeques 8 років тому

    I want more from this guy ! He is the best!

  • @rickw2457
    @rickw2457 4 роки тому

    Proving once again.. intuition can out simulate and profess depletion of science anytime one with the gift wants

  • @Fuggix
    @Fuggix 8 років тому

    FYI: You can clear the browser cache of a website and reload it by pressing "ctrl+F5". I think they probably did it the other way (6:35) to get the point across, but it's quite handy if you are developing a site or doing other things.