3. Application level attacks

As an example of an application level attack, the course uses the example of slowloris; keeping sessions open by providing very slow requests. As a mitigation, two Apache modules are proposed.

The following image is the result of the reqtimeout module.


There are a number of parameters in the configuration file that can be set more aggressively.

It is also interesting to see what effect this attack and its moderation meas for the client. I used the same Trackrtt script on the client to see the effect of the attack.

I adjusted the values in reqtimeout.conf to the following values:

RequestReadTimeout header=5-10,minrate=1000
RequestReadTimeout body=5,minrate=1000

Slowloris was started with

/opt/slowloris/slowloris.py -s 200

Attack started at 15, Apache module enabled at 60 and attack ended around 110.

So, apart from a small spike, around 80, the attack seems sufficiently mitigated.