3. Application level attacks
As an example of an application level attack, the course uses the example of slowloris; keeping sessions open by providing very slow requests. As a mitigation, two Apache modules are proposed.
The following image is the result of the reqtimeout module.
There are a number of parameters in the configuration file that can be set more aggressively.
It is also interesting to see what effect this attack and its moderation meas for the client. I used the same Trackrtt script on the client to see the effect of the attack.
I adjusted the values in reqtimeout.conf to the following values:
RequestReadTimeout header=5-10,minrate=1000
RequestReadTimeout body=5,minrate=1000
Slowloris was started with
/opt/slowloris/slowloris.py 10.128.2.100 -s 200
Attack started at 15, Apache module enabled at 60 and attack ended around 110.
So, apart from a small spike, around 80, the attack seems sufficiently mitigated.