PyLoris DDoS Tool
PyLoris is a scriptable tool for testing a service's level of
vulnerability to a particular class of Denial of Service (DoS) attack.
Any service that places restrictions on the total number of simultaneous
TCP connections has the potential for vulnerability to PyLoris.
Additionally, services that handle connections in independent threads,
services that poorly manage concurrent connections, and services that
have high memory footprint per connection are prone to this form of
vulnerability.
PyLoris uses the
Slowloris method
originally described by RSnake: by creating a large number of full TCP
connections and keeping them open, services will soon hit the upper
limit of the number of maintained connections. Unlike traditional DoS
attacks, this is a direct attack on a service, not the hardware. The
primary source of problem in a PyLoris attack is artificial constraints
placed on the software, not hardware inadequacies.
Get PyLoris
The current version of PyLoris is 3.0. Improvements in this version include:
- A never before seen Graphical User Interface
- A Scripting API allowing for prepackaged attacks
- A protocol agnostic request builder
- A fully rewritten code base
PyLoris 3.0 requires
Python 2.x to run. The latest version of PyLoris can be downloaded from
http://www.sourceforge.net/project/pyloris.
What's new in PyLoris 3.0?
PyLoris 3.0 is a complete rewrite of the PyLoris code base.
Everything was rethought, restructured, and rebuilt from the ground up.
Along the way, I developed a feature set that I felt it needed, while
retrospectively analyzing how PyLoris' users were trying to use it. In
the end PyLoris 3.0 was given a GUI, a Scripting interface, and a
threaded API.
Click here to read more about the features and improvements in PyLoris 3.0.
What is PyLoris?
PyLoris is a tool that can be used to test web servers for a
vulnerability to a specific class of Denial of Service attack. This
class of attack is described by RSnake--along with the original proof of
concept--at http://ha.ckers.org/slowloris.
Click here to read a short discussion on the cause and impact of PyLoris.
Using PyLoris
Using PyLoris is simple. In its most basic form, PyLoris merely needs a copy of Python to run.
Click here for information on utilizing PyLoris and all of its features.
Frequently Asked Questions
There are a lot of questions and rumors about PyLoris and Slowloris. I try to answer them to the best of my ability.
Click here for answers to technical and non-technical questions regarding PyLoris
About PyLoris
While reading through an article on Hack a Day, I came across RSnake's idea, as well as his implementation of this attack.
Click here to read the backstory behind PyLoris.
Special Thanks
There are a number of people who helped me in immeasurable ways.
This is a short list of people that helped in the building and testing of PyLoris.
0 comentarii:
Trimiteți un comentariu