| http://dbpedia.org/ontology/abstract
|
The term Slow DoS Attack (abbreviated to S … The term Slow DoS Attack (abbreviated to SDA) was introduced in 2013, to clearly define a specific category of denial of service attacks which make use of low-bandwidth rate to accomplish their purpose.Similar terms can be found in literature, such as:
* application layer DoS, focusing on attacks targeting the application layer only, while a Slow DoS Attack may exploit lower-layers of the ISO/OSI stack
* low-rate DoS, focusing on the characteristics of using a limited amount of attack bandwidth, hence, for instance, including also exploit-based threats Particularly, in order to reduce bandwidth, a Slow DoS Attack often acts at the application layer of the ISO/OSI stack (e.g. in case of timeout exploiting threats), although this is not a requirement.Such layer is however easier to exploit in order to successfully attack a victim even by sending it few bytes of malicious requests. The purpose of a Slow DoS Attack is (often, but not always) to cause unavailability of a network service, by seizing all the connections the daemon is able to concurrently manage, at the application layer.Under such condition, any new incoming connection, even from potentially legitimate clients, will not be accepted by the daemon, hence leading to a denial of service.In addition, once a connection is established/sized by the attacker, the adversary would keep it alive as long as possible (hence, avoiding connection closures, which could potentially free-up resources for legitimate clients).In order to keep connections alive, reducing at the same time the attack bandwidth, considering a single connection, data are sent to the target service only at specific times, by exploiting the so-called Wait Timeout parameter, scheduling a periodic data sending activity (at the application layer): once the timeout expires, a specific payload (depending on the attack type and the approach used by the malicious user) is sent to the targeted daemon.While at lower layers of the ISO/OSI stack, timeouts may be relatively short, in this case, it may assume particularly long values, in the order of minutes.arly long values, in the order of minutes.
|
| rdfs:comment |
The term Slow DoS Attack (abbreviated to S … The term Slow DoS Attack (abbreviated to SDA) was introduced in 2013, to clearly define a specific category of denial of service attacks which make use of low-bandwidth rate to accomplish their purpose.Similar terms can be found in literature, such as:
* application layer DoS, focusing on attacks targeting the application layer only, while a Slow DoS Attack may exploit lower-layers of the ISO/OSI stack
* low-rate DoS, focusing on the characteristics of using a limited amount of attack bandwidth, hence, for instance, including also exploit-based threatsance, including also exploit-based threats
|
