Feedback Technical Grievances

You are seeing this page because you are using adblocking, a proxy, are browsing in private mode, are using a browser that is incompatible, or you need to enable javascript and/or cookies.
If you feel you have reached this message in error, please click below to try again.


yeah this bitch can drink bleach, i hope she has cutting scars
 
  • Semper Fidelis
  • Like
  • Feels
Reactions: Drama keen, Pineapple Fox, YayLasagna and 11 others
Yeah dude, modified slowloris, right when I read your header when I logged in that was my first thought. Read your post a couple back and thought "he has good instincts." Pretty slick shit if your a skid from defcon 19. Sam Bowne continually giving people great ideas with no idea who he is giving great ideas to. Lol that ASN number is making you a target for the network nerds, Josh. Here comes the arms race; you mitigate, they attack, you mitigate, they change vectors again, story of an admin. It's like "Death of a Salesman" with worse dialogue.

My big fear is you were actually compromised and we are no longer talking to Josh. Would you submit to testing? Perhaps Voight-Kampff or DNA? Your choice.
 
  • Like
  • Winner
Reactions: George Floyd Sneed, dirt lamb, A Cold Potato and 1 other person
Wait....I thought Cloudflare could stop Slowloris?
 
Fondful Memories said:
Is slowloris still a thing in 2019?
Click to expand...
I think the requirements to pull it off are much higher now. I realize in retrospect that this error has been around for a very long time with only slight success in causing problems. I think recently he's upgraded his stresser package.

Hoss said:
Wait....I thought Cloudflare could stop Slowloris?
Click to expand...
It did. That was how I knew it was an attack.

kiwifarms.cc

Josh: “It was some sort of hostile activity but I don't know what to call it. Somehow, via HTTP, they were able to lock up hundreds of NGINX workers and hundreds of PHP-FPM workers without any spike in H...”

Josh (@josh@kiwifarms.cc): “It was some sort of hostile activity but I don't know what to call it. Somehow, via HTTP, they were able to lock up hundreds of NGINX workers and hundreds of PHP-FPM workers without any spike in H...”
kiwifarms.cc kiwifarms.cc
 
  • Informative
  • Like
Reactions: A Cold Potato and Hoss
Fondful Memories said:
Is slowloris still a thing in 2019?
Click to expand...

Unfortunately it's very hard to patch out a fragmented HTTP request because it assumes something down the line messed up and waits for another packet. Once it ABOUT hits the timeout limit it sends another fragment. Differentiating Slowloris from a really shitty connection is difficult but doable. Reverse Proxies usually stop them.
 
  • Like
  • Informative
Reactions: Kosher Salt, George Floyd Sneed, A Cold Potato and 2 others
Null said:
I think the requirements to pull it off are much higher now. I realize in retrospect that this error has been around for a very long time with only slight success in causing problems. I think recently he's upgraded his stresser package.
Click to expand...

I believe Apache is still quite vulnerable to it.

Null said:
One thing I need to figure out what happens if the php upstream is on a different server. Does it read local or remote files?
Click to expand...

If it's on a different server then wouldn't it require an xmlhttprequest or are you routing it through a simple TCP connection?

BandAid said:
Yeah dude, modified slowloris, right when I read your header when I logged in that was my first thought. Read your post a couple back and thought "he has good instincts." Pretty slick shit if your a skid from defcon 19. Sam Bowne continually giving people great ideas with no idea who he is giving great ideas to. Lol that ASN number is making you a target for the network nerds, Josh. Here comes the arms race; you mitigate, they attack, you mitigate, they change vectors again, story of an admin. It's like "Death of a Salesman" with worse dialogue.

My big fear is you were actually compromised and we are no longer talking to Josh. Would you submit to testing? Perhaps Voight-Kampff or DNA? Your choice.
Click to expand...

The scary thing is Slowloris isn't remotely the worst HTTP attack. Slowdroid is a good example of a server killer (You can kill a server with your phone). HTTP. REST, and other Layer 7 protocols have some jank shit you can exploit like requesting a window size of 0. Or just do what Slowdroid does and send a HTTP header with nothing but spaces behind it. There are also BASH exploits as well.
 
Last edited:
  • Informative
  • Like
  • Thunk-Provoking
Reactions: Kosher Salt, George Floyd Sneed, ⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛ and 2 others
Was someone doing this attack on Kiwi Farms?

en.wikipedia.org

Slowloris (computer security) - Wikipedia

en.wikipedia.org en.wikipedia.org

Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to—but never completing—the request. Affected servers will keep these connections open, filling their maximum concurrent connection pool, eventually denying additional connection attempts from clients.[1]
Click to expand...

Informative video by Dr Mike Pound, whom God preserve!

 
Last edited:
  • Agree
  • Informative
  • Like
Reactions: Kosher Salt, George Floyd Sneed, A Cold Potato and 3 others
It's not just that. People have been trying a lot of shit. I'm getting good at mitigating it.

Traffic this month.
1564413520635.png

Traffic this week.
1564413595777.png

Traffic last 24 hours.
1564413677136.png
 
  • Like
  • Semper Fidelis
  • Informative
Reactions: Kosher Salt, ConfederateIrishman, George Floyd Sneed and 7 others
Oh, the image proxy is broken again. Start learning to use attachments I guess. I really should just break it completely.
 
You must log in or register to reply here.
Back