CDNetworks Unveils 10 Tbps Capacity Upgrade for Enhanced South & Southeast Asia Network Performance - Learn More

Security Glossary: Cybersecurity

Slowloris DDoS Attack

A Slowloris DDoS (Distributed Denial of Service) attack is a type of cyberattack that targets Layer 7 of the OSI (Open Systems Interconnection) model, specifically aiming to disrupt the availability of web services. Named after the slow-moving Asian primate, the slow loris, this attack method is designed to overwhelm a target, such as a computer, web server, database, or API, by opening and maintaining a large number of simultaneous TCP (Transmission Control Protocol) connections to the target’s fully qualified domain name (FQDN).

The hallmark of a Slowloris attack is its ability to generate a low rate and/or volumes of HTTP requests or connections per connected session. By doing so, it consumes the target’s resources without necessarily requiring a high bandwidth. Some attacking IPs may open numerous TCP connection attempts and use these additional open connections or sessions to combine incoming requests, further exhausting the application or database resources.

Slowloris attacks are particularly insidious because they can last for an extended period when undetected. They are often difficult to identify and mitigate because the attack traffic can mimic legitimate traffic, making it challenging for traditional security measures to distinguish between normal and malicious activity.

The technique of Slowloris attacks was popularized by common attack tool frameworks such as HOIC (High Orbit Ion Cannon) and LOIC (Low Orbit Ion Cannon), which were used by various threat actor groups, including Anonymous, the Iranian government, and Killnet. These tools made it easier for attackers to launch Slowloris attacks with minimal technical expertise.

Today, the technique continues to be employed by various threat actors, who leverage modernized infrastructure and command-and-control systems to carry out these attacks. As a result, organizations need to implement advanced security measures, such as application-layer firewalls and rate limiting, to detect and mitigate Slowloris attacks effectively and protect their web services from downtime and disruption.

Learn More About Cybersecurity

Data Leakage Protection (DLP)

Man in the Browser (MitB)

Man in the Middle (MitM)

Sensitive Data Exposure (Data Leakage)

ARP Spoofing

Buffer Overflow

Enterprise Application Security

Secure Internet Gateway

Service Mesh

Slowloris DDoS Attack

Web Application Attack

Attack Vector

Two Factor Authentication (2FA)

Cross-Site Request Forgery (CSRF) Attack

Domain Name Server (DNS) Hijacking

DNS Protection

HTML Injection

HTTP Verb Tampering

Disaster Recovery Solutions

Failover Solutions

Data Breach

Data Encryption

Data Lakes

Data Security

Lateral Movement

Domain Generation Algorithms

Segmented Network

WAAP