I will talk about the SlowLoris, not the animal but the computer attack. An attack that people do not know most of the time, but that's really impacting.
SlowLoris attack
This attack is a Denial of Service (DOS) type of attack. It was released in 2009 by Robert Hansen also know as "RSnake".
The idea behind the SlowLoris attack is to impact a service by using very low bandwidth.
How is it possible ?
Slowloris opens many connections to the target web server, then it will try to keep and hold them open as long as possible.
This can be done by sending a partial request. Practically, it will send subsequent HTTP headers, adding to the request, but never completing them.
The unsafe servers will keep these connections open, filling up their maximum concurrent connections pool, to finally denying additional connection attempts from other clients. In another words, the service is no longer reachable.
How to mitigate this kind of attack ?
Limiting the simultaneous number of connections by IP.
Set a timeout on HTTP connections.
Increase the number of clients allowed.
Impose a minimum bandwidth speed.
Use a reverse proxy that handles this attack.
Some software is more vulnerable than others. Apache is particulary impacted unlike Nginx, Lighttpd or Cherokee web servers.
