Since Gartner’s scathing report regarding the reliability and vulnerability to attack of Microsoft Windows IIS in 2001, many organisations switched to other web-servers the main one being Apache. Due to the change to Apache, hackers were forced to also change the tools they used to compromise web-servers so much so that Apache soon became more ‘vulnerable’ than Microsoft’s IIS as hackers became adept at understanding the issues that Apache has and less organisations implemented Microsoft's IIS

Over the last few days there has been much panic about a new tool that performs a DoS (Denial of Service) attack on various versions of Apache by exhausting available connections. Essentially this tool keeps an http connection open whilst sending further incomplete HTTP requests to the server.

In this case, the server will open the connection and wait for the complete header to be received. However, the client (the DoS tool) will not send it and will instead keep sending bogus header lines which keeps the connection allocated.

For a technical explanation see the Internet Storm Center’s Diary post on the Slowloris Dos Tool

A more in depth explanation without the technical bits can be found at ha.ckers.org but as with all sites which have the word 'hacker' in them you may wish to exercise caution and use a system that is not connected to the main network to view what the makers of the tool have to say about it at http://ha.ckers.org/slowloris/

DoS tools that use up resources are not new. However the problem comes when organisations know nothing about the attack vectors and the defences available while a free ready made tool is available to both the casual script kiddy as well as the more advanced hacker. It is predicted that all sorts of havok will be created as more and more people find out about this tool.

In the meantime, should Apache be the chosen application for your web services then you will need to protect it. There are several to mitigate this attack which can be found on the WebHosting Talk discussion forum thread: Apache Dos Global Attack

IIS users will be glad that for once a Microsoft product has not been affected by a major threat vector.