[tor-bugs] #23527 [Internal Services/Tor Sysadmin Team]: Our web server is probably vulnerable to slowloris attack
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 15 15:25:38 UTC 2017
#23527: Our web server is probably vulnerable to slowloris attack
-------------------------------------------------+---------------------
Reporter: gk | Owner: tpa
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+---------------------
Comment (by dcf):
BTW [https://nmap.org/nsedoc/scripts/http-slowloris-check.html http-
slowloris-check] is an Nmap script. You can try to reproduce it yourself
using this command. When I tried it just now, it didn't detect any
vulnerability, even against the same IP address as in attachment:tor.PNG,
82.195.75.101.
{{{
$ nmap -p 80,443 --script http-slowloris-check www.torproject.org
Starting Nmap 7.60 ( https://nmap.org ) at 2017-09-15 08:22 PDT
Nmap scan report for www.torproject.org (82.195.75.101)
Host is up (0.18s latency).
Other addresses for www.torproject.org (not scanned): 38.229.72.16
89.45.235.21 154.35.132.70 138.201.14.197
2001:41b8:202:deb:213:21ff:fe20:1426 2001:6b0:5a:5000::5
2620:0:6b0:b:1a1a:0:26e5:4810 2a01:4f8:172:1b46:0:abba:5:1
rDNS record for 82.195.75.101: listera.torproject.org
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 24.16 seconds
}}}
You can see what the script is doing in its source code:
https://svn.nmap.org/nmap/scripts/http-slowloris-check.nse. You can get
more debugging output using the `-d` option, like `[http-slowloris-check
82.195.75.101:80] Time difference is: 0`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23527#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list