May 26, 2018
The low bandwidth, yet greedy and poisonous HTTP client
Slowloris both helps identify the timeout windows of a HTTP server or Proxy server, can bypass httpready protection and ultimately performs a fairly low bandwidth denial of service. It has the added benefit of allowing the server to come back at any time once the program is killed, and not spamming the logs excessively. It also keeps the load nice and low on the target server, so other vital processes don’t die unexpectedly, or cause alarm to anyone who is logged into the server for other reasons.
The main audience using slowloris is of course a system administrators wanting to measure their webserver’s performance and vulnerability.