Check Point Advisories

Partial HTTP Requests Denial of Service

Check Point Reference: SBP-2009-09
Date Published: 14 Jul 2009
Severity: High
Last Updated: Sunday 29 March, 2015
Source:
Protection Provided by:

Security Gateway
R81, R80, R77, R75, R71, R70, R65
Who is Vulnerable?
Vulnerability Description Slowloris is a HTTP Denial of Service tool written in PERL. This is how the tool works: The tool sends an HTTP request with a partial header. The server will open the connection and wait for the complete header to be received. However, the DoS tool will not send it and will instead keep sending bogus header lines which will keep the connection allocated. Eventually the connection table of the server will be filled up and the server will not be able to serve any other connection.

Protection Overview

This protection will block HTTP connections attempting to carry out this attack.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70 / R65

  1. In the IPS tab, click Protections and find the Partial HTTP Requests Denial of Service protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Server Enforcement Violation.
Attack Information:  Partial HTTP requests denial of service

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK