One of the researchers at Qualsys Labs has created a proof-of-concept denial-of-service (DOS) attack that, in theory, could turn a speedy server into a slow computer virtually undetected. How? Simply by changing the way a server must respond to an incoming packet of information.

Slow DOS Attack Concept Not New

The idea of attacking a Web server one piece at a time isn’t new. In 2009, Slowloris demonstrated the “death-by-a-thousand-HTTP-requests” approach, in which partial page requests are dribbled out in a maddeningly slow fashion. After awhile, Slowloris can clog up most or all available TCP ports, effectively stopping the server in its tracks.

The latest evolution of the slow death takes a different approach. Instead of issuing partial requests, Slow Read issues full page requests but then slows down the server by reading the response ever so slowly. In addition, the attack could exploit the variable TCP packet size to create zillions of exceedingly tiny packets, which are then read oh-so-slowly. The server, which is ready to send data, must hold unread packets in a buffer, waiting for the attacker to request more data. If a number of malefactors applied this to the same server, the server would simply stop working for legitimate users as it waited to ship little, tiny data packets to the slow readers of the world.

The result: one seriously slow computer. What is the likelihood that the Internet will suddenly screech to a halt with this? Not much. Server admins can prevent this kind of attack by configuring Web servers (or any server – really – that uses TCP/IP) to refuse connections to requestors that set unreasonably small data packet sizes. They could also address the issue by timing out requests. If a page request can’t be completed (on the recipient’s side) within a certain reasonable period of time, the connection could be (and should be) dropped.

The theoretical attack, however, does underscore the role of data transmission in computer performance. Sometimes computers that are connected to a network are exceedingly slow – not because something’s wrong with them – but because something’s wrong with the computer on the other end of the connection.

That’s always something to take into consideration when trying to troubleshoot a computer problem. If the problem occurs during a network connection, disconnect the computer from the network. If performance improves, you know that the problem is related to the network connection and not to the computer in question.

Photo Credit: ivanpw, via Flickr

Tags: fix slow computer, registry cleaner, slow computer, speed up computer