Hands-on denial of service lab exercises using Slowloris and RUDY

Proceedings of the 2012 Information Security Curriculum Development Conference, InfoSec CD 2012

Volumn , Issue , 2012, Pages 21-29

  Damon, Evan ^a   Dale, Julian ^a   Laron, Evaristo ^a   Mache, Jens ^a   Land, Nathan ^b   Weiss, Richard ^c  

^a LEWIS AND CLARK COLLEGE   (United States)

^b Renesys Corp   (United States)

^c EVERGREEN STATE COLLEGE   (United States)

Author keywords

Body; Denial of service (DoS); GET; Header; Hypertext transfer protocol (HTTP); POST; R U Dead Yet? (RUDY); SlowLoris

Indexed keywords

BODY; DENIAL OF SERVICE; GET; HEADER; POST; R-U-DEAD-YET? (RUDY); SLOWLORIS;

COMPUTER CRIME; CURRICULA; HTTP; HYPERTEXT SYSTEMS; PERSONAL COMPUTING; SECURITY OF DATA; TEACHING; TRANSMISSION CONTROL PROTOCOL;

STUDENTS;

EID: 84870481764     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2390317.2390321     Document Type: Conference Paper

References (13)

1. Anpilova, N., Das, S., Goodhart, B., Marsh, S, 2011. The HTTP POST Distributed Denial of Service Exploit. INFS 612 Summer 2011 PGN#1
2. Bowne, S., 2009. Slowloris - stopping Apache Web servers. DEFCON '09. http://samsclass.info/seminars/DEFCON09-Bowne-Slowloris.doc
3. Caltagirone, S., Ortman, P., Melton, S., Manz, D., King, K., Oman, P. 2006. Design and implementation of a multi-use attack-defend computer security lab. In Proceedings of the 39th Hawaii International Conference on System Sciences. HICSS USA.
4. Du, W. 2011. SEED Project. Syracuse University. http://www.cis.syr.edu/ ~wedu/seed/
5. Mink, M., and Freiling, F.C. 2006. Is attack better than defense? Teaching information security the right way. In Proceedings of the 3rd Annual Conference on Information Security Curriculum Development, InfoSecCD '06, pp 44-48, Kennesaw, Georgia.
6. Mirkovic, J., Wei, S., Hussain, A., Wilson, B., Thomas, R., Schwab, Fahmy, S., Chertov, R., and Reiher, P., 2007. DDoS benchmarks and experimenter's workbench for the DETER testbed. In Proceedings of the Tridentcom 2007, May. http://www.eecis.udel.edu/~sunshine/publications/tric.pdf
7. Nance, K., Hay, B., Dodge, R., Wrubel, J., Burd, S., Seazzu, A. 2009. Replicating and sharing computer security laboratory environments, In Proceedings of the 42nd Hawaii International Conference on System Sciences. HICSS. http://www.hicss.hawaii.edu/hicss-46/Virtualization.pdf
8. Nestler, V., White, G., Conklin, W., Hirsch, M., Schou, C. 2011. Principles of Computer Security CompTIA Security+ and Beyond Lab Manual, Second Edition.
9. Tavani, H. 2010. Ethics and Technology: Controversies, Questions, and Strategies for Ethical Computing, Wiley.
10. Taylor, B., Azadegan, S., Kaza, S., O'Leary, M., Turner, C. 2012. Security Injections. Towson University.
11. Trabelsi, Z. 2011. Hands-on lab exercises implementation of DoS and MiM attacks using ARP cache poisoning. In Information Security Curriculum Development Conference, InfoSecCD '11, Kennesaw, Georgia. pp 74-83.
12. Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., Shenker, S. 2010. DDoS defense by offense. In ACM TOCS: Volume 28: Issue 1; Article No. 3.
13. Zalewski, M; Ciobanu, A. I. 2007. Re: a cheesy Apache/IIS DoS vulnerability (and a question). Bugtraq. Retrieved July 6, 2012 http://www.securityfocus.com/archive/1/455833/30/0/threaded