RUDY (R-U-Dead-Yet?) attack is a slow-rate HTTP POST (Layer 7) attack tool used to achieve denial-of-service (DoS) by using long form field submissions. By injecting one byte of information into an application POST field at a time and then waiting, a RUDY attack causes application threads to await the end of never-ending posts in order to perform processing (this behavior is necessary in order to allow web servers to support users with slower connections). Since R.U.D.Y. causes the target webserver to hang while waiting for the rest of an HTTP POST request, by initiating simultaneous connections to the server the attacker is ultimately able to exhaust the server's connection table and create a denial-of-service condition.

As the information relayed is in small chunks and at a very slow rate, it is identified as a low and slow RUDY DDOS attack. While DDoS attacks are volumetric in nature and can be detected by the abnormally high rates of incoming traffic fluctuations, the low-and-slow RUDY attack is hard to detect because the traffic appears to be legitimate.

See also: Nginx DoS

See also: Low and Slow

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center