Slow-Rate Attack

DDoSPedia An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

Security Research Center

Slow-Rate, or “Low and Slow” attacks involve apparently legitimate traffic arriving at a seemingly legitimate albeit slow rate. Attack tools such as Slowloris, Sockstress, and R.U.D.Y. produce legitimate packets at a slow rate, allowing the packets to pass traditional mitigation strategies undetected. Traffic from such attacks is often hard to detect because it looks like legitimate traffic on OSI Model Layer 7 (the Application Layer) to lower-level security devices.

One possible way to detect such an attack is to perform network behavioral analysis on the network during periods of normal operation and compare such data to that gathered during a Slow-Rate attack. For example, if on one particular network it takes 5 minutes and 10 HTTP sessions to complete a transaction based on network behavioral analysis, if a user spends 5 hours and requires 1,000 HTTP sessions to complete the same transaction they might be an attacker and further security measures may therefore be required.

DDoSPedia Index

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center