Slow-Rate Attack

Slow-Rate, or "Low and Slow" attacks involve apparently legitimate traffic arriving at a seemingly legitimate albeit slow rate. Attack tools such as Slowloris, Sockstress, and R.U.D.Y. produce legitimate packets at a slow rate, allowing the packets to pass traditional mitigation strategies undetected. Traffic from such attacks is often hard to detect because it looks like legitimate traffic on OSI Model Layer 7 (the Application Layer) to lower-level security devices.

One possible way to detect such an attack is to perform network behavioral analysis on the network during periods of normal operation and compare such data to that gathered during a Slow-Rate attack. For example, if on one particular network it takes 5 minutes and 10 HTTP sessions to complete a transaction based on network behavioral analysis, if a user spends 5 hours and requires 1,000 HTTP sessions to complete the same transaction they might be an attacker and further security measures may therefore be required.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center