How does loic work
In the "Sockets / Thread" field you can define the number of connections per thread. To consume even more memory you can additionaly check the "use gZip" - but remember the resulting document has to be of reasonable size! This value should be initially lower than the maximum allowed half-open connections. The amount of worker "threads" can be changed during the attack at any time. This must be less than the write timeout on the target side. The "Timeout" field is for the wait time in seconds between reading from each socket. If "Wait for reply" is checked, ReCoil follows Header redirects and discards early documents, which are smaller than 16KB. (usefull with dynamic pages and get-parameters) If "Append random chars" is checked, 6 random characters are added at the end of the subsite. (keep the size in mind and do a bit scouting!)
![how does loic work how does loic work](https://static.protectair.eu/images/blog/etos_protectair.jpg)
In the "subsite" you can specify the page to request. NOTE: Your LOCAL link speed is the essential key not your internet speed! (meaning if you have a 1MBit internet connection and you are have a 1 gigabit link to your modem / router, you are pretty much screwed! -> target pdfs or big stuff like that!) Options For most 10/100 connections around 24KB should work, while on gigabit connections filesizes beyond 64KB are needed. The exact minimum filesize depends on the network buffer space of the attacking system. Prerequisiteĭue to the nature of the attack the requested site has to be at least 24kb (better larger). Think of it as a bunch of mobile devices requesting a page just before driving through a tunnel. ReCoil however is not as "easy" mitigated as SlowLoris. If the server runs out of available ressources and goes down, there might be an system error entry.Įspecially all servers, that are vulnerable to SlowLoris, are vulnerable to this attack. The attack itself produces NO errors - there are just a bunch of HTTP 200 in the access logs.
![how does loic work how does loic work](https://www.troyhunt.com/content/images/2016/02/28412840image10.png)
It is more like a "reverse" DOS-attack.Ī fully legimit request is made but the download-speed is slowed down to nearly 0 by reading just enough from the network to keep the socket alive. The ReCoil attack focuses on keeping the connections alive as long as possible, but it is not the same as SlowLoris.