Recently the Slowloris Denial of Service attack has jumped in popularity. This attack is similar to SYN flood, but uses HTTP instead, basically consuming sockets on the Web Server vs. trying to saturate all the bandwidth.
This is an interesting attack, particularly because it does not require a lot of bandwidth by the attacker. It is possible to DoS even large sites simply using a common residential Internet connection, and using Slowloris to eat-up the Web Server's ability to respond to other HTTP requests, by sending partial ones itself and thus holding the sockets open.
You can read more about this DoS technique here. While the approach is not new, the working implementation of it “for the masses” is starting to appear more commonly. As we have already received dozens of queries about how to stop this attack, we'd like to inform you that Astaro installations with current/updated Intrusion Protection Patterns will be protected against this, so neither admins nor their Web Servers need to fear. The ID for this new rule is #1000023, and is located in the HTTP Servers Group under the Apache category.
You Can Learn More About the Astaro Internet Security Product Line By Going to www.FirewallShop.com/Astaro.
The original article/video can be found at As Slowloris HTTP DoS Rises Astaro is Ready