R.U.D.Y ( R-U-Dead-Yet ) attack explained

RYouDeadYe tAttack Explained

Wikipedia Explains R.U.D.Y attack as:

This attack targets web applications by starvation of available sessions on the web server. Much like Slowloris, RUDY keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.

What is RUDY ?

R.U.D.Y ( R-U-Dead-Yet ) attack, is a ‘slooooooow’ attack where a form field present on the vulnerable site is exploited by posting legitimate looking HTTP requests having abnormally long length of content. The information is sent across in small segments and with very slow rate which typically is around 10 seconds of interval between each chunk of data. To make the request look more legitimate there are certain scripts which even generates random time gaps between requests.

How RUDY works?

The attack is based on the concept where the data is sent to web server at a very slow rate making server wait, wait and wait… for the connection to close, ultimately exhausting the target server and pushing it to crash down. This long and slow attacks open multiple connections to the target server and keeps it open for as long as possible.

The RUDY attack is named after the album by death metal band Children of Bodom.

READ: No Password Login, Google’s next step

Can RUDY be detected early?

It is difficult to identify the RUDY, as the traffic coming in looks legitimate to server, though a close monitoring can help in identification of RUDY.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

OR  Have something to say, let us know in below comment section.

Excited to hear from you, comment below !