Wikipedia Explains R.U.D.Y attack as:
This attack targets web applications by starvation of available sessions on the web server. Much like Slowloris, RUDY keeps sessions at halt using never-ending POST transmissions and sending an arbitrarily large content-length header value.
What is RUDY ?
R.U.D.Y ( R-U-Dead-Yet ) attack, is a ‘slooooooow’ attack where a form field present on the vulnerable site is exploited by posting legitimate looking HTTP requests having abnormally long length of content. The information is sent across in small segments and with very slow rate which typically is around 10 seconds of interval between each chunk of data. To make the request look more legitimate there are certain scripts which even generates random time gaps between requests.
How RUDY works?
The attack is based on the concept where the data is sent to web server at a very slow rate making server wait, wait and wait… for the connection to close, ultimately exhausting the target server and pushing it to crash down. This long and slow attacks open multiple connections to the target server and keeps it open for as long as possible.
The RUDY attack is named after the album by death metal band Children of Bodom.
Can RUDY be detected early?
It is difficult to identify the RUDY, as the traffic coming in looks legitimate to server, though a close monitoring can help in identification of RUDY.
Subscribe to Blog via Email
OR Have something to say, let us know in below comment section.