Fortinet 34 FortiWeb 5.0 Patch 6 Administration Guide
HTTP sessions & securityThe HTTP 1.1 protocol itself is stateless (i.e., has no inherent support for persistent sessions).
Yet many web applications add sessions to become stateful.
Why?
What is a session? What is statefulness?
How do they impact security on the web?
Sessions are a correlation of requests for individual web pages/data (“hits”) into a sense of an
overall “visit” for a client during a time span, but also retain some memory between events.
They typically consist of a session ID coupled with its data indicating current state.
Classic examples include logins, showing previously viewed items, and shopping carts.
The reason why HTTP applications must add sessions is related to how software works:
software often changes how it appears or acts based upon:
• Input you supply (e.g. a mouse click or a data file)
• System events (e.g. time or availability of a network connection)
• Current state (i.e. the product of previous events — history)
Slowloris Slowly but steadily consumes all available
sockets by sending partial HTTP requests sent
at regular intervals. Each HTTP header is never
finished by a new line (/r/n) according to the
specification, and therefore the server waits for
the client to finish, keeping its socket open.
This slowly consumes all sockets on a web
server without a noticeable spike on new
TCP/IP connections or bandwidth.
Not all web servers are vulnerable, and
susceptibility can vary by configuration. Default
Apache configurations may be more vulnerable
than a server like nginx that is designed for
high concurrency.
Header Length
Number of Header Lines In
Request
Real Browser Enforcement
Persistent Server Sessions
SYN flood Sends a stream of TCP SYN packets. The
target server acknowledges each SYN and
waits for a response (ACK). Rather than
respond, the attacker sends more SYN
packets, leaving each connection half-open,
not fully formed, so that it may not register on
systems that only monitor fully formed
connections. Since each half-formed
connection requires RAM to remember this
state while awaiting buildup/tear-down, many
SYN signals eventually consume available RAM
or sockets.
Syn Cookie
Tabl e 3 : DoS-related threats
Attack
Technique
Description FortiWeb Solution