Cloud Hosting

R.U.D.Y. (R-U-Dead Yet) is a denial-of-service attack tool. Unlike most DoS and DDoS attack tools, the R.U.D.Y. attack tool uses Layer 7 (it is an application layer attack).

The attack technique of the R.U.D.Y. tool is very similar to the Slowloris attack. It uses slow attack traffic and its aim is not to flood the web server but to exhaust the number of connections making it impossible for legitimate users to establish connections.

Typical DDoS protection does not work as effectively in the case of attacks such as R.U.D.Y. or Slowloris as in the case of simpler attack types such as the Low-Orbit Ion Cannon. Long form field submissions are very difficult to distinguish from legitimate slow Internet connections. Also, simple methods such as limiting the number of requests from a single IP will not work if the R.U.D.Y. attack is performed as a distributed denial-of-service attack.

The most effective mitigation method for slow connection attacks is to eliminate all slow connections by carefully configuring the web server and the operating system to limit timeout values. However, the side effect of such an approach is that legitimate users with slow Internet connections may be unable to use the website or web application.

Another effective method is to use software that is less susceptible to such DoS attacks, for example, nginx. If you cannot change the server that you are using, you can set up an nginx reverse proxy to protect your web application. You can also use cloud content delivery networks, which are able to handle a large number of connections.

Web servers are susceptible to the R.U.D.Y. attack not because they have some kind of vulnerability. Servers, by design, should allow slow connections because there are users with low Internet speeds.

Therefore, unfortunately, there are no web application vulnerability scanners that can help you protect your website or web application against such attacks. However, using Acunetix you can eliminate a lot of other vulnerabilities that may be used along with a DoS attack to try to cripple your web assets.

Get the latest content on web security in your inbox each week.

Tomasz Andrzej NideckiTechnical Content Writer

Tomasz Andrzej Nidecki (also known as tonid) is a Technical Content Writer working for Acunetix. A journalist, translator, and technical writer with 25 years of IT experience, Tomasz has been the Managing Editor of the hakin9 IT Security magazine in its early years and used to run a major technical blog dedicated to email security.

More here:
What Is the R.U.D.Y. Attack - Security Boulevard