RUDY ATTACKS R.U.D.Y. (short for R-U-Dead-Yet?) is a DoS too | Lᴇᴀᴋᴇʀs Sǫᴜᴀᴅ

RUDY ATTACKS

R.U.D.Y. (short for R-U-Dead-Yet?) is a DoS tool used to execute slow-rate attacks (similar to Slowloris), which is implemented via long form field submissions.

Slow rate, Layer-7 DDoS attacks, also called “low and slow” attacks, attempt to open a relatively few connections to the targeted server or web site over a period of time, and leave the sessions open as long as possible.

Eventually, the number and length of open sessions exhaust the target’s resources, making it unavailable to legitimate traffic. Because low and slow attack traffic appears legitimate, these attacks often fly under the radar of traditional mitigation tools.

How Does the RUDY Attack Work

1. The attacker points the R.U.D.Y. attack tool at an URL.

2. The tool starts crawling the website or web application until it finds form fields.

3. The tool then creates an HTTP POST request with the content-length HTTP header set to a very large value.

4.The tool begins form submission but sends form data at a very slow rate. It divides data into numerous small packets and sends them a few seconds after one another. This makes it possible for the tool to keep the connection open for a long period of time.

5. With many instances of the tool doing the same slow HTTP requests, the HTTP server’s connection table or other server resources (depending on your technology stack) are exhausted. As a result, the server can no longer handle legitimate traffic.

6. The attack may be performed from one IP address or, to make it more difficult to protect against, from several IP addresses as a distributed denial-of-service attack.

Tl;dr : Rudy ddos attack exhausts compute power instead of bandwidth

https://github.com/sahilchaddha/rudyjs