https://live.paloaltonetworks.com/t5/general-topics/any-defenses-against-slow-http-post-dos/m-p/51065#M37577 <HTML><HEAD></HEAD><BODY><P><A class="jive-link-external-small" href="http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=228000532&amp;cid=nl_DR_daily_2010-11-02_html">http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=228000532&amp;cid=nl_DR_daily_2010-11-02_html</A></P><P></P><P>Just wondering if there is anything our PA can do to protect from this kind of exploit?</P><P></P><P>Jim</P></BODY></HTML> Tue, 02 Nov 2010 13:42:25 GMT JKoss 2010-11-02T13:42:25Z https://live.paloaltonetworks.com/t5/general-topics/any-defenses-against-slow-http-post-dos/m-p/51065#M37577 <HTML><HEAD></HEAD><BODY><P><A class="jive-link-external-small" href="http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=228000532&amp;cid=nl_DR_daily_2010-11-02_html">http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=228000532&amp;cid=nl_DR_daily_2010-11-02_html</A></P><P></P><P>Just wondering if there is anything our PA can do to protect from this kind of exploit?</P><P></P><P>Jim</P></BODY></HTML> Tue, 02 Nov 2010 13:42:25 GMT https://live.paloaltonetworks.com/t5/general-topics/any-defenses-against-slow-http-post-dos/m-p/51065#M37577 JKoss 2010-11-02T13:42:25Z https://live.paloaltonetworks.com/t5/general-topics/any-defenses-against-slow-http-post-dos/m-p/51066#M37578 <HTML><HEAD></HEAD><BODY><P>Hi Jim,</P><P><BR />We are looking into this. I'll send an update when I have more information.</P><P></P><P>Thanks,<BR />Sandeep </P></BODY></HTML> Tue, 02 Nov 2010 18:08:28 GMT https://live.paloaltonetworks.com/t5/general-topics/any-defenses-against-slow-http-post-dos/m-p/51066#M37578 migration 2010-11-02T18:08:28Z https://live.paloaltonetworks.com/t5/general-topics/any-defenses-against-slow-http-post-dos/m-p/51067#M37579 <HTML><HEAD></HEAD><BODY><P>Anything happening with this?</P></BODY></HTML> Tue, 03 Sep 2013 15:48:10 GMT https://live.paloaltonetworks.com/t5/general-topics/any-defenses-against-slow-http-post-dos/m-p/51067#M37579 JKoss 2013-09-03T15:48:10Z https://live.paloaltonetworks.com/t5/general-topics/any-defenses-against-slow-http-post-dos/m-p/51068#M37580 <HTML><HEAD></HEAD><BODY><P>There are a few candidates in the threatvault:</P><P></P><P>This event indicates that someone want to exhaust the apache resources, as described by slowloris.</P><P><A href="https://threatvault.paloaltonetworks.com/Home/ThreatDetail/40018" title="https://threatvault.paloaltonetworks.com/Home/ThreatDetail/40018">https://threatvault.paloaltonetworks.com/Home/ThreatDetail/40018</A></P><P></P><P>This event indicates a DOS attack against IIS server.</P><P><A href="https://threatvault.paloaltonetworks.com/Home/ThreatDetail/40019" title="https://threatvault.paloaltonetworks.com/Home/ThreatDetail/40019">https://threatvault.paloaltonetworks.com/Home/ThreatDetail/40019</A></P><P></P><P>Among others.</P><P></P><P>There is also zone-protection but I cant find any good setting regarding "slow" connections in there (only stuff like number of concurrent sessions etc).</P><P></P><P>Edit: Hopefully these docs might be helpful:</P><P></P><P><A class="jive-link-wiki-small" data-containerid="2027" data-containertype="14" data-objectid="1746" data-objecttype="102" href="https://live.paloaltonetworks.com/docs/DOC-1746">https://live.paloaltonetworks.com/docs/DOC-1746</A></P><P></P><P><A class="jive-link-wiki-small" data-containerid="2027" data-containertype="14" data-objectid="3767" data-objecttype="102" href="https://live.paloaltonetworks.com/docs/DOC-3767">https://live.paloaltonetworks.com/docs/DOC-3767</A></P></BODY></HTML> Tue, 03 Sep 2013 18:48:30 GMT https://live.paloaltonetworks.com/t5/general-topics/any-defenses-against-slow-http-post-dos/m-p/51068#M37580 mikand 2013-09-03T18:48:30Z