UM Labs

Slow Loris, a primate native to South East Asia  is also the name given to a Denial of Service attack normally targetted at web servers.

The attack gets its name because it works by sending request for a web page line by line, very slowly. By forcing the web server to hold a partial request in memory while waiting for the complete request and by sending multiple partial requests,  the web servers resources can be used up resulting in a denial of service attack which could lead to system failure.

The Session Initiation Protocol (SIP) users a request/response model  similar to HTTP, the protocol which drives the web. Both protcols work by sending multi-line requests and procesing multi-line responses. SIP requests can be much larger than HTTP requests and a smart attacker can inflate a request by adding extension headers which most system will simply ignore, for example

X-HEADER-1:  meaningless padding.......
X-HEADER-2:  meaningless padding.......
X-HEADER-3:  meaningless padding.......

This means that Unified Communications services and IP-PBX systems running SIP are potentially vulnerable to a Slow Loris attack, especially if SIP is run over a connected transport such as TCP or if encryption is enabled to protect call confidentiality.  There are lots of good reasons for enabling these transports, but SIP systems must be protected attacks such as Slow Loris.

Slow Loris is just one of a number of related DoS attacks which can be used against SIP targets. Unicus from UM Labs implements is designed to protect threats at multiple levels including the application level, the target of these attacks.  Any SIP based system protected by Unicus  is NOT vulneable to Slow Loris and related DoS attacks.