Instead of generating a sudden burst in traffic volume, Low and Slow attacks, also known as low rate, fly under the radar. The aim is to tie up every connection with slow requests, preventing genuine traffic from accessing the application or server. Common methods include sending partial HTTP requests and sending small data packets or “keep alive” messages to keep the session from going idle or timing out. These attack vectors are not only hard to block, but also to detect.
There are several known tools that are available for perpetrators to launch low and slow attacks including Slowloris, SlowPOST, SlowHTTPTest, Tor’sHammer, R.U.Dead.Yet and LOIC.