A Low and Slow DDoS attack, also known as a slow-rate attack, involves what appears to be legitimate traffic at a very slow rate. This type of state exhaustion DDoS attack targets application and server resources and is difficult to distinguish from normal traffic. Common attack tools include Slowloris, Sockstress, and R.U.D.Y. (R U Dead Yet?), which create legitimate packets at a slow rate, thus allowing the packets to go undetected by traditional mitigation strategies. Low and slow attacks are often HTTP focused but can also involve Long-Lived TCP sessions (slow transfer rates) that attack any TCP-based service.

Low and Slow DDoS Attack