R.U.D.Y ATTACK

R.U.D.Y attack also known as R U Dead Yet attack, is a low-and-slow DoS attack method which imitates legitimate internet traffic. This is a slow-paced attack method which means, generates a slow rate and low volume of traffic. Therefore it is difficult to identify or detect this attack by any anti-dos mitigation system (IDS/IPS, Firewall, Load Balancers etc.). The R.U.D.Y tool detects and exploits the vulnerabilites in HTTP protocol.

The R.U.D.Y tool crawls the web application looking for a form field. After the form is found, the tool generates an HTTP POST request to imitate legitimate form submission. This POST request contains a header which informs the web server that a very lengthy piece of content is about to be submitted. Then the tool executes the process of submitting the form data by breaking it down into packets as small as 1 byte each and sends these packets to the web server in a randomized time interval of 10 seconds each. This process keeps working and the web server connection will be opened to accept these packets, since the web server might consider these requests as from a legitimate user with a slow connection speed submitting form data. Meanwhile the web server’s request handling capacity for the legitimate traffic becomes distrupted.

The after effects or the impact of R.U.D.Y attack can be severe for web servers and web applications. Some of the consequences include Server Overload, Increased Latency, Potential Outage, Resource Depletion etc. Preventing and mitigating R.U.D.Y attack require a multi-faceted approach. Some of them are DDoS Protection Services, Timeout Configuration, Rate Limiting, Connection Throttling, Load Balancing and also ofcourse Regular Monitoring.