Slow Loris

A cute name for a sneaky attack that can take down a website!

A slow loris is a tiny, fuzzy primate with adorable giant eyes — and venomous saliva! Like its namesake, the Slowloris attack is slow and sneaky, with a nasty bite. It’s one of many kinds of denial-of-service (DoS) attacks.


A traditional DoS attack shuts down a server by spamming it with so much data that the server crashes, or becomes too overwhelmed to respond to legitimate clients. Picture the server as a fast-food restaurant: people line up, order food, and leave. Some sit down at tables to enjoy their meal while others take it to go. When you visit a website, you’re placing an order. You request data and the server asks you questions in a back and forth conversation until you finish your requests.

Like a restaurant, a server has limited capacity. In this case, the precious resource is bandwidth, the amount of data that can be sent per second. Every internet connection, including your own, comes with its own limited bandwidth, which is why it takes longer to download large videos than small text webpages. Often, you can pay extra money to upgrade your bandwidth, so companies with commercial servers buy enough to deal with a typical amount of website traffic.

Now let’s say you’re a hacker, and one of your rivals owns a burger joint. You want your rival to suffer, so you create a horde of fake clients and send them to the restaurant. Your goons place fake order after fake order — not paying for anything, obviously! — and take up all the space in the restaurant so that real customers can’t get in. The restaurant gets so cluttered and messy that it has to temporarily shut down.

Congrats — you just “DoSed” your rival.

Obviously, it’s easier to overwhelm a small mom & pop shop than a giant chain restaurant. Your capacity to do DoS attack is also limited by your bandwidth, the number of fake clients and requests you can make.

The infamous cousin of the DoS attack is the DDoS attack: distributed denial-of-service. Here, multiple computers spam a server with fake requests and together the devices have a lot more bandwidth and can be a lot more destructive. Hackers can also install malware onto a computer to transform them into “zombies” that can be activated to participate in a DDoS attack against the owner’s will. So make sure you keep your antivirus and your anti-malware programs up to date!


Unlike a traditional DoS attack, the Slowloris uses finesse over brute force.

Most websites use the TCP protocol. When they take a client’s request, they make a dedicated connection and keep it active until the client confirms that they’re done. It’s sort of like a phone call, where you can only talk to one person at a time. The main alternative to TCP is UDP, which is more like texting: data can arrive from multiple sources at the same time, in small bursts, and it’s easy to start and stop.

To end a TCP connection, the server must receive a particular set of characters, such as two newline characters. Most TCP connections also have a timeout. If they don’t receive any data within a specified time frame — maybe thirty seconds — they close the connection regardless. Since websites must create a new TCP socket for each client, there’s a limited number of connections they can make.

When you’re doing a Slowloris attack, you never send those two newline characters. Instead, you keep the connection alive, and just before it times out, you send a tiny piece of data — maybe a bite or two — to prevent it from closing. It’s the network equivalent of poking someone just before they drift off to sleep. And if you manage to hog all the TCP sockets, then you effectively prevent any legitimate clients from connecting. Best of all, you use barely any of your own bandwidth.

Going back to the restaurant analogy, instead of sending legions of fake clients, the Slowloris only sends a handful. But these clients are slow. They spent minute after minute deliberating their food choices, until all the customers behind them give up and leave.


During the 2000s, and even today, DoS attacks were used to ransom companies. Hackers threatened to take down websites and prevent people from making money if they refused to pay up.

You definitely shouldn’t be using a DoS attack on anyone, friend or foe. But it’s important to understand how they work, so we can understand how to defend against them. Cybersecurity is all about staying one step ahead of hackers.

Learn More

Slow Loris – Rethinking DoS Attacks

Computerphile: Slow Loris Attack

Computerphile: Denial of service attacks

What is a Slowloris attack

Internet protocols

Denial of Service Attacks

DoS and DDoS Attacks


  • Patricia Foster

    Patricia Foster is a computer science student at Carleton University. In addition to working professionally as a software developer, she spends her time reading and writing.

Also In The December 2019 Issue

30+ ideas for STEAM-theme gifts for kids of all ages!

Visual storytelling apps are a great way for kids to document and explore their lives.

Meet 16-year old Astronaut StarBright, whose activism is inspiring the next generation of STEM fans.

Dive into the first “console wars” and learn how more bits led to bigger and better games.

From the start of computing history, people have tried to optimize the software programming process. This includes having two coders work together to code software.

Explore the solar system and test your knowledge of space through this fun coding activity.

Learn how procedural generation can be used to create infinite maps, music, and worlds to explore.

The Wayback Machine lets you travel back in time to see old websites. Plus the Internet Archive has thousands of vintage games, software, books, and more.

Online research skills are critical for software programmers. It's how you learn any language, by searching for error messages and looking up reference material.

How rural America connected itself to the phone grid using barbed wire, glass bottles, and even corncobs!

Meet Cozmo, the clever new robot that’s bringing AI concepts to life for kids as young as 5-7 years old.

Throw some festive ornaments on a virtual Christmas Tree in this fun introduction to functional programming.

How the Internet of Things could improve education, from VR to accessibility to facial recognition.

No one wants to deal with viruses over the holidays. Here’s how to protect your new devices!

Some digital tools to help you create your own unique, ever-changing symphony with nothing but some code and a computer!

Take a peek into the importance — and the struggle — of getting truly random data.

Interesting stories about computer science, software programming, and technology for December 2019.

Links from the bottom of all the December 2019 articles, collected in one place for you to print, share, or bookmark.

Interested but not ready to subscribe? Sign-up for our free monthly email newsletter with curated site content and a new issue email announcement that we send every two months.

No, thanks!