will give a CVE id for Slowloris
but not Pyloris.
Trendmicro 'approximated' that one of their IPS signature
“1003598 - Multiple HTTP Server Low Bandwidth Denial Of Service”
deals with both Slowloris & Pyloris.
I used the term 'approximated' because in Trend's signature database,
there is no equivalent CVE id for this signature while most of their
other signatures has a CVE id.
Anyone know if Pyloris has a CVE id & what is the id?
Does TippingPoint has a signature (or in HP's term, it's called
'Digital Vaccine') for Pyloris? We found one for Slowloris but
As TrendMicro's host-based IPS (ie sit inside the servers) has
only one signature to deal with both Slowloris & Pyloris, can
I by the same token, reckon that TippingPoint's vaccine which
deal with Slowloris is likely to be able to deal with Pyloris by
tracking/blocking "Low Bandwidth DoS" ? Reason is we can't
locate any vaccine (or signature) in TippingPoint that specifically
deals with Pyloris. TrendMicro must have run into the same
situation that they use only one signature for both threats.
I'm suspecting it's the behavior/characteristics of both
Pyloris & Slowloris not to take up much bandwidth that
they have a common signature for TrendMicro's IPS