top of page

Aviraj Dongare

  • LinkedIn
  • Instagram
  • X
  • Facebook
Screenshot 2025-06-12 at 4.57.55 PM.png

Indian Institute of Technology

Department of Computer Science & Engineering

Research Intern (Network Security) - 2023

640px-Slowloris_DDOS.png

Understanding the Threat

Slowloris attacks silently drain server resources by keeping connections open, often bypassing traditional DDoS defenses.

Their subtle nature makes them hard to detect but highly disruptive. 

Slowloris Attack_ A Comprehensive Overview - visual selection.png

Incomplete requests consume resources, blocking legitimate users 

Layered Defense Strategy Funnel

Built a multi-tiered defense to counter Slowloris attacks by layering Nginx buffering, Apache timeout tuning, packet-level filtering, and dynamic IP banning. Each layer filters traffic independently, creating a narrowing funnel that blocks malicious connections while preserving legitimate ones, ensuring stable server performance under sustained, low-bandwidth attacks.

The Defense Grid – IIT Indore - visual selection (2).png
Defending Against Cyber Attacks_ A Comprehensive Overview - visual selection (2).png

  • Target Environment: Legacy Linux servers without cloud-native WAFs or CDN-level protection.

  • Problem Defined: Application-layer DoS via slow, persistent HTTP headers escaping traditional bandwidth-based detection.

  • Key Requirements:

    • Low overhead, self-contained mitigation stack

    • Compatibility with Apache/Nginx stack

    • Configurable timeout + connection thresholds

  • Engineering Decisions:

    • Chose Nginx as reverse proxy for early connection buffering

    • Hardened Apache with mod_reqtimeout for idle-session termination

    • Integrated Fail2Ban for automated IP-level banning

    • Used Wireshark logs for attack pattern validation

    • Ran A/B tests on timeout + threshold configs to optimize impact

  • Scope Constraints: No access to CDN/WAF or kernel-level firewall customization.

PRD Highlights

  • Maintained ≥99% server uptime during sustained simulated Slowloris attacks

  • Dropped over 80% of idle open connections within defined timeout thresholds

  • Kept CPU overhead under 10%, ensuring stability on low-resource VMs

  • Achieved ≤5% false positives, maintaining access for legitimate users

  • Successfully integrated mitigation stack with no external tools, built entirely on open-source solutions

  • Delivered a replicable, modular defense strategy tailored for legacy Apache infrastructure

Project Outcomes

Screenshot 2025-07-09 at 2.37.38 PM.png
© 2025 Aviraj Dongare. All rights reserved.

© 2025 Aviraj Dongare. All rights reserved.

  • LinkedIn
  • Instagram
  • X
  • Facebook
bottom of page