Full title: Apache/IIS/nginx Multiple HTTP Servers (Memory Exhaustion) DoS 
Category: dos / poc
Platform: multiple
The attack involves making requests to the web server via HTTP pipelining and closing the connection before receiving a response, it causes the thread/fork is not advised and continue processing the request (before attempting to send the response), the attack requires that the server has a significant delay to make more threads/forks with few connections and consume a maximum of resources.

The attack exploits the retransmissions and half closed states (CLOSE_WAIT, TIME_WAIT, FIN_WAIT, etc...) of the TCP stack.

Yes, this attack can be used for many other services, not just HTTP :D.

Recommendation: it's fun to attack with PHP files on the server :P

Why firewalls can not easily stop this attack?
Because we do not use too many connections "established" to cause DoS :D

Note: The effect of the attack may vary from server to server

TCP Stack: http://www.youtube.com/watch?v=aZvGZXiqx5I

# 0day.today @ http://0day.today/