Samy Duc aka deckardfr with courtesy of TAD. Slow-released : Demonstrator for slow HTTP POST denial of service

During POST, web servers check HTTP header attribute "Content-Length" value. Slow web client (rnis, 56k, 3G) sends data with small burst of data. So it performs multiple post request to send large amount of file. Web servers keep open the tcp connection for them long enough to finish the transmission. Problem : what happens if i send one byte and do not send any additionnal data with a wrong length value. It can perform slow released V2, aka sending one more byte just before the webserver timeout value for inactive link, to keep it open. It is a DDOS attack with low bandwith load.