[Owasp-leaders] Latest HTTP POST Layer 7 DDOS attack technique

Dinis Cruz dinis.cruz at owasp.org
Fri Nov 20 00:40:12 EST 2009


Hi wong, have you contacted Microsoft & the Apache Foundation  
regarding these issues?

If so, what was their response?

Dinis Cruz

On 20 Nov 2009, at 04:56, Wong Onn Chee <ocwong at usa.net> wrote:

> Hi folks,
>
> Not sure whether this is of interest to all of you, but I will like to
> bring to everyone's attention regarding a latest DDOS attack technique
> against web servers.
>
> This attack technique uses HTTP POST, operates at Layer 7 and is  
> highly
> evasive against today's detection capabilities.
> One only needs 60,000 such connections to bring down an IIS web server
> regardless of the hardware specs.
> A lesser number is required to DDOS a Apache server.
>
> If you are interested in more information, please contact me off-list,
> so as not to spam everyone.
> Thank you for your time.
>
>
> Regards,
> Onn Chee
> Chapter Lead
> OWASP Singapore.
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list