[Owasp-leaders] Latest HTTP POST Layer 7 DDOS attack technique

Wong Onn Chee ocwong at usa.net
Thu Nov 19 23:56:52 EST 2009

Hi folks,

Not sure whether this is of interest to all of you, but I will like to
bring to everyone's attention regarding a latest DDOS attack technique
against web servers.

This attack technique uses HTTP POST, operates at Layer 7 and is highly
evasive against today's detection capabilities.
One only needs 60,000 such connections to bring down an IIS web server
regardless of the hardware specs.
A lesser number is required to DDOS a Apache server.

If you are interested in more information, please contact me off-list,
so as not to spam everyone.
Thank you for your time.

Onn Chee
Chapter Lead
OWASP Singapore.

More information about the OWASP-Leaders mailing list