Resources Banner

Glossary - H

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 

HTTP Fragmentation

In this attack, the BOT (non-spoofed) establishes a valid HTTP connection with a web server. The BOT proceeds to fragment legitimate HTTP packets into tiny fragments, sending each fragment as slow as the server time out allows, holding up the HTTP connection for a long time without raising any alarms. For Apache and many other web servers designed with improper time-out mechanisms, this HTTP session time can be extended to a very long time period. By opening multiple extended sessions per BOT, the attacker can silently stop a web service with just a handful of BOTs.