This type of denial of service attack allows a single machine to take down another machine’s web server with minimal bandwidth.This type of attack tries to keep as many possible connections to the target machine via the web server. This is accomplished by sending framented packets to the target. Periodically after the establishment of the connection, it will send HTTP header(s), but never completing the actual request. The default timeout is 300 seconds, so by including Keep-Alive in the headers and also with the gesture of fragmented packets, the server will wait for the session to timout and eventally filling up the maximum concurrent connection pool(all threads are busy at this time), thus DOSed.
Couple of days ago i wrote an app to automate this attack and will be published soon. Anyways its demo time!