HTTP Fragmentation Attack


In an HTTP Fragmentation Attack, an attacker establishes a valid connection with a server, and then proceeds to send all of his or her HTTP traffic to the server in small fragments as slowly as possible. Some web servers (such as Apache) have improper timeout mechanisms, and therefore allow for this behavior. The web server is essentially allowing legitimate users with slow or intermittent connections to send their data fragmented to multiple packets. Waiting to receive such malicious user data causes the server to maintain long-lasting sessions and the attackers can cause exhaustion to the server’s connection table, resulting in a denial-of-service condition.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia