Samy Duc aka deckardfr with courtesy of TAD.
Slow-released : Demonstrator for slow HTTP POST denial of service

During POST, web servers check HTTP header attribute "Content-Length" value.
Slow web client (rnis, 56k, 3G) sends data with small burst of data. So it performs
multiple post request to send large amount of file. Web servers keep open the tcp
connection for them long enough to finish the transmission.
Problem : what happens if i send one byte and do not send any additionnal data with
a wrong length value. It can perform slow released V2, aka
sending one more byte just before the webserver timeout value for inactive link, to
keep it open. It is a DDOS attack with low bandwith load.