Slow NEXT Attack

Slow NEXT attack exploits the persistent connections of HTTP protocol to keep messages alive. In this attack, attacker initiate a seemingly legitimate HTTP request and server process it by seemingly a valid request and transmits a proper response. However, instead of continuing with the data transfer process as expected, attacker remains idle, forcing the server to maintain the established connection and await further instructions (data requests). In this way attacker sends another valid request but after a much longer delay than usual. This delay is typically set to a value that is greater than the server’s timeout value. This keeps the connection open and prevents the server from closing it. The attacker repeats this process multiple times establish many connections with server and sending a series of valid requests each with a long delay. Consequently server keeps the connections to the attacker open even though the attacker is not actually sending any data. This prevents server to accept new connections from normal user(s). To keep the channel open the attacker adds X seconds of bogus waiting time. Fig. illustrate this attack.