Slow READ Attack

Slow Read attack work by sending seemingly normal HTTP requests to a server for a large resource, like an audio or video. However, the attacker manipulates the TCP window size parameter by setting it to an extremely small value.

By restricting the window size the attacker forces the server to send the response in tiny fragments, significantly slowing down the process and consuming server resources. This is because the server has to wait for an acknowledgment from the client before it can send more data. However, the client is not sending acknowledgments very quickly because it has set the TCP window size to a small value in TCP SYN packet initially sent to the server. As a result the attacker keeps the connection open for extended period, consuming server resources and preventing legitimate users from accessing the service.