a website i used to maintain has seen the attack on a number of times in the past. a single ip opens
many connections, each of which dont seem to be doing anything... first time around was roughly 2
years ago IIRC
it happened too rarely to warrant the implementation of mod_qos/mod_security, but i expect it would
have worked fine. the ad-hoc solution was a firewall block on the offending ip.
does someone know of an mpm, which implements IIS's behavior?