I did some work a while back on using pessimistically constructed SACKs to DoS any webserver that needed to serve up largeish responses. It uses bog standard simple HTTP requests. In addition to tie-ing up fixed server resources for a long time you can severely tax the server CPU over the same period.
I haven't been following SACK all that closely since, but I'm not aware of anything that would have changed it. But there are a good dozen active DoS vectors at any given time, so the whole category is a hard one to get too worked up about.