You can find the technical details at http://isc.sans.org/diary.html?storyid=6601 as reported by handler Bojan Zdrnja today on the ISC diary.
It’s a surprisingly simple attack (the handler points out that even an attacker on a slow connection could easily DoS an Apache server on a fast connection) but considering that it affects the older 1.x branch of Apache, one wonders how it could have taken this long to give rise to a tool and subsequent report. Then again, one wonders why IIS 6 and 7 aren’t affected — did Microsoft ignore the specifications for HTTP requests, or, like the report claims, does IIS act more like a reverse proxy with the web server behind it, preventing the DoS from occuring?
