In a Multiple Verb Attack, attackers use a variation of the Excessive Verb attack vector. The attacking machines create multiple HTTP requests, not by creating them one after another for example during a single HTTP session attack, but instead by creating a single packet filled with multiple requests. It’s a variant of the Excessive VERB attack whereby the attacker can maintain high CPU processing loads on the victim server with very low attack packet rates. The low packet rates make the attacker nearly invisible to NetFlow attack detection techniques. Also if the attacker selects the HTTP VERB carefully these attacks will also bypass deep packet inspection technologies as well. This attack is viewed as a low-and-slow Application-Layer attack and normally consumes little bandwidth but eventually renders the victim’s servers unresponsive.
