This is a technique in which one machine opens a port on a webserver (function port 80 only) and than another and another and another untill there are none left and no one else can access this server. It can do so because it only sends partial requests and the server keeps its connections open waiting for the rest of the datapackage - which will never come. THe longer the server waits for the other data the easier it is to bring it down for a certain period of time. And if you thought that this isn't important how much would your ecommerce lose if it wasn't accessable for let's say an hour at it highest selling moment ? The investment for the attacker is very minimal (one linux box and a dsl), the effect is guaranteed and the chances that the attacker is discovered are minimal to nonexistant.
But as we are reading through the documentation and comments on the original hackersblog there are some things that become clear
* The apache people don't understand how IIS manages at being immune for this kind of attack
* proxies and IPtables and load balancers have no use against this attack if one doesn't put a specialized DDOS defenderbox before it. This seems now to be a new appliance one should put before the rest of all the infrastructure (not behind it) and it could also be a single point of failure it is isn't hardened and patched itself
* Sun webservers also seem vulnerable
* Nor IPtables nor the different modules for Apache that should protect against it do so because they don't work in a sequential way, this is to say they don't control the IP address of the host that asks for another connection and don't refuse it if the same Ip address has already an open connection. IIS does so without modules.
This means it even more dangerous if it is being launched by a botnet with fastchanging IP addresses
Maybe one should place the content on a technological failover system. If IIS fails you go to Apache and vice versa.
Apache has no clue and no news about patches or solutions.
If you go to IIS, go to IIS 7 or higher. IIS 6 is insecure an sich. Just as a Lada is in traffic.