The HTML5 PING Attack
HTML 5 has introduced many positive changes to web page structure and functionality. One of these has allowed web developers to send a small request (i.e. a ping) to a secondary location when a link is clicked.
The ping itself is just a simple, rather small, HTTP POST request, and is in itself a helpful feature, but DDoS attackers have found a way to abuse it.
By specifying the victim of the attack as the location to be pinged and using social engineering to trick users into clicking the link, they are able to generate a large amount of traffic towards the victim.
Mitigating HTML5 PING Attacks
On the mitigation side, HTML 5 PING creates a specific looking POST request and we therefore imagine it should be fairly simple to block. More over, if you are protected against HTTP POST in general, you should be protected against this attack vector as well.