Logs show incoming attack? What is it?

One of my servers receives a barrage of attacks from a single IP about once per day. (See excerpt from logs below). It seems that they are using http to hit the server and the server sends a &408& error code.


vi /usr/local/apache/logs/access_log
-----------------
61.129.81.37 - - [24/Oct/2002:16:58:29 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:29 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:29 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:30 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:30 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:30 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:30 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:30 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:31 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:31 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:31 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:31 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:31 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:31 -0400] &-& 408 -
61.129.81.37 - - [24/Oct/2002:16:58:32 -0400] &-& 408 -
-----------------

This causes hundreds of HTTP processes to be spurned and the server bogs down and the load average goes up.

I know how to block this once I find it by doing a &null route&. However, I dont even know what the hell this is? How is this asshole causing a &408& error? What is a 408 error?

If anyone has any info, please let me know. If I have more info, maybe I can defeat this loser.

 

I'll bump this up because this is vital and will be useful to all. This seems to be a NEW type of DOS attack that causes the MaxClients error which causes Cpanel to generate an email to warn. It will cause legitimate http (web page) requests to fail and your customers will be pissed.

Don't ignore this. This type of attack is commonly generated from China and seems to be either a DOS or an attempt to flood some buffer to get root access. I am not sure. If there is anyone with more info about this type of attack, please share with us.