Yes, the fun is to figure out what they're using and exploit it. HTTP is a terrible format to parse, with lots of idiotic extra features that have no legitimate usage. But it'd be fairly easy for them to harden things, just abort if they run into anything weird.
Which may be a way around this. Run a local proxy that does stuff like use line folding, comments in headers, and other things to make their parse code abort. Of course, you then run the risk of breaking compatibility with actual HTTP servers (with good reason-those are bad features and such messages are probably an attack). And of course the ISP can always fix their code.
Which may be a way around this. Run a local proxy that does stuff like use line folding, comments in headers, and other things to make their parse code abort. Of course, you then run the risk of breaking compatibility with actual HTTP servers (with good reason-those are bad features and such messages are probably an attack). And of course the ISP can always fix their code.