0-day attacks using “keep-alive” connections