HTTP/2 Protocol Exploited in Largest DDoS Attack Ever
Google, Cloudflare, and Amazon Web Services have revealed a new zero-day vulnerability known as “HTTP/2 Rapid Reset.”
Attacks exploiting the vulnerability targeted cloud and Internet infrastructure providers and peaked in August. “These attacks were significantly larger than any previously reported Layer 7 attacks, with the largest attack surpassing 398 million requests per second,” Google says.
The attack used a novel “Rapid Reset” technique leveraging the stream multiplexing feature of the widely implemented HTTP/2 protocol.
See further analysis at Google Cloud.
10/12/2023