HTTP/2 Protocol Exploited in Largest DDoS Attack Ever

By

The attack relies on a novel HTTP/2 “Rapid Reset” technique.

Google, Cloudflare, and Amazon Web Services have revealed a new zero-day vulnerability known as “HTTP/2 Rapid Reset.”

Attacks exploiting the vulnerability targeted cloud and Internet infrastructure providers and peaked in August. “These attacks were significantly larger than any previously reported Layer 7 attacks, with the largest attack surpassing 398 million requests per second,” Google says.

The attack used a novel “Rapid Reset” technique leveraging the stream multiplexing feature of the widely implemented HTTP/2 protocol.

See further analysis at Google Cloud.

 
 
 

 
 
 

10/12/2023

Related content

  • Distributed denial of service attacks from and against the cloud
    In some particularly sophisticated DDoS attacks, the attackers rely on and target the cloud, allowing attackers to work around conventional defense mechanisms. We explain how a DDoS attack in the cloud works, and how you can defend against it.
  • Denial of Service in the Cloud

    In some particularly sophisticated DDoS attacks, the attackers rely on and target the cloud, which allows them to work around conventional defense mechanisms. We explain how a DDoS attack in the cloud works, and how you can defend against it.

  • News for Admins
    News for system administrators around the world.
  • Building a defense against DDoS attacks
    Targeted attacks such as distributed denial of service, with thousands of computers attacking your servers until one of them caves in, cannot be prevented, but they can be effectively mitigated.
  • Tech News
    Huge DDoS Attack over HTTPS is Discovered and Stopped
comments powered by Disqus