Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎10-10-2023 07:53 PM
‎10-10-2023 07:53 PM

HTTP-2 Rapid Reset - Distributed Denial of Service

Hi All

 

A new DDoS (distributed denial of service) technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since August, breaking all previous records in magnitude.

 

News of the zero-day technique comes as a coordinated announcement today between Amazon Web Services, Cloudflare, and Google, who report mitigating attacks reaching 155 million requests per second (Amazon), 201 million rps (Cloudflare), and a record-breaking 398 million rps (Google).

 

Google says they were able to mitigate  these new attacks by adding further capacity on the edge of their network.

 

https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-re...

 

Regards

 

Caute_Cautim

Labels
Reply
2 Replies
ericgeater
Community Champion
‎10-11-2023 08:22 AM
‎10-11-2023 08:22 AM

How widely used is HTTP2?  I think this was the first time I'd heard the term.

 

Also, Amazon doesn't share much details, but they did write up a response to the event.

-----------
A claim is as good as its veracity.
Reply
Caute_cautim
Community Champion
‎10-11-2023 07:15 PM
‎10-11-2023 07:15 PM

@ericgeaterDark Reading has also issued a follow up too and explanation:  Along with CVE details:

 

https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event

 

Regards

 

Caute_Cautim

Reply