AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Record DDoS attacks: fixes quickly released

HTTP2 vulnerability exploited by large-scale DDoS attacks: here are the solutions

Web server vendors address Rapid Reset vulnerability in HTTP2 protocol that caused DDoS attacks. Fixes have been released for many affected products. Large DDoS attacks have been mitigated thanks to a zero-day vulnerability in the HTTP/2 protocol called HTTP/2 Rapid Reset.

This pill is also available in Italian language

Vendors Rush to Fix Rapid Reset Vulnerability. Web server vendors have worked quickly to respond to a vulnerability in the HTTP2 protocol that Google has detected, which has enabled high-capacity DDoS attacks observed since last August 2023. The vulnerability, identified as CVE-2023-44487, is based on the HTTP2's ability to support multiple streams in a TCP session and is exploited in what Google has called a "Rapid Reset" attack.

The Rapid Reset attack in detail

Essentially, the attacker's client opens a large number of flows per TCP session to the server and immediately cancels them, causing resource exhaustion on the server. "The ability to immediately cancel flows allows each connection to have an infinite number of requests in progress. By explicitly canceling requests, the attacker never exceeds the limit on the number of flows open at the same time," Google's technical post states.

Industry response

Fixes have already been released for a large number of affected products (a complete list is available in the vulnerability's CVE entry). Among the products already fixed are Eclipse's Jetty project, Swift, the NGHTTP2 library, Alibaba's Tengine, Apache Tomcat, some F5 Big-IP products, Bugzilla's Proxmox, FreeBSD, Golang, Facebook's Proxygen, and many others.

Record DDoS attacks and mitigation

Cloudflare, Google, Microsoft and Amazon say they successfully mitigated the largest DDoS attacks ever recorded in August and September, thanks to a zero-day vulnerability in the HTTP/2 protocol called "HTTP/2 Rapid Reset." The attacks exploited HTTP/2's ability to make simultaneous requests to a website over a single connection, immediately sending and canceling "hundreds of thousands" of requests to websites. The attacks overloaded the servers and rendered them inoperable. Google saw the highest traffic spike, with over 398 million requests per second, while Cloudflare and Amazon recorded 201 million and 155 million requests per second, respectively. Microsoft has not disclosed its data. DDoS attacks are common and can cause serious problems, as has been the case with Outlook, AO3, and other major online services.

Follow us on Google News for more pills like this

10/11/2023 11:12

Editorial AI

Last pills

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat