AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Record DDoS attacks: fixes quickly released

HTTP2 vulnerability exploited by large-scale DDoS attacks: here are the solutions

Web server vendors address Rapid Reset vulnerability in HTTP2 protocol that caused DDoS attacks. Fixes have been released for many affected products. Large DDoS attacks have been mitigated thanks to a zero-day vulnerability in the HTTP/2 protocol called HTTP/2 Rapid Reset.

This pill is also available in Italian language

Vendors Rush to Fix Rapid Reset Vulnerability. Web server vendors have worked quickly to respond to a vulnerability in the HTTP2 protocol that Google has detected, which has enabled high-capacity DDoS attacks observed since last August 2023. The vulnerability, identified as CVE-2023-44487, is based on the HTTP2's ability to support multiple streams in a TCP session and is exploited in what Google has called a "Rapid Reset" attack.

The Rapid Reset attack in detail

Essentially, the attacker's client opens a large number of flows per TCP session to the server and immediately cancels them, causing resource exhaustion on the server. "The ability to immediately cancel flows allows each connection to have an infinite number of requests in progress. By explicitly canceling requests, the attacker never exceeds the limit on the number of flows open at the same time," Google's technical post states.

Industry response

Fixes have already been released for a large number of affected products (a complete list is available in the vulnerability's CVE entry). Among the products already fixed are Eclipse's Jetty project, Swift, the NGHTTP2 library, Alibaba's Tengine, Apache Tomcat, some F5 Big-IP products, Bugzilla's Proxmox, FreeBSD, Golang, Facebook's Proxygen, and many others.

Record DDoS attacks and mitigation

Cloudflare, Google, Microsoft and Amazon say they successfully mitigated the largest DDoS attacks ever recorded in August and September, thanks to a zero-day vulnerability in the HTTP/2 protocol called "HTTP/2 Rapid Reset." The attacks exploited HTTP/2's ability to make simultaneous requests to a website over a single connection, immediately sending and canceling "hundreds of thousands" of requests to websites. The attacks overloaded the servers and rendered them inoperable. Google saw the highest traffic spike, with over 398 million requests per second, while Cloudflare and Amazon recorded 201 million and 155 million requests per second, respectively. Microsoft has not disclosed its data. DDoS attacks are common and can cause serious problems, as has been the case with Outlook, AO3, and other major online services.

Follow us on Threads for more pills like this

10/11/2023 11:12

Marco Verro

Last pills

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report

AT&T: data breach discovered that exposes communications of millions of usersDigital security compromised: learn how a recent AT&T data breach affected millions of users

New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediately

Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromises