AI DevwWrld Chatbot Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Middle East Low Code No Code Summit TimeAI Summit

Record DDoS attacks: fixes quickly released

HTTP2 vulnerability exploited by large-scale DDoS attacks: here are the solutions

Web server vendors address Rapid Reset vulnerability in HTTP2 protocol that caused DDoS attacks. Fixes have been released for many affected products. Large DDoS attacks have been mitigated thanks to a zero-day vulnerability in the HTTP/2 protocol called HTTP/2 Rapid Reset.

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

This pill is also available in Italian language

Vendors Rush to Fix Rapid Reset Vulnerability. Web server vendors have worked quickly to respond to a vulnerability in the HTTP2 protocol that Google has detected, which has enabled high-capacity DDoS attacks observed since last August 2023. The vulnerability, identified as CVE-2023-44487, is based on the HTTP2's ability to support multiple streams in a TCP session and is exploited in what Google has called a "Rapid Reset" attack.

The Rapid Reset attack in detail

Essentially, the attacker's client opens a large number of flows per TCP session to the server and immediately cancels them, causing resource exhaustion on the server. "The ability to immediately cancel flows allows each connection to have an infinite number of requests in progress. By explicitly canceling requests, the attacker never exceeds the limit on the number of flows open at the same time," Google's technical post states.

Industry response

Fixes have already been released for a large number of affected products (a complete list is available in the vulnerability's CVE entry). Among the products already fixed are Eclipse's Jetty project, Swift, the NGHTTP2 library, Alibaba's Tengine, Apache Tomcat, some F5 Big-IP products, Bugzilla's Proxmox, FreeBSD, Golang, Facebook's Proxygen, and many others.

Record DDoS attacks and mitigation

Cloudflare, Google, Microsoft and Amazon say they successfully mitigated the largest DDoS attacks ever recorded in August and September, thanks to a zero-day vulnerability in the HTTP/2 protocol called "HTTP/2 Rapid Reset." The attacks exploited HTTP/2's ability to make simultaneous requests to a website over a single connection, immediately sending and canceling "hundreds of thousands" of requests to websites. The attacks overloaded the servers and rendered them inoperable. Google saw the highest traffic spike, with over 398 million requests per second, while Cloudflare and Amazon recorded 201 million and 155 million requests per second, respectively. Microsoft has not disclosed its data. DDoS attacks are common and can cause serious problems, as has been the case with Outlook, AO3, and other major online services.

Follow us on Telegram for more pills like this

10/11/2023 11:12

Editorial AI

Last pills

Global blow to cybercrime: a major ransomware network has fallenCybercriminal organization busted: a success for global cybersecurity

Crisis in aviation: Rosaviatsia targeted by cyberattackCyber attack exposes vulnerability of Russian aviation sector

Introduction to the new SysJoker threatIn-depth analysis reveals evolutions and risks of SysJoker cross-platform malware

Cybersecurity strategies compared between Taiwan and JapanStrengthening digital defenses in the information age