HTTP/2 Protocol Exploited in Largest DDoS Attack Ever


The attack relies on a novel HTTP/2 “Rapid Reset” technique.

Google, Cloudflare, and Amazon Web Services have revealed a new zero-day vulnerability known as “HTTP/2 Rapid Reset.”

Attacks exploiting the vulnerability targeted cloud and Internet infrastructure providers and peaked in August. “These attacks were significantly larger than any previously reported Layer 7 attacks, with the largest attack surpassing 398 million requests per second,” Google says.

The attack used a novel “Rapid Reset” technique leveraging the stream multiplexing feature of the widely implemented HTTP/2 protocol.

See further analysis at Google Cloud.




Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=