HTTP/2 Protocol Exploited in Largest DDoS Attack Ever
Google, Cloudflare, and Amazon Web Services have revealed a new zero-day vulnerability known as “HTTP/2 Rapid Reset.”
Attacks exploiting the vulnerability targeted cloud and Internet infrastructure providers and peaked in August. “These attacks were significantly larger than any previously reported Layer 7 attacks, with the largest attack surpassing 398 million requests per second,” Google says.
The attack used a novel “Rapid Reset” technique leveraging the stream multiplexing feature of the widely implemented HTTP/2 protocol.
See further analysis at Google Cloud.
Related content
-
Distributed denial of service attacks from and against the cloud
In some particularly sophisticated DDoS attacks, the attackers rely on and target the cloud, allowing attackers to work around conventional defense mechanisms. We explain how a DDoS attack in the cloud works, and how you can defend against it. -
News for Admins
In the news: Red Hat Announces Ansible Lightspeed with IBM watsonx Code Assistant; Dell APEX Cloud Platform for Red Hat OpenShift Announced; NSA Offers Best Practices for OSS in Operational Technology Environments; Civil Infrastructure Platform Adds New Super-Long-Term Linux Kernel; HTTP/2 Protocol Exploited in Largest DDoS Attack Ever; Docker Announces Three New Products for Secure App Delivery; CloudBees Updates Jenkins and Offers New DevSecOps Platform; Linkerd 2.14 Released with Improved Multi-Cluster Support; NIST Releases Draft of Cybersecurity Framework v2.0; CISA and MITRE Announce Open Source Caldera for OT
-
Denial of Service in the Cloud
In some particularly sophisticated DDoS attacks, the attackers rely on and target the cloud, which allows them to work around conventional defense mechanisms. We explain how a DDoS attack in the cloud works, and how you can defend against it.
-
Denial of service defense
Slowloris can help you harden your web servers against denial-of-service attacks that restrict the availability of web services. -
News for Admins
News for system administrators around the world.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Focus On Self-Hosting
• Self-Hosted PaaS with Coolify
• Build and Host Docker Images
• Self-Hosted Pritunl VPN Server with MFA
• Self-Hosted Chat Servers
• Self-Hosted Remote Support with RustDesk
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
