Rapid Reset: the record-breaking DDoS attack mitigated
Feb 22, 2024 0:05:50 GMT -8
Post by account_disabled on Feb 22, 2024 0:05:50 GMT -8
A vulnerability in the HTTP/2 protocol, called βRapid Resetβ, has been exploited in recent months to perpetrate DDoS attacks with record-breaking potential. Cloudflare, a powerful CDN (content delivery network) tool that acts as a filter between the Open Internet and a website, immediately monitored the progress of the attack. Check out Cloudflare Content index: The HTTP/2 DDoS attack HTTP/2 protocol vulnerability Cloudflare and DDoS attacks The HTTP/2 DDoS attack At the end of August, Cloudflare systems began to detect anomalous HTTP attacks which gradually reached record sizes, recording a peak of more than 201 million requests per second. This value far exceeds the scale of the record attack seen in February (71 million requests per second).
What has caused concern is the fact that cyber criminals managed Rich People Phone Number List to perpetrate this attack using a botnet of just 20,000 machines. The impact on CDN-protected website traffic affected approximately 1% of requests. Although this was a new vector, Cloudflare's protection measures were initially able to absorb the scale of the DDoS attack and, over time, were refined to ensure that the attack did not affect Cloudflare's infrastructure and the availability of web projects. HTTP/2 protocol vulnerability These attacks were orchestrated by exploiting a vulnerability in the HTTP/2 protocol that involves rapid initiation and cancellation of flows. To do this, attackers establish a set of HTTP/2 connections and send requests immediately followed by reset (RST_STREAM frame), which allows them to saturate the server without reaching the concurrent stream threshold.
In fact, when a client cancels a stream, it immediately gets the ability to open another stream in its place, thus being able to immediately send another request. The server can only be reset as this is an action taken unilaterally by the client. In addition to Cloudflare, Google services (which recorded a record 398 million requests per second) and Amazon (155 million requests per second) were also targeted by the DDoS attack. It is worth highlighting, as Google indicates, that the wave of attacks began at the end of August but is still in action. Cloudflare and DDoS attacks Cloudflare had already developed systems to address hyper volumetric attacks, including IP Jail .
What has caused concern is the fact that cyber criminals managed Rich People Phone Number List to perpetrate this attack using a botnet of just 20,000 machines. The impact on CDN-protected website traffic affected approximately 1% of requests. Although this was a new vector, Cloudflare's protection measures were initially able to absorb the scale of the DDoS attack and, over time, were refined to ensure that the attack did not affect Cloudflare's infrastructure and the availability of web projects. HTTP/2 protocol vulnerability These attacks were orchestrated by exploiting a vulnerability in the HTTP/2 protocol that involves rapid initiation and cancellation of flows. To do this, attackers establish a set of HTTP/2 connections and send requests immediately followed by reset (RST_STREAM frame), which allows them to saturate the server without reaching the concurrent stream threshold.
In fact, when a client cancels a stream, it immediately gets the ability to open another stream in its place, thus being able to immediately send another request. The server can only be reset as this is an action taken unilaterally by the client. In addition to Cloudflare, Google services (which recorded a record 398 million requests per second) and Amazon (155 million requests per second) were also targeted by the DDoS attack. It is worth highlighting, as Google indicates, that the wave of attacks began at the end of August but is still in action. Cloudflare and DDoS attacks Cloudflare had already developed systems to address hyper volumetric attacks, including IP Jail .