October 10, 2023 at 11:30AM – HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks

October 10, 2023 at 11:30AM

Amazon Web Services (AWS), Cloudflare, and Google have taken measures to address a new distributed denial-of-service (DDoS) attack technique called HTTP/2 Rapid Reset. The attacks, which exploited a flaw in the HTTP/2 protocol, affected the companies’ cloud infrastructures. The attacks overloaded servers by sending and canceling requests in quick succession, overwhelming their capacity to respond. This new technique poses a significant threat and organizations are advised to take proactive steps to protect their systems. It is important to patch vulnerabilities and limit the number of concurrent streams.

Key Takeaways from the Meeting Notes:

– Amazon Web Services (AWS), Cloudflare, and Google have taken steps to mitigate distributed denial-of-service (DDoS) attacks using a novel technique called HTTP/2 Rapid Reset.
– The layer 7 attacks were detected in late August 2023 and are being tracked as CVE-2023-44487, with a CVSS score of 7.5.
– The attacks aimed at Google’s cloud infrastructure peaked at 398 million requests per second (RPS), while those aimed at AWS and Cloudflare reached volumes of 155 million and 201 million RPS, respectively.
– HTTP/2 Rapid Reset exploits a zero-day flaw in the HTTP/2 protocol to carry out DDoS attacks, leveraging the ability to send and cancel requests in quick succession.
– By initiating a large number of HTTP/2 streams and canceling them rapidly, threat actors can overwhelm websites and take them offline.
– These attacks can be executed using a modestly-sized botnet, such as 20,000 machines.
– HTTP/2 is widely used, with 35.6% of websites using it, and 77% of requests utilizing HTTP/2.
– There are multiple variants of the Rapid Reset attacks, with some being more efficient than standard HTTP/2 DDoS attacks.
– F5 has advised customers to update their NGINX configuration to limit the number of concurrent streams and persist HTTP connections.
– Organizations should assume systems will be tested and take proactive measures to ensure protection against these attacks.

Full Article – https://ift.tt/OW3S0oI