Photo by Amelia Holowaty Krales / The Verge
Cloudflare, Google, and Amazon all say they successfully mitigated what two of the companies called the biggest DDoS layer 7 attacks they’ve recorded in August and September, though none said who the attacks were directed against. The companies say the attacks were possible because of a zero-day vulnerability in the HTTP/2 protocol they’ve named “HTTP/2 Rapid Reset.”
HTTP/2 speeds up page loading by allowing for multiple simultaneous requests to a website over a single connection. Cloudflare writes that these attacks apparently involved an automated cycle of sending and immediately canceling “hundreds of thousands” of requests to websites that use HTTP/2, overwhelming servers and taking them offline.
Google recorded the heaviest…
The Verge – All Posts
