Carding 4 Carders
Professional
Even relatively small botnets can now wreak havoc.
A new DDoS attack technology called "HTTP/2 Rapid Reset" has been actively used as a zero-day attack since August of this year, breaking all previous records in terms of scale.
The Rapid Reset news comes today as coordinated reports from AWS, Cloudflare , and Google report mitigating attacks reaching 155 million requests per second according to Amazon, 201 million requests per second according to Cloudflare, and 398 million requests per second according to Google.
It is noteworthy that to achieve this power, a relatively small botnet network of 20 thousand machines was used. But there are botnets of hundreds of thousands or even millions of devices. What happens if they start using Rapid Reset in their attacks?
Be that as it may, Cloudflare experts report that since August of this year, they have already recorded more than a thousand different DDoS attacks using the "HTTP/2 Rapid Reset"method.
This new method exploits a zero-day vulnerability tracked as CVE-2023-44487 . It exploits a flaw in the HTTP / 2 protocol by using the thread cancellation feature to continuously send and cancel requests, which instantly overloads the target server.
HTTP / 2 provides protection in the form of a parameter that limits the number of simultaneously active threads to prevent DoS attacks, but this is not always effective.
Google explained: "The protocol does not require the client and server to coordinate cancellation, the client can do it independently." Hence, such a massive flow of requests — there are almost no delays for malicious exploitation of the target server.
Cloudflare reports that HTTP / 2 proxies and load balancers are particularly vulnerable to such attacks. According to the company's observations, these ongoing attacks have resulted in an increase in 502 (Bad Gateway) errors among Cloudflare customers.
To repel attacks, Cloudflare used the "IP Jail" system, which blocks malicious IP addresses by restricting their access to HTTP / 2 for all Cloudflare domains for a certain time. Amazon also successfully resisted dozens of similar digital attacks, emphasizing that the company's services remained available during the attacks.
To counter HTTP/2 Rapid Reset attacks, all three companies recommend that their customers use all available tools to protect against HTTP attacks and strengthen their DDoS resistance in a variety of ways.
Cloudflare in a separate message indicated that the silence about this vulnerability lasted more than a month to give security vendors as much time as possible to respond.
"Today is the day when it is necessary to disclose information about this threat," Cloudflare concluded.
A new DDoS attack technology called "HTTP/2 Rapid Reset" has been actively used as a zero-day attack since August of this year, breaking all previous records in terms of scale.
The Rapid Reset news comes today as coordinated reports from AWS, Cloudflare , and Google report mitigating attacks reaching 155 million requests per second according to Amazon, 201 million requests per second according to Cloudflare, and 398 million requests per second according to Google.
It is noteworthy that to achieve this power, a relatively small botnet network of 20 thousand machines was used. But there are botnets of hundreds of thousands or even millions of devices. What happens if they start using Rapid Reset in their attacks?
Be that as it may, Cloudflare experts report that since August of this year, they have already recorded more than a thousand different DDoS attacks using the "HTTP/2 Rapid Reset"method.
This new method exploits a zero-day vulnerability tracked as CVE-2023-44487 . It exploits a flaw in the HTTP / 2 protocol by using the thread cancellation feature to continuously send and cancel requests, which instantly overloads the target server.
HTTP / 2 provides protection in the form of a parameter that limits the number of simultaneously active threads to prevent DoS attacks, but this is not always effective.
Google explained: "The protocol does not require the client and server to coordinate cancellation, the client can do it independently." Hence, such a massive flow of requests — there are almost no delays for malicious exploitation of the target server.
Cloudflare reports that HTTP / 2 proxies and load balancers are particularly vulnerable to such attacks. According to the company's observations, these ongoing attacks have resulted in an increase in 502 (Bad Gateway) errors among Cloudflare customers.
To repel attacks, Cloudflare used the "IP Jail" system, which blocks malicious IP addresses by restricting their access to HTTP / 2 for all Cloudflare domains for a certain time. Amazon also successfully resisted dozens of similar digital attacks, emphasizing that the company's services remained available during the attacks.
To counter HTTP/2 Rapid Reset attacks, all three companies recommend that their customers use all available tools to protect against HTTP attacks and strengthen their DDoS resistance in a variety of ways.
Cloudflare in a separate message indicated that the silence about this vulnerability lasted more than a month to give security vendors as much time as possible to respond.
"Today is the day when it is necessary to disclose information about this threat," Cloudflare concluded.
