placeholder

HTTP/2 Rapid Reset: deconstructing the record-breaking attack

This post dives into the details of the HTTP/2 protocol, the feature that attackers exploited to generate the massive Rapid Reset attacks, and the mitigation strategies we took to ensure all our customers are protected

Click to view the original at blog.cloudflare.com

Hasnain says:

“and eventually peaked just above 201 million requests per second. This was nearly 3x bigger than our previous biggest attack on record.

Concerning is the fact that the attacker was able to generate such an attack with a botnet of merely 20,000 machines. There are botnets today that are made up of hundreds of thousands or millions of machines. Given that the entire web typically sees only between 1–3 billion requests per second, it's not inconceivable that using this method could focus an entire web’s worth of requests on a small number of targets.”

Posted on 2023-10-10T15:45:23+0000