HTTP/2 Rapid Reset

A zero-day vulnerability in the HTTP/2 protocol was found that allowed for a record-breaking DDoS attack, surpassing 398 million requests per second.
  • The flaw, known as CVE-2023-44487 or "Rapid Reset," was disclosed by Google, Cloudflare, and AWS.
  • The Rapid Reset attack leverages stream multiplexing in HTTP/2 to flood servers with more requests than previously possible. Attackers quickly reset the stream after making a request, bypassing the maximum number of allowable streams and making servers process an overwhelming number of requests.
  • Google has outlined how the attack works and how it bypasses traditional defenses. There are also variants of this attack, with one not immediately canceling streams and the other trying to open more streams than allowed by the server.
What we did (and do) to mitigate.
  1. Update and Patch: We ensure that all your systems are updated and have the latest patches, especially for the HTTP/2 protocol vulnerability.
  2. We are not using HTTP/2 protocol, so you are unaffected by the vulnerability. 
  3. We do Monitor Traffic Patterns regularly to detect unusual patterns. Rapid bursts of requests with immediate resets should raise a red flag.
  4. WAF and DDoS Protection Services:  We use a Web Application Firewall (WAF)
  5. Analyze Botnet Traffic: As the attack was done using a relatively smaller botnet, keeping an eye out for patterns indicative of a smaller, more aggressive botnet might help in early detection.
  6. Backup and Redundancy: We ensure you have a robust backup and redundancy system in place. This way, if one system is overwhelmed, another can take its place, ensuring continuity of service.
  7. Incident Response Plan: We do follow a detailed incident response plan for scenarios like this, so when an attack occurs, our team knows exactly how to respond, both technically and from a communication standpoint.
By proactively implementing these measures and staying informed about evolving threats, we can better protect our servers and networks from advanced DDoS attacks like Rapid Reset.
Should you use Cloudflare to further protect your platform?
While Cloudflare is one of the leading companies providing DDoS mitigation solutions, your choice should be based on a comprehensive analysis of your specific needs, infrastructure, and potential threats. 
  •         Cloudflare is renowned for its robust DDoS protection capabilities.
  •         They have a vast network, which can distribute and mitigate massive DDoS attacks.
  •         They offer additional services, including WAF, CDN, and more.
  •         Given that they disclosed the vulnerability, they will likely have specific defenses against this attack.
  •         *Like any third-party solution, there might be costs involved, depending on your traffic and specific requirements.
  •         Implementing Cloudflare or any other third-party solution requires technical integration which, while usually straightforward, may still introduce complexities.
In conclusion, Cloudflare is certainly a strong option for DDoS mitigation
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us