Jump to content
  • Cloudflare, Google, and Amazon explain what’s behind the largest DDoS attacks ever

    aum

    • 339 views
    • 2 minutes
     Share


    • 339 views
    • 2 minutes

    Internet giants say a newly uncovered HTTP/2 vulnerability has been used to launch DDoS attacks that were far beyond any previously recorded.

     

    Cloudflare, Google, Microsoft, and Amazon all say they successfully mitigated what two of the companies called the biggest DDoS layer 7 attacks they’ve recorded in August and September, though none said who the attacks were directed against. The companies say the attacks were possible because of a zero-day vulnerability in the HTTP/2 protocol they’ve named “HTTP/2 Rapid Reset.”

     

    HTTP/2 speeds up page loading by allowing for multiple simultaneous requests to a website over a single connection. Cloudflare writes that these attacks apparently involved an automated cycle of sending and immediately canceling “hundreds of thousands” of requests to websites that use HTTP/2, overwhelming servers and taking them offline.

     

    Google recorded the heaviest assault at over 398 million requests per second, which it says is more than seven times larger than any such attack it has recorded before. (The record was last held by a 2022 attack that “peaked at 46 million requests per second.”) Cloudflare saw 201 million requests per second at the peak, which it also called record-breaking, while Amazon recorded the fewest requests, maxing out at 155 million per second. Microsoft did not disclose its own figures.

     

    DDoS attacks are common — in June, Microsoft reported a large-scale layer 7 attack that downed Outlook for thousands of its users. The same month, fan-fiction website AO3 was also affected by DDoS attacks. A group called Anonymous Sudan claimed credit for both attacks.

     

    Google goes into detail in a blog post about how the attacks worked, so do head over there if you want to roll your sleeves up and read about it.

     

    Update October 10th, 2023, 1:20PM ET: Added that Microsoft has disclosed that its cloud infrastructure was affected as well.

     

    Source

    • Like 3

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...