In recent months, a groundbreaking cyber threat has emerged, shaking the foundations of web security and challenging major cloud infrastructure providers. Exploiting a vulnerability in the widely-used HTTP/2 web communication protocol, attackers have unleashed a series of massive Distributed Denial-of-Service (DDoS) assaults.
Unraveling the HTTP/2 Rapid Reset Vulnerability
Termed the “HTTP/2 Rapid Reset,” this sophisticated attack leverages the stream multiplexing feature of HTTP/2, allowing multiple HTTP requests to be sent concurrently over a single TCP transport connection. The attackers have honed in on the protocol’s stream resetting capability, specifically the RST_STREAM frames, enabling them to overwhelm servers with an unprecedented scale of DDoS requests.
In the traditional HTTP/1.1 protocol, requests are processed serially, one after the other. However, HTTP/2’s stream multiplexing allows for parallel processing, enhancing efficiency in legitimate scenarios. Unfortunately, this efficiency has become a double-edged sword, as cybercriminals exploit the protocol’s features to make DDoS attacks more potent.
Magnitude of the Assault
The scale of these HTTP/2 Rapid Reset DDoS attacks is staggering. Google reported the largest attack peaking at over 398 million requests per second (rps), dwarfing the largest attack recorded in 2022 at 46 million rps. Others, facing a peak of 201 million rps in August, experienced an attack three times larger than any previously detected.
What sets these attacks apart is their origin from a relatively small botnet comprising only 22,000 computers. This contrasts with traditional DDoS attacks that typically rely on much larger botnets, highlighting the efficiency and potency of the new HTTP/2 exploitation technique.
Anatomy of the HTTP/2 Rapid Reset Attack
The attackers exploit the combination of HTTP/2’s concurrent stream capabilities and the RST_STREAM frames. The protocol incorporates a setting, SETTINGS_MAX_CONCURRENT_STREAMS, indicating the maximum number of concurrent streams allowed. The attackers manipulate this setting by sending rapid RST_STREAM frames, causing a reset in the stream count and allowing for a continuous influx of new requests, overwhelming servers.
Responses and Mitigations
In response to this unprecedented threat, major cloud service providers and web server vendors have been working diligently on mitigation strategies and patches. Prophaze Cloud-Native Unified Security Platform has emerged as a key player in fortifying defenses against the HTTP/2 Rapid Reset attacks.
Prophaze recommends a multi-faceted approach to mitigate the risks posed by these attacks. Simply blocking individual requests is deemed ineffective, as the attack methodology allows for a swift replenishment of new requests. Instead, Prophaze advocates for the implementation of stricter limits, potentially closing entire TCP connections upon detecting abuse.
Industry Collaboration and Patches
Recognizing the severity of the HTTP/2 vulnerability, major players in the industry have collaborated to release mitigations and patches. These patches aim to address the underlying weakness in the HTTP/2 protocol, providing users with enhanced protection.
Users are encouraged to stay informed and follow updates from their web server and load balancer providers, ensuring the timely application of patches and adherence to mitigation recommendations.
Prophaze's Innovative Defense Solutions
In the face of evolving cyber threats, Prophaze stands at the forefront, developing purpose-built technology to counter the HTTP/2 Rapid Reset exploit. By combining internal detections, prioritizing connections, and implementing advanced mitigation techniques, Prophaze ensures that its clients remain safeguarded against the unprecedented scale and efficiency of these DDoS attacks.
The Road Ahead: Protecting the Digital Landscape
As the cybersecurity landscape continues to evolve, the HTTP/2 Rapid Reset vulnerability serves as a stark reminder of the importance of proactive defense measures. Prophaze remains committed to fortifying digital infrastructures against emerging threats, setting a new standard for resilience and adaptability in the face of relentless cyber adversaries. Stay vigilant, stay secure, and embrace the cutting-edge solutions that safeguard our interconnected digital world.
