Rapid Reset: New DoS Attack Threatens Over 60% of Internet Traffic

April 5, 2024
Rapid Reset: New DoS Attack Threatens Over 60% of Internet Traffic
Tech
Tech
Cybersecurity
Cybersecurity

  • A new DoS attack method, 'HTTP/2 Continuation Flood' or 'Rapid Reset', threatens internet safety by crashing servers with a single TCP connection.

  • The attack, exploiting HTTP/2 protocol frames, is particularly insidious as it leaves no trace in server logs and is difficult to detect and mitigate.

  • Over 60% of human internet traffic uses HTTP/2, indicating a significant impact potential for this newly discovered vulnerability.

  • CERT/CC is coordinating with tech giants and open source projects to responsibly disclose and address the vulnerability.

  • Immediate action is required from affected entities to upgrade software and libraries to prevent possible DDoS attacks utilizing this exploit.

Summary based on 4 sources

Get a daily email with more Tech stories

Sources

New HTTP/2 DoS attack can crash web servers with a single connection

BleepingComputer • Apr 4, 2024

New HTTP/2 DoS attack can crash web servers with a single connection
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

The Hacker News • Apr 4, 2024

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset

SecurityWeek • Apr 4, 2024

New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset
HTTP/2 `CONTINUATION` Flood: Technical Details

nowotarski.info • Apr 3, 2024

HTTP/2 `CONTINUATION` Flood: Technical Details

More Stories