Cloudflare, Google, and Amazon explain what’s behind the largest DDoS attacks ever
by Wes Davis from The Verge - All Posts on (#6FEY8)
Photo by Amelia Holowaty Krales / The Verge Cloudflare, Google, and Amazon all say they successfully mitigated what two of the companies called the biggest DDoS layer 7 attacks they've recorded in August and September, though none said who the attacks were directed against. The companies say the attacks were possible because of a zero-day vulnerability in the HTTP/2 protocol they've named HTTP/2 Rapid Reset."
HTTP/2 speeds up page loading by allowing for multiple simultaneous requests to a website over a single connection. Cloudflare writes that these attacks apparently involved an automated cycle of sending and immediately canceling hundreds of thousands" of requests to websites that use HTTP/2, overwhelming servers and taking them offline.
Google recorded the heaviest...