Cisco Talos is actively tracking the novel distributed denial-of-service (DDoS) attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflare’s blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future.
CVE-2023-44487
CVE-2023-44487, a vulnerability in the HTTP/2 protocol, was recently used to launch intensive DDoS attacks against several targets. The problem lies in the way that HTTP/2 protocol handles request cancellations or resets. When a client issues a reset for an HTTP/2 request, this consumes resources on the server as it cancels the corresponding stream. However, after issuing a reset, the client can instantly open a new stream. The rapid opening and canceling of the HTTP/2 streams is what causes the denial of service. Because HTTP/2 has been integrated into a variety of different web platforms, it is likely that this vulnerability will have a widespread impact.
HTTP/2 made improvements over previous versions of the HTTP protocol, including changing the ways HTTP requests were handled. Earlier versions of HTTP rely on request-response serialization, in which a client sends a request to a server and then receives a response from that server over the same TCP connection. HTTP/2, meanwhile, formats requests and responses into HTTP/2 frames. Each frame has its own stream ID, used to identify which requests and responses correspond with each other. This allows for multiplexing and concurrent requests. This design is much more in line with the way web traffic occurs today, typically requiring large amounts of asynchronous requests for various types of ..
Support the originator by clicking the read the rest link below.
