Deep Dive – HTTP/2 Rapid Reset Attack
HTTPS/2 Rapid Reset DDoS method
Flooding targeted servers and websites
The HTTP/2 Rapid Reset attack is a powerful new DDoS method that exploits weaknesses in the HTTP/2 protocol. This method enables attackers to generate substantial traffic with relatively small botnets. It involves rapidly resetting HTTP/2 streams, causing a flood of requests that overwhelm targeted servers and websites.
For this Deep Dive into HTTP/2 Rapid Reset, host Lieuwe Jan Koning is joined by Rob Maas (Field CTO at ON2IT) and Luca Cipriano (Threat Intel Specialist at ON2IT) as they reveal how these types of attacks are set up and how they can best be mitigated.
How do you keep your head above water in a flood of requests and resets?
Tune in for this Deep Dive to find out!
Infographic
For a complete overview of the HTTP/2 Rapid Reset Attack and other attacks featured in the Can’t Deny DDoS Threat Talks; check the infographic.
Your cybersecurity experts
Lieuwe Jan Koning
Co-Founder and CTO, ON2IT Group
Luca Cipriano
Threat Intel Specialist, ON2IT
Rob Maas
Field CTO, ON2IT
Episode details
How HTTP/2 Rapid Reset attacks flood servers and websites
The HTTP/2 Rapid Reset attack leverages vulnerabilities in the HTTP/2 protocol, sending a flood of rapid reset frames to overwhelm targeted web servers. This forces servers to waste resources by repeatedly resetting connections, leading to service outages and downtime.
Unlike traditional DDoS attacks, this method exploits the efficiency and speed of HTTP/2, making it more difficult to detect and mitigate. The attack’s ability to disrupt server operations with minimal traffic volume allows attackers to take down websites and applications with precision, causing severe disruptions to businesses and services.
For this Deep Dive into HTTP/2 Rapid Reset attacks, host Lieuwe Jan Koning is joined by Field CTO Rob Maas and Threat Intel Specialist Luca Cipriano of ON2IT.
Luca walks through the steps attackers took and how they exploit what’s supposed to be a feature, whereas Rob offers insights on what mitigations would work against such attacks.
Tune in for this Deep Dive to find out more!
Stay up-to-date on cybersecurity threats
Subscribe to our Spotify channel for deep dives into the dynamic world of cybersecurity. Stay informed, and stay secure!