this post was submitted on 12 Oct 2023
131 points (97.8% liked)

Technology

59446 readers
3657 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
all 6 comments
sorted by: hot top controversial new old
[–] [email protected] 29 points 1 year ago

Skip straight to the Google security blag if you want actual details, the verge article has none.

https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack

[–] [email protected] 27 points 1 year ago

Now do who.

[–] [email protected] 20 points 1 year ago

This is the best summary I could come up with:


Cloudflare, Google, Microsoft, and Amazon all say they successfully mitigated what two of the companies called the biggest DDoS layer 7 attacks they’ve recorded in August and September, though none said who the attacks were directed against.

The companies say the attacks were possible because of a zero-day vulnerability in the HTTP/2 protocol they’ve named “HTTP/2 Rapid Reset.”

HTTP/2 speeds up page loading by allowing for multiple simultaneous requests to a website over a single connection.

Cloudflare writes that these attacks apparently involved an automated cycle of sending and immediately canceling “hundreds of thousands” of requests to websites that use HTTP/2, overwhelming servers and taking them offline.

Google goes into detail in a blog post about how the attacks worked, so do head over there if you want to roll your sleeves up and read about it.

Update October 10th, 2023, 1:20PM ET: Added that Microsoft has disclosed that its cloud infrastructure was affected as well.


The original article contains 281 words, the summary contains 156 words. Saved 44%. I'm a bot and I'm open source!

[–] [email protected] 9 points 1 year ago
[–] [email protected] 7 points 1 year ago