News Targeted


Category: IT|Oct 12, 2023 | Author: Admin

398 million requests per second

Share on

A new type of DDoS attack unfortunately makes it possible for attack groups to send record traffic in the direction of servers they want to crack. This time it went well, but the fear is a far greater attack.

The two biggest attacks have occurred in the last two months


The technique dubbed "HTTP/2 Rapid Reset" has been in use since August.

 

The coordinated attack against Amazon Web Services, Google, and Cloudflare saw attacks with up to 155 million requests per second against Amazon, 201 million RPS (“Requests Per Second”) against Cloudflare and a record 398 million RPS against Google. The technique is performed by exploiting a still-unpatched flaw, CVE-2023-44487, in the HTTP/2 protocol.

 

In general, DDoS attacks attempt to disrupt websites and services on the Internet, making them unreachable. Attackers direct overwhelming amounts of Internet traffic to the targets, which can negate the ability to process incoming requests.

 

 

The botnet wasn't even that big
Not only is the bug not fixed, but Cloudflare is concerned not only because the attack is three times bigger than the previous record in February 2023 with 71 million RPS, but that the people behind the attack “only” needed a 20,000 botnet. Cloudflare points out that there are botnets with hundreds of thousands of machines, even millions of them.

 

This was a new attack vector on an unprecedented scale, but Cloudflare's existing protections were largely able to absorb the brunt of the attacks. Although we initially saw some impact on customer traffic—affecting approximately 1 percent of requests during the first wave of attacks—we have today been able to refine our measures to stop the attack for any Cloudflare customer without has affected our systems.

 

The company warns that the web, which generates a total of 1 to 3 billion requests per second, may experience where just as many requests are directed to a smaller number of targets. The question then is whether Google and Cloudflare manage to avoid longer downtime.

 

Sponsored Ads:

Comments:

< Next article

Previous article >


Chinese botnet infects 260,000 SOHO routers, IP cameras with malware

Category: IT|Sep 19, 2024 | Author: Admin

HaLow Wi-Fi has now been tested at 9.9 miles — new Wi-Fi world record is a near 5X increase over previous best

Category: IT|Sep 18, 2024 | Author: Admin

Windows vulnerability abused braille “spaces” in zero-day attacks

Category: Microsoft|Sep 17, 2024 | Author: Admin

Important steps to take on your iPhone before installing Apple's latest iOS 18 to avoid any errors

Category: Apple|Sep 16, 2024 | Author: Admin

AMD hides Taiwan branding on Ryzen CPU packaging as it preps new chips for China market release

Category: IT|Sep 15, 2024 | Author: Admin

Contabo downtime analysis

Category: IT|Sep 14, 2024 | Author: Admin

Netflix will no longer provide support for iPhones and iPads running iOS 16

Category: IT|Sep 13, 2024 | Author: Admin

Google searches now link to the Internet Archive

Category: General|Sep 12, 2024 | Author: Admin

Apple ordered to pay back its illegal $14.4 billion Irish tax break

Category: Apple|Sep 11, 2024 | Author: Admin

Microsoft to start force-upgrading Windows 22H2 systems next month

Category: Microsoft|Sep 10, 2024 | Author: Admin

Mozilla extends Firefox support on unsupported Windows versions to March 2025

Category: IT|Sep 9, 2024 | Author: Admin

Apache fixes critical OFBiz remote code execution vulnerability

Category: IT|Sep 8, 2024 | Author: Admin

SonicWall SSLVPN access control flaw is now exploited in attacks

Category: IT|Sep 7, 2024 | Author: Admin

Microsoft Office 2024 to disable ActiveX controls by default

Category: Microsoft|Sep 6, 2024 | Author: Admin

LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks

Category: IT|Sep 5, 2024 | Author: Admin
more