Google Cloud stopped the largest known DDoS attack to date, which exploited HTTP/2 stream multiplexing using the new “Rapid Reset” technique.

daily.dev

Ido Shamun

GitHub

Community Picks is a section on daily.dev where our community members share the most interesting and valuable content they've discovered online. From insightful articles to handy tools, every post is a gem curated by our dedicated coomunity. To contribute to Community Picks, you need to have at least 250 reputation points, ensuring that only active and trusted members can share their finds.

Community Picks

Google mitigated the largest DDoS attack to date, peaking above 398 million requests per second (rps). The attack used a novel technique called HTTP/2 Rapid Reset based on stream multiplexing. Google coordinated with industry partners to understand the attack mechanics and collaborated on mitigations. The attack vulnerability has been designated as CVE-2023-44487 with a CVSS score of 7.5. Any enterprise or individual serving an HTTP-based workload may be at risk and should apply relevant patches or verify server vulnerability.

Google Cloud mitigated largest DDoS attack, peaking above 398 million rps

Industry coordination and response for CVE-2023-44487

Who is susceptible and what to do about it