What is HTTP/2?
HTTP/2 is a network protocol used by the World Wide Web that
reduces latency by allowing multiple concurrent exchanges on the same
connection.
What is the Attack?
A newly identified Distributed Denial-of-Service (DDoS)
attack technique is used in the wild. This DDoS attack, known as ‘HTTP/2 Rapid
Reset’, leverages a flaw in the implementation of protocol HTTP/2.This HTTP/2 vulnerability allows malicious actors to launch
a DDoS attack targeting HTTP/2 servers. The attack sends a set number of HTTP
requests, to generate a high volume of traffic on the targeted HTTP/2 servers.
Attackers can cause a significant increase in the request per second and high
CPU utilization on the servers that eventually can cause resource exhaustion.
Why is this Significant?
According to a Google blog post on Oct 10, 2023, the largest
attack reached up to 398 million requests per second. CISA has also released an
advisory for this DDoS attack on the same day.
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
What is the Vendor Solution?
The web services deployed with HTTP/2 should check if there
are available patches and other mitigations.
What FortiGuard Coverage is available?
FortiGuard recommends using
application layer protection service such as Web Application Firewall (WAF) to
protect web applications against network attacks. Also, recommends using
Application Delivery service for load balancing and generally improving
security posture.FortiGuard also recommends
restricting Internet access to specific sources as needed and applicable.
https://www.fortinet.com/products/web-application-firewall/fortiweb
https://www.fortinet.com/products/application-delivery-controller/fortiadc
HTTP/2 Rapid Reset Attack
Read Time:1 Minute, 23 Second