loader image

From around August to October 2023, there has been one of the biggest DDoS Attacks in history and this has generally slowed down many websites, and while some servers or hosts are seemingly unaffected, in the larger scope of it all, they are all affected in one way or another.

So what is a DDoS Attack? You can read more about the explanation HERE, but in a nutshell, it is basically a visit to a website or server that is repeated over and over again in rapid succession. In previous years Hosts used the old HTTP Protocol would essentially process one “request” at a time, but as websites got busier this had to be changed, and along came HTTP/2 protocol, which basically allows the site to process multiple requests simultaneously.

The downside of HTTP/2 is that attacks are more effective, and basically, the server/site will process almost anything thrown at it and in doing so will systematically slow down to a crawl before “crashing” as it runs out of resources (Think of it as opening multiple tabs in your website browser)

The latest attack was a Rapid Reset Attack and with a Rapid Reset, the attacking client “opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately. The ability to reset streams immediately allows each connection to have an indefinite number of requests in flight. By explicitly canceling the requests, the attacker never exceeds the limit on the number of concurrent open streams. The number of in-flight requests is no longer dependent on the round-trip time (RTT), but only on the available network bandwidth.

So how bad was this attack? Well, the internet processes around 1-3 Billion requests per second, and this attack was running at 398 million requests per second and was generated from bots running on around 20 000 machines.

I hope you have found this article interesting and informative, and you are welcome to get in touch if you have any questions.

Scan the code