1 min read

Google Mitigates Largest DDoS Attack in Its History

Silviu STAHIE

October 13, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Google Mitigates Largest DDoS Attack in Its History

Google managed to mitigate the most significant DDoS attack sever registered in its infrastructure, which was only possible due to a vulnerability in the  HTTP/2 protocol.

Large DDoS attacks happen all the time, but we rarely hear about them because internet service providers and other types of organizations thwart the attacks. This means that attackers are constantly looking for ways to increase their output, hoping they’ll somehow manage to overwhelm existing protections.

Google highlights a worrying trend regarding the size of DDoS attacks yearly. It’s not just that they’re increasing in size, which is to be expected, but they’re growing much more than anyone would assume.

The largest DDoS attacks mitigated by Google in 2022 reached around 46 million requests per second (rps). This new one was 7.5 times higher, clocking in at 398 rps. The main difference is that attackers used a new HTTP/2 “Rapid Reset” technique, which takes advantage of a vulnerability in the HTTP/2 protocol.

“The most recent wave of attacks started in late August and continues to this day, targeting major infrastructure providers including Google services, Google Cloud infrastructure, and our customers,” saidGoogle. “Although these attacks are among the largest attacks Google has seen, our global load-balancing and DDoS mitigation infrastructure helped keep our services running.”

“For a sense of scale, this two minute attack generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023.”

The HTTP/2 vulnerability is already being tracked as CVE-2023-44487, with a CVSS score of 7.5 out of 10. Attackers use a functionality named stream multiplexing but in a different way. They open up multiple streams at the same time and cancel them immediately.

“The HTTP/2 Rapid Reset attack built on this capability is simple: The client opens a large number of streams at once as in the standard HTTP/2 attack, but rather than waiting for a response to each request stream from the server or proxy, the client cancels each request immediately,” Google also explained.

tags


Author


Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.

View all posts

You might also like

Bookmarks


loader