This DDoS Attack... 398 million requests per second. (A demo of HTTP/2 Rapid Reset)

398 Million Requests Per Second. 155 Million Requests Per Second. 201 Millions Requests Per Second. Dem packets be flyin'. In this video, I explore and demo CVE-2023-44487, the novel HTTP/2 Rapid Reset Attack zero-day. A feature rather than an inherent bug. ⏰ Timestamps: 0:00 - Introduction 0:41 - Background Information 1:38 - HTTP/2 vs HTTP/1.1 4:27 - Demo (DDoS Apache2 Web Server) 10:11 - Mitigations 11:17 - Conclusion 🔗 Links Mentioned: - Rapid Reset Client (PoC): https://github.com/secengjeff/rapidresetclient - New 'HTTP/2 Rapid Reset' zero-day attack breaks DDoS records: https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ - How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack: https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack - HTTP/2 and How it Works (A good primer on differences between HTTP/1.1 vs HTTP/2): https://cabulous.medium.com/http-2-and-how-it-works-9f645458e4b2 🐕 Follow Me: Twitter: https://twitter.com/collinsinfosec Instagram: https://www.instagram.com/_collinsinfosec/ Cybercademy Discord Server: https://discord.gg/bWymWhCv9p 🤔 Have questions, concerns, comments?: Email me: grant@cybercademy.org 🎧 Gear: Laptop (Lenovo X1 Carbon Ultrabook 6th Gen): https://amzn.to/2O0UfAM​​​​​ Monitors (Dell D Series 31.5” D3218HN): https://amzn.to/2EXlgRF​​​​​ Keyboard (Velocifire VM01): https://amzn.to/2TEswfd​​​​​ Headphones (Audio Technica ATH-M40x): https://amzn.to/2F4Tvq6​​​​​ Work Monitors (Dell U4919DW UltraSharp 49 Curved Monitor): https://amzn.to/3yQmDhM Desk (FLEXISPOT EW8 Comhar Electric Standing Desk): https://amzn.to/3S9OxvG 💻 Cybersecurity PC Build Parts [Processor] Intel Core i7-13700K 3.4 GHz 16-Core Processor: https://amzn.to/3OlTTUK [Graphics Card] Asus DUAL OC GeForce RTX 3060 Ti 8 GB Video Card: https://amzn.to/3OE0bkd [AIO Cooler] Corsair iCUE H100i RGB ELITE 65.57 CFM Liquid CPU Cooler: https://amzn.to/3DEUUT9 [Motherboard] MSI PRO Z690-A WIFI DDR4 ATX LGA1700 Motherboard: https://amzn.to/3Ol9La8 [RAM](2x) Corsair Vengeance LPX 64 GB (2 x 32 GB) DDR4-3200 CL16 Memory: https://amzn.to/3OlsgeM [HDD] Seagate IronWolf NAS 8 TB 3.5" 7200 RPM Internal Hard Drive: https://amzn.to/3DFdc6K [SSD] Samsung 980 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive: https://amzn.to/3KpTnnQ [Case] Corsair 5000D AIRFLOW ATX Mid Tower Case: https://amzn.to/44Rjaxf [Power Supply] Corsair RM850x (2021) 850 W 80+ Gold Certified Fully Modular ATX Power Supply: https://amzn.to/478wC1r [Fans] Corsair iCUE SP120 RGB ELITE 47.7 CFM 120 mm Fans 3-Pack: https://amzn.to/44R4myD