New HTTP/2 RST attacks and Vint Cerf on 50 years of the Internet

New types of denial of service attacks often reveal new details about deployed protocols or their implementations. The new HTTP/2 RST attacks that affected Google, AWS and CloudFlare and August 2023 and have been disclosed recently provide interesting information about some details of the HTTP/2 protocol. Google and Cloudflare provide detailed the impact of this new attack on blog posts: google’s blog and cloudflare’s blog

The attack exploits the fact that large web servers are usually behind proxies or load-balancers and that with HTTP/2, a client can send a request and reset it while it is still being processed by proxies or has been forwarded to servers. If you want to understand the attack and HTTP/2 in more details, Lucas Pardue and Julien Desgats provide a detailed technical analysis. Robin Marx also provides technical details and discusses why HTTP/3 is not vulnerable to such attacks

To celebrate the 50th anniversary of the Internet, google publishes an interesting interview of Vint Cerf.

This blog aims at encouraging students who read the open Computer Networking: Principles, Protocols and Practice ebook to explore new networking topics. You can follow this blog by subscribing to its RSS feed or by following @cnp3_ebook on mastodon.

Written on October 16, 2023