New 'HTTP/2 Rapid Reset' zero-day attack breaks DDoS records


Level 78
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
A new DDoS (distributed denial of service) technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since August, breaking all previous records in magnitude.

News of the zero-day technique comes as a coordinated announcement today between Amazon Web Services, Cloudflare, and Google, who report mitigating attacks reaching 155 million requests per second (Amazon), 201 million rps (Cloudflare), and a record-breaking 398 million rps (Google).

Google says they were able to mitigate these new attacks by adding further capacity on the edge of their network.

Cloudflare comments that the size of the attack it mitigated is three times bigger than its previous record, from February 2023 (71 million rps), and it's alarming that this was achieved using a relatively small botnet comprising 20,000 machines.

Since late August, Cloudflare has detected and mitigated over a thousand 'HTTP/2 Rapid Reset' DDoS attacks that surpassed 10 million rps, with 184 breaking the previous 71 million rps record.

Cloudflare is confident that as further threat actors employ more expansive botnets along with this new attack method, HTTP/2 Rapid Reset attacks will continue to break even greater records.

"There are botnets today that are made up of hundreds of thousands or millions of machines," comments Cloudflare.

"Given that the entire web typically sees only between 1–3 billion requests per second, it's not inconceivable that using this method could focus an entire web's worth of requests on a small number of targets."

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.