NETSCOUT comments on HTTP2 threat

With the emergence of threat actors utilizing a new HTTP/2 application-layer distributed denial-of-service (DDoS) attack vector to launch a series of large-scale DDoS attacks against HTTP/2-enabled servers, services, and applications, Roland Dobbins, Principal Engineer, NETSCOUT Systems (www.netscout.com) comments on why the threat is now re-emerging.

“HTTP/2 is essentially a legacy application-layer protocol, which is so infrequently used nowadays that it’s no longer viewed as a mainstream internet protocol.  However, in a joint disclosure by several well-known cloud computing, content delivery networks and software-as-a-service providers say they have been specifically targeted by this DDoS attack vector and were chosen precisely due to their support of HTTP/2 across their service delivery infrastructures.  This is despite most, if not all, of their customers no longer actively and consciously using HTTP/2.  Even so, collateral impact often occurs to users of shared infrastructure whether or not they themselves specifically make use of shared protocols and service delivery elements which are successfully attacked.”

“There’s no doubt that the vulnerability will continue to cause issues for service providers and their customers if it’s not appropriately patched.  However, there are actions enterprises can take to mitigate many of the effects of this vulnerability.  This includes deploying relevant patched software versions, utilising strong and effective DDoS mitigation tools, and considering disabling HTTP/2 support entirely for websites and applications utilizing it.”

For more information see the full blog at www.netscout.com/blog/asert/http2-rapid-reset-application-layer-ddos-attacks-targeting.