Menu
What's new
By:
Filters Better Search

Skynet Rapid Reset http2/http3 CVE-2023-44487

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

DJones

Very Senior Member
@Adamm @RMerlin
@dave14305

Disclosed by Cloudflare, Google, AWS a new CVE new security vulnerability CVE-2023-44487 in http2/http3 effecting all platforms.

https://nvd.nist.gov/vuln/detail/CVE-2023-44487
blog.cloudflare.com

HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks

The “HTTP/2 Rapid Reset” attack exploits a weakness in the HTTP/2 protocol to generate enormous, hyper-volumetric DDoS attacks. Cloudflare has mitigated a barrage of these attacks in recent months, including an attack three times larger than any previous attack we’ve observed
blog.cloudflare.com blog.cloudflare.com

Is their some way Skynet can harden/rate limit against this possible vunerability to http2/http3 DDoS botnet attacks? Well average users probably are not the main target of these botnets AWS, Cloudflare, and large Webserver providers being the usual target. Still giving Edge servers/devices some additional protection would be nice. I know Asus will be far behind on it's patches.
 
Last edited:
DJones said:
I know Asus will be far behind on it's patches.
Click to expand...
Anyone could guess that from miles away.

Threska49 said:
A very effective strategy to clamp down on such clients is to count the number of server resets during a connection, and when that exceeds some threshold value, close the connection with a GOAWAY frame.
Click to expand...

I wonder if @Viktor Jaep knows anything about this stuff...🤔

I wonder how @Adamm or @dave14305 will patch this one into skynet. o_O
 
SomeWhereOverTheRainBow said:
Anyone could guess that from miles away.



I wonder if @Viktor Jaep knows anything about this stuff...🤔

I wonder how @Adamm or @dave14305 will patch this one into skynet. o_O
Click to expand...

This only affects people with web servers publicly exposed


This attack was made possible by abusing some features of the HTTP/2 protocol and server implementation details (see CVE-2023-44487 for details). Because the attack abuses an underlying weakness in the HTTP/2 protocol, we believe any vendor that has implemented HTTP/2 will be subject to the attack. This included every modern web server.
Click to expand...
 
Thanks for the information, I’ll look at utilizing it on my server. My concern was it could somehow effect the router or server by door knocking ports or something along those lines, but it would probably need to request some kind of file that taxes your available bandwidth. I’m sure it could potentially still be an issue if the ASUS router is exposed to the internet be it interface or smb if your into risks lol.
 
You must log in or register to reply here.
Similar threads
Thread starter Title Forum Replies Date
Viktor Jaep VPNMON VPNMON-R3 v1.3.3 -Apr 2, 2024- Monitor WAN/Dual-WAN/VPN Health & Reset Multiple OpenVPN Connections (Now available in AMTM!) Asuswrt-Merlin AddOns 203

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 915 (members: 20, guests: 895)
Top