Hello and welcome to the Wednesday, October 11, 2020,

edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich, and the time I'm recording from Jacksonville, Florida.

Well, it's Patch Tuesday, but for a change, I won't start, at least not directly,

with the Microsoft Patch Tuesday content.

Instead, I'll first talk a little bit about the HDP2 Rapid Reset Denial of Service

attack that was discussed in a Cloudflare blog today.

Cloudflare AWS, Google, they all saw these attacks in late August being launched to basically send an

enormous amount of HTTP requests to their servers.

And, well, the attack itself is tricky because it really abuses a feature in HAP2.

So first, very briefly, what's so special and different about HGP2, the real difference when

it comes to HP2 is that a client in a server are able to efficiently use a single TCP connection.

In HP 1.1, it can happen that, for example, a resource that's

slow-to-load, sort of holds back all the other responses. Well, this cannot happen in HP2

because the server is able to define multiple streams for multiple responses, and that way, if one particular response

currently doesn't have anything to send, that bandwidth can be used by another response.

In some ways, I always describe it, and it may be a little bit oversimplified, but like HP2 is

sort of trying to re-implement TCP on the application layer.

And well, with that, we also have the ability to reset connections.

So normally if, let's say, you are loading a page and while you're starting to read the page,

you decide to click on a link before the page is fully loaded in HP1.1,

well, the TCP connection would basically be stopped with TCP reset,

...