I wonder why exactly this attack can't be pulled off with HTTP/1.1 and TCP RST f... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ynik on Oct 11, 2023 \| parent \| context \| favorite \| on: The novel HTTP/2 'Rapid Reset' DDoS attack I wonder why exactly this attack can't be pulled off with HTTP/1.1 and TCP RST for cancellation. It seems that (even with SYN cookies involved) an attacker could create new connections, send HTTP request, then quickly after send a RST. Is it just that the kernel doesn't really communicate TCP RST all that well to the application, so the HTTP server continues to count the connection against the "open connection limit" even though it isn't open anymore?

immibis on Oct 11, 2023 | [–]

The server kernel won't communicate the new connection to the application until you go through SYN-SYNACK-ACK.

wbl on Oct 11, 2023 | [–]

The problem for the attacker is they then run into resource limits on the TCP connections. The resets are essential to get the consumption not counting.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact