This is the best summary I could come up with:
Cloudflare, Google, and Amazon all say they successfully mitigated what two of the companies called the biggest DDoS layer 7 attacks they’ve recorded in August and September, though none said who the attacks were directed against.
The companies say the attacks were possible because of a zero-day vulnerability in the HTTP/2 protocol they’ve named “HTTP/2 Rapid Reset.”
HTTP/2 speeds up page loading by allowing for multiple simultaneous requests to a website over a single connection.
Cloudflare writes that these attacks apparently involved an automated cycle of sending and immediately canceling “hundreds of thousands” of requests to websites that use HTTP/2, overwhelming servers and taking them offline.
A group called Anonymous Sudan claimed credit for both attacks.
Google goes into detail in a blog post about how the attacks worked, so do head over there if you want to roll your sleeves up and read about it.
The original article contains 254 words, the summary contains 146 words. Saved 43%. I’m a bot and I’m open source!