Clogging the Futures Series of Tubes: A look at HTTP/2 DDoS Attacks

Presented at Hackfest 2016, Nov. 4, 2016, 9 a.m. (60 minutes).

The future is here! Errrm, well it arrived a couple years, but it's starting to gain some traction! HTTP2 is the next generation of the HTTP protocol, designed from the ground up with performance in mind! It has a strong focus on loading full web pages and all of their dependencies faster through better network utilizations and less concurrent connections. But like any new technology, it brings with it a new set of challenges and issues that need to be discovered first, and then possibly remediated. HTTP2 is no exception to that with some security issues already identified. In this talk, I present some of my research into how HTTP2 makes it easier to launch layer 7 attacks and how attackers can leverage HTTP2 to launch new types of DDoS attacks. I also explore the readiness of the DDoS mitigation industry to detect HTTP2 based DDoS attacks

Presenters:

• Michael Bennet
  Michael Bennett is a full time DDoS consultant/developer from Toronto with a love for building new things. He currently works for Security Compass where he designs, develops, and launches DDoS attacks regularly as part of my job. When he's not launching DDoS talks he's often building a tool, automating something in his life, or just gaming.

Links:

• https://hackfest.ca/en/2016/speakers2016/#bennet
• https://infocon.org/cons/Hackfest/Hackfest 8 2016/Hackfest 2016 - Michael Bennet - Clogging the Futures Series of Tubes - A look at HTTP2 DDoS Attacks.mp4
• https://www.youtube.com/watch?v=10UFK9KIXIQ

Similar Presentations:

• LayerOne 2018 / HTTP2 and You
• NolaCon 2018 / HTTP2 and You
• LayerOne 2019 / Let’s Talk About WAF (Bypass) Baby