Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Company
Platform
Modern NDR
Resources
Company
DETECTION OVERVIEW
Risk Factors
Web servers that support HTTP/2 are often exposed to the internet. An attacker can create a denial of service (DoS) scenario with attack tools that target HTTP/2. DoS attacks can create outages that disrupt business operations.
Category
The HTTP/2 protocol enables the exchange of messages between endpoints, which is called stream multiplexing. Stream multiplexing enables a client to have multiple in-flight streams within a single TCP connection, with each stream corresponding to one resource request.
An attacker can exploit a vulnerability in HTTP/2 (CVE-2023-44487) by opening many request streams and then canceling each in-flight request right away by sending an RST_STREAM frame. By resetting streams immediately, attackers can have an unlimited number of requests in flight and never exceed the limit of concurrent open streams. When the server cannot process the cancel requests fast enough, a backlog of work accumulates, stressing the server, and potentially leading to a DoS attack.
Network analysis and visibility solutions remain underrepresented in enterprises. Find out why in this preview of a new Wave report.
ExtraHop® Named a Leader in First-Ever Gartner® Magic Quadrant™ for Network Detection and Response
Visit this resource for more information.
This analysis exposes the critical link between an organization's lack of internal visibility and the escalating cost of compromise, demanding an urgent re-evaluation of how core business assets are protected.
Learn why you need to be wary of the claims certain network detection and response providers make about their coverage against the MITRE ATT&CK framework.
Learn how NDR from RevealX helps security teams detect and investigate more adversary TTPs in the MITRE ATT&CK framework than rule-based tools.
