Internet Emergency Alert: HTTP/2 Protocol Exposes ‘Knife Attack’ Vulnerability, Your Website May Be ‘Exposed’!

Internet Emergency Alert: HTTP/2 Protocol Exposes 'Knife Attack' Vulnerability, Your Website May Be 'Exposed'!

In the dead of night, you might be sleeping soundly, unaware that countless servers around the world are experiencing a storm of “forced reboots”.

This is not an exaggeration. Frontline security teams are closely monitoring a new type of cyber attack called “MadeYouReset”. It acts like a top assassin, exploiting a fatal flaw in the HTTP/2 protocol that we use every day, capable of incapacitating even the most powerful servers in an instant.

💥 A Perfect ‘Knife Attack’

We all know that to prevent being overwhelmed by malicious users, servers typically set a rule: a single user (TCP connection) can handle a maximum of 100 requests (streams) at the same time. This is like a busy library that allows a single library card to borrow a maximum of 100 books, which is reasonable.

The previous “Rapid Reset” attack involved hackers continuously borrowing books (sending requests) and then immediately returning them (sending <span><span>RST_STREAM</span></span> to cancel), repeatedly doing this to harass the librarian (server).

However, now, “MadeYouReset” has a more sophisticated approach. The brilliance lies in the fact that it induces the librarian to cancel the books that were just borrowed!

The entire attack process is a textbook example of a “knife attack”:

Internet Emergency Alert: HTTP/2 Protocol Exposes 'Knife Attack' Vulnerability, Your Website May Be 'Exposed'!

💡 The Hacker’s ‘Six Martian Languages’

So, what “Martian languages” did the hackers use to confuse the servers? Technically, we refer to them as “primitives”, which can be simply understood as six commands that lead the server to “self-castration”:

  • Command 1: Update a window size of 0 (a meaningless command).
  • Command 2: Issue priority commands in the wrong format.
  • Command 3: Make a task depend on itself (logical deadlock).
  • Command 4: Request a window size that exceeds the limit.
  • Command 5 & 6: Repeatedly submit new requests after an order has ended.

Do you see it? The hackers do not need to cancel requests themselves; instead, they induce the server to self-terminate. This renders all previous defenses against “Rapid Reset” instantly ineffective. As the saying goes, the higher the skill, the greater the challenge!

🤔 Deep Reflection: Why Do Modern Protocols Still Have ‘Achilles’ Heels’?

You may ask, why does such a fundamental design flaw still exist in such a modern protocol as HTTP/2?

The root cause lies in the “gap between specification and implementation”. The specification of HTTP/2 (RFC 7540) is very complex, defining various states and frame interactions. However, thousands of developers worldwide may have slight differences in understanding and handling certain edge cases when implementing these specifications. Attackers exploit this “fuzzy area of specifications” and “inconsistencies in implementation” to find points of attack that yield significant results.

The discovery of “MadeYouReset” tells us that security is not only a matter of code but also an eternal game between protocol design and implementation.

🌍 What Should I Do? Act Immediately!

Don’t panic, but act quickly! Please take the following actions to equip your website with a “bulletproof vest”:

  1. Inventory Assets Immediately check your servers, load balancers, API gateways, and all services exposed to the public network to confirm which are using the HTTP/2 protocol.
  2. Check the ‘Heart’ Verify the official announcements of your web servers (such as Apache Tomcat), network frameworks (such as Netty), and network devices (such as F5 BIG-IP) to confirm if they are on the affected list.
  3. Apply the ‘Vaccine’ Once vulnerabilities are found, do not hesitate to upgrade to the latest version or apply security patches according to official guidelines! Many large companies like Cloudflare and Akamai have already deployed mitigation measures automatically, but if you have self-built services, you must take action yourself.
  4. Share and Forward Share this article with your colleagues and technical groups to raise awareness of this risk and collectively safeguard the security of the internet.

The evolution of offense and defense in the cyber world is never-ending. Every exposure of a vulnerability is not the end, but an opportunity for us to build a more secure internet together.

Stay vigilant and act quickly. Here’s a thumbs up for everyone guarding the digital world!👍

Leave a Comment