Distributed Denial of Service (DDoS) attacks cause significant damage to computer systems by taking a system of-fline. Hypertext Transfer Protocol (HTTP), is the most commonly used protocol for web services. The HTTP protocol has recently received a major update to HTTP/2. This new protocol provides increased functionality, however this poses a threat from DDoS due to the larger attack surface.HTTP/2 implements novel compression techniques to reduce bandwidth, in this paper we explore this compression technology to providing understanding on its risk from DDoS, specifically ina HTTP/2 to HTTP/1 proxy deployment. We implement a test bed and measure the bandwidth to show that a amplification attack is possible which is comparable to the current largest amplification attacks.
|Publication status||Early online date - 02 Nov 2017|