What happens if you send more? Does it just get ignored by the server? | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

blauditore on Oct 10, 2023 | parent | context | favorite | on: The novel HTTP/2 'Rapid Reset' DDoS attack

What happens if you send more? Does it just get ignored by the server?

jsnell on Oct 10, 2023 [–]

For most current HTTP/2 implementations it'll just be ignored, and that is a problem. We've seen versions of the attack doing just that, as covered in the variants section of the article.

Servers should switch to closing the connection if clients exceed the stream limit too often, not just ignoring the bogus streams.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact