{"id":988756,"date":"2023-10-26T19:40:51","date_gmt":"2023-10-26T21:40:51","guid":{"rendered":"https:\/\/teknomers.com\/fr\/une-attaque-ddos-record-de-100-millions-de-rps-exploite-une-faille-de-reinitialisation-rapide-http-2\/"},"modified":"2023-10-26T19:40:55","modified_gmt":"2023-10-26T21:40:55","slug":"une-attaque-ddos-record-de-100-millions-de-rps-exploite-une-faille-de-reinitialisation-rapide-http-2","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/une-attaque-ddos-record-de-100-millions-de-rps-exploite-une-faille-de-reinitialisation-rapide-http-2\/","title":{"rendered":"Une attaque DDoS record de 100 millions de RPS exploite une faille de r\u00e9initialisation rapide HTTP\/2"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">26 octobre 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 du r\u00e9seau \/ Cyberattaque<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/Une-attaque-DDoS-record-de-100-millions-de-RPS-exploite.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Cloudflare a d\u00e9clar\u00e9 jeudi avoir att\u00e9nu\u00e9 des milliers d&#8217;attaques par d\u00e9ni de service distribu\u00e9 (DDoS) HTTP hyper-volum\u00e9triques qui exploitaient une faille r\u00e9cemment r\u00e9v\u00e9l\u00e9e appel\u00e9e HTTP\/2 Rapid Reset, dont 89 d\u00e9passaient 100 millions de requ\u00eates par seconde (RPS).<\/p>\n<p>\u00ab\u00a0La campagne a contribu\u00e9 \u00e0 une augmentation globale de 65\u00a0% du trafic d&#8217;attaques HTTP DDoS au troisi\u00e8me trimestre par rapport au <a rel=\"nofollow noopener\" href=\"https:\/\/blog.cloudflare.com\/ddos-threat-report-2023-q2\/\" target=\"_blank\">trimestre pr\u00e9c\u00e9dent<\/a>,&#8221; la soci\u00e9t\u00e9 d&#8217;infrastructure et de s\u00e9curit\u00e9 Web <a rel=\"nofollow noopener\" href=\"https:\/\/blog.cloudflare.com\/ddos-threat-report-2023-q3\/\" target=\"_blank\">dit<\/a> dans un rapport partag\u00e9 avec The Hacker News.  &#8220;De la m\u00eame mani\u00e8re, <a rel=\"nofollow noopener\" href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/layer-3-ddos-attacks\/\" target=\"_blank\">Attaques DDoS L3\/4<\/a> a \u00e9galement augment\u00e9 de 14 %.<\/p>\n<p>Le nombre total de demandes d\u2019attaques HTTP DDoS au cours du trimestre a bondi \u00e0 8\u00a0900 milliards, contre 5\u00a0400 milliards au deuxi\u00e8me trimestre 2023 et 4\u00a0700 milliards au premier trimestre 2023. Le nombre de demandes d\u2019attaque au quatri\u00e8me trimestre 2022 s\u2019\u00e9levait \u00e0 6\u00a0500 milliards.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/moon-i-2.1\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/Les-Bing-Chat-Ads-de-Microsoft-alimentees-par-lIA-peuvent.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>HTTP\/2 Rapid Reset (CVE-2023-44487) a \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9 plus t\u00f4t ce mois-ci \u00e0 la suite d&#8217;une divulgation coordonn\u00e9e \u00e0 l&#8217;\u00e9chelle de l&#8217;industrie qui s&#8217;est pench\u00e9e sur des attaques DDoS orchestr\u00e9es par un acteur inconnu en exploitant la faille pour cibler divers fournisseurs tels qu&#8217;Amazon Web Services (AWS). ), Cloudflare et Google Cloud.<\/p>\n<p>Rapidement, dans un <a rel=\"nofollow noopener\" href=\"https:\/\/www.fastly.com\/blog\/how-fastly-protects-customers-from-ddos-including-rapid-reset-attack\" target=\"_blank\">divulgation<\/a> mercredi, a d\u00e9clar\u00e9 avoir contr\u00e9 une attaque similaire qui a culmin\u00e9 avec un volume d&#8217;environ 250 millions de RPS et une dur\u00e9e d&#8217;environ trois minutes.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/1698356450_720_Une-attaque-DDoS-record-de-100-millions-de-RPS-exploite.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/1698356450_720_Une-attaque-DDoS-record-de-100-millions-de-RPS-exploite.jpg\" alt=\"Attaque DDoS RPS\" border=\"0\" data-original-height=\"458\" data-original-width=\"728\" title=\"Attaque DDoS RPS\"\/><\/a><\/div>\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/1698356450_49_Une-attaque-DDoS-record-de-100-millions-de-RPS-exploite.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/1698356450_49_Une-attaque-DDoS-record-de-100-millions-de-RPS-exploite.jpg\" alt=\"Attaque DDoS RPS\" border=\"0\" data-original-height=\"317\" data-original-width=\"728\" title=\"Attaque DDoS RPS\"\/><\/a><\/div>\n<p>\u00ab Les botnets qui exploitent les plates-formes de cloud computing et exploitent HTTP\/2 sont capables de g\u00e9n\u00e9rer jusqu&#8217;\u00e0 5\u00a0000 fois plus de force par n\u0153ud de botnet \u00bb, a not\u00e9 Cloudflare.  &#8220;Cela leur a permis de lancer des attaques DDoS hyper-volum\u00e9triques avec un petit botnet comprenant \u00e0 lui seul 5 \u00e0 20 000 n\u0153uds.&#8221;<\/p>\n<p>Certains des principaux secteurs cibl\u00e9s par les attaques DDoS HTTP comprennent les jeux, l&#8217;informatique, les cryptomonnaies, les logiciels informatiques et les t\u00e9l\u00e9communications, les \u00c9tats-Unis, la Chine, le Br\u00e9sil, l&#8217;Allemagne et l&#8217;Indon\u00e9sie repr\u00e9sentant les plus grandes sources d&#8217;attaques DDoS de la couche application (L7).<\/p>\n<p>D\u2019un autre c\u00f4t\u00e9, les \u00c9tats-Unis, Singapour, la Chine, le Vietnam et le Canada sont devenus les principales cibles des attaques HTTP DDoS.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/cis-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/10\/1696132289_209_Les-Bing-Chat-Ads-de-Microsoft-alimentees-par-lIA-peuvent.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>&#8220;Pour le deuxi\u00e8me trimestre cons\u00e9cutif, <a rel=\"nofollow noopener\" href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/dns-flood-ddos-attack\/\" target=\"_blank\">Attaques DDoS bas\u00e9es sur DNS<\/a> \u00e9taient les plus courantes&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9. &#8220;Pr\u00e8s de 47 % de toutes les attaques \u00e9taient bas\u00e9es sur le DNS.  Cela repr\u00e9sente une augmentation de 44% par rapport au trimestre pr\u00e9c\u00e9dent. <a rel=\"nofollow noopener\" href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/syn-flood-ddos-attack\/\" target=\"_blank\">Inondations SYN<\/a> restent \u00e0 la deuxi\u00e8me place, suivis par <a rel=\"nofollow noopener\" href=\"https:\/\/kb.mazebolt.com\/knowledgebase\/rst-flood\/\" target=\"_blank\">Inondations RST<\/a>, <a rel=\"nofollow noopener\" href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/udp-flood-ddos-attack\/\" target=\"_blank\">Inondations UDP<\/a>et <a rel=\"nofollow noopener\" href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/glossary\/mirai-botnet\/\" target=\"_blank\">Attaques de Mirai<\/a>&#8220;.<\/p>\n<p>Un autre changement notable est la diminution des attaques DDoS contre ran\u00e7on, qui, selon Cloudflare, \u00ab est due au fait que les acteurs de la menace ont r\u00e9alis\u00e9 que les organisations ne les paieraient pas \u00bb.<\/p>\n<p>La divulgation <a rel=\"nofollow noopener\" href=\"https:\/\/blog.cloudflare.com\/q3-2023-internet-disruption-summary\/\" target=\"_blank\">vient au milieu<\/a> <a rel=\"nofollow noopener\" href=\"https:\/\/blog.cloudflare.com\/internet-traffic-patterns-in-israel-and-palestine-following-the-october-2023-attacks\/\" target=\"_blank\">fluctuations du trafic Internet<\/a> et un <a rel=\"nofollow noopener\" href=\"https:\/\/blog.cloudflare.com\/cyber-attacks-in-the-israel-hamas-war\/\" target=\"_blank\">pic d&#8217;attaques DDoS<\/a> au lendemain de la guerre entre Isra\u00ebl et le Hamas, Cloudflare ayant repouss\u00e9 plusieurs tentatives d&#8217;attaque visant des sites Web isra\u00e9liens et palestiniens.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/10\/record-breaking-100-million-rps-ddos.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80226 octobre 2023\ue804R\u00e9dactionS\u00e9curit\u00e9 du r\u00e9seau \/ Cyberattaque Cloudflare a d\u00e9clar\u00e9 jeudi avoir att\u00e9nu\u00e9 des milliers d&#8217;attaques par d\u00e9ni de service distribu\u00e9 (DDoS) HTTP hyper-volum\u00e9triques qui exploitaient une faille r\u00e9cemment r\u00e9v\u00e9l\u00e9e appel\u00e9e HTTP\/2 Rapid Reset, dont 89 d\u00e9passaient 100 millions de requ\u00eates par seconde (RPS). \u00ab\u00a0La campagne a contribu\u00e9 \u00e0 une augmentation globale de 65\u00a0% du [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":988757,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,1933,4168,4165,4161,200267,2890,7727,9048,110558,4159,4171,200271,1610,200268,200269,200270,2402,4282,60907,18255,128318,4172,4169,196,4166,4164],"class_list":["post-988756","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-attaque","tag-comment-pirater","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-ddos","tag-exploite","tag-faille","tag-http2","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-logiciel-malveillant-rancongiciel","tag-millions","tag-mises-a-jour-sur-la-cybersecurite","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-rapide","tag-record","tag-reinitialisation","tag-rps","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-une","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/988756","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=988756"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/988756\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/988757"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=988756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=988756"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=988756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}