HTTP/2 Tsunami: Investigating HTTP/2 Proxy Amplification DDoS Attacks

Distributed Denial of Service (DDoS) attacks cause significant damage to computer systems by taking a system offline. Hypertext Transfer Protocol (HTTP), is the most commonly used protocol for web services. The HTTP protocol has recently received a major update to HTTP/2. This new protocol provides increased functionality, however this poses a threat from DDoS due to the larger attack surface. HTTP/2 implements novel compression techniques to reduce bandwidth, in this paper we explore this compression technology to providing understanding on its risk from DDoS, specifically in a HTTP/2 to HTTP/1 proxy deployment. We implement a testbed and measure the bandwidth to show that a amplification attack is possible which is comparable to the current largest amplification attacks.