A zero-day vulnerability named “HTTP/2 Rapid Reset” was used by users to launch the largest distributed denial of service attacks (DDoS from distributed denial-of-Service) in the history of the Internet.
One of the attacks recorded by Cloudflare was three times older than her attack which broke the record of 71 million requests per second (RPS) reported by the company in February.
Specifically, the DDoS attack HTTP / 2 fast Reset peaked at 201 million RPS, while Google observed a DDoS attack that peaked at 398 million RPS.
The new attack method uses a feature of HTTP/2 called 'stream cancellation', repeatedly sending a request and canceling it immediately.