MadeYouReset: An HTTP/2 vulnerability thwarted by Rapid Reset mitigations

On August 13, security researchers at Tel Aviv University disclosed a new HTTP/2 denial-of-service (DoS) vulnerability that they are calling MadeYouReset (CVE-2025-8671). This vulnerability exists in a limited number of unpatched HTTP/2 server implementations that do not sufficiently enforce restrictions on the number of times a client may send malformed frames. If you’re using Cloudflare for HTTP DDoS mitigation, you’re already protected from MadeYouReset.

Cloudflare was informed of this vulnerability in May through a coordinated disclosure process, and we were able to confirm that our systems were not susceptible, due in large part to the mitigations we put in place during Rapid Reset (CVE-2023-44487). MadeYouReset and Rapid Reset are two conceptually similar HTTP/2 protocol attacks that exploit a fundamental feature within the HTTP/2 specification: stream resets. In the HTTP/2 protocol, a "stream" represents an independent series of HTTP request/response pairs exchanged between the client and server within an HTTP/2 connection. The stream reset feature is intended to allow a client to initiate an HTTP request and subsequently cancel it before the server has delivered its response.

The vulnerability exploited by both MadeYouReset and Rapid Reset lies in the potential for malicious actors to abuse this Continue reading

Transform ISP Choice from Anecdote to Evidence

Have you ever had to defend your choice of internet service provider? All you can say is: “Everyone says they’re reliable”, “My buddy recommended them.”, “They are the incumbent player”. But when pressed about frequent connectivity issues, then what? Sound familiar? This plays out in businesses across the world every day. We make one of […]

The post Transform ISP Choice from Anecdote to Evidence first appeared on Rick Mur.

N4N036: OSPF Area Types

Ethan and Holly bring you the last installment of the OSPF series discussing OSPF area types. They discuss why OSPF areas exist, do a quick recap of what OSPF areas actually are, and then introduce the different types of OSPF areas.  Lastly, see if you can answer Ethan’s rapid-fire OSPF questions. Episode Transcript: This episode... Read more »

Worth Reading 081325


The current state of digital identity is a mess. Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you’ve never heard of.


It turns out that, if you have your domain hosted by a big provider (we happen to use GoDaddy), it’s easy to turn on DNSSEC. But I think it says a lot that it took us this long (and the stimulus of working on a new security book) to get us to turn on DNSSEC


As we left the laboratory, I thought about how we in the computing field build a tremendous number of things that really cannot be called beautiful and then are commonly tossed aside without a thought.


The accelerated migration to advanced services will be accompanied by unprecedented complexity, and security and reliability concerns that must be addressed by the network-engineering and formal-methods communities.


Quantum scientists have long treated quantum entanglement as precious cargo, forging fresh links for every secure message or computation. A new theoretical study proposes a thriftier route, letting an existing pair pass portions of its entanglement down an extended chain.

PP074: News Roundup – Microsoft Dumps Digital Escorts; Palo Alto Bundles Billions Aboard CyberArk

Packet Protector goes global for today’s security news roundup. Microsoft discontinues a program in which engineers in China supported the US Department of Defense’s cloud infrastructure (with the help of US ‘digital escorts’), Taiwanese chipmaker TSMC fires several employees over allegations of attempted theft of sensitive tech, an Arizona woman gets 8 years in prison... Read more »

Fun Reading: AI: Great Expectations

Rodney Brooks republished an article on great AI expectations that he wrote 37 years ago. Not surprisingly, apart from a few technical details triggered by four decades of exponential growth in silicon capabilities, the article could have been written yesterday.

Side note: I’m a bit younger than Rodney, but I also went through at least three waves of AI hype cycles, starting with Prolog and 4GL, then expert systems, and finally neural networks. Around that time, I stopped caring and focused on networking, but I have enough battle scars to remain skeptical.

Aligning our prices and packaging with the problems we help customers solve

At Cloudflare, we have a simple but audacious goal: to help build a better Internet. That mission has driven us to build one of the world’s largest networks, to stand up for content providers, and to innovate relentlessly to make the Internet safer, faster, and more reliable for everyone, everywhere.

Building world-class products is only part of the battle, however. Fulfilling our mission means making these products accessible, including a pricing model that is fair, predictable, and aligned with the value we provide. If our packaging is confusing, or if our pricing penalizes you for using the service, then we’re not living up to our mission. And the best way to ensure that alignment?

Listen to our customers.

Over the years, your feedback has shaped our product roadmap, helping us evolve to offer nearly 100 products across four solution areas — Application Services, Network Services, Zero Trust Services, and our Developer Platform — on a single, unified platform and network infrastructure. Recently, we’ve heard a new theme emerge: the need for simplicity. You’ve asked us, “A hundred products is a lot. Can you please be more prescriptive?” and “Can you make your pricing more Continue reading

NB538: AI Copilot To Help Steer HPE SASE; SoftBank Will Test 5G Airships

Take a Network Break! We start with follow-up on post-quantum support in firewalls and DPDK, then highlight a command injection vulnerability in Ruckus SmartZone software. In tech news, Broadcom rolls out the Jericho4 ASIC to help scale AI across multiple data centers, InfoBlox beefs up DNS protection to spot malicious domains faster, and HPE announces... Read more »

Tech Bytes: How Lightyear Makes ISP Management Painless (Sponsored)

Telecom and ISP lifecycle management can be tedious and opaque. On today’s Tech Bytes, we talk with sponsor Lightyear about its SaaS-based platform that handles telecom and ISP procurement, tracks installations and inventory, manages billing, and more. We talk about the pain points that Lightyear can solve, the components of the platform, and how Lightyear... Read more »

BGP Community Propagation on Cisco IOS/XE: The 90’s Called

Just when I thought no vendor stupidity peculiarity could surprise me, Cisco IOS/XE proved me wrong.

I was improving a completely unrelated BGP functionality. I ran BGP integration tests on Cisco IOL (because it’s the fastest one to boot), and the BGP community propagation test failed. After verifying that I did not change the template and that the data structures had not changed, I checked the IOL release I was using.

Surprise 🎉🎉: the neighbor send-community configurations that worked since (at least) the IOS Classic release 15.x stopped working in Cisco IOS/XE release 17.16.01a.

Read more …

Fast Following Fails

Fast following fails.

Whenever I hear a leader in a technology business say, “We’re going to fast follow because it’s the most profitable place to be,” I know I’m looking at a failed organization. I didn’t come to this conclusion by thinking about it. I came to this conclusion by observing it repeatedly.

After observing it, however, I wanted to understand why this particular strategy fails so consistently and spectacularly. Why? To understand my theory, we need to start in a somewhat different place than business—we need to start with the nature of goals and humans.

You can place goals into two buckets: first things and second things.

First things are foundational. If you are a technology company, the first thing is building a stable, resilient, and flexible platform (or foundation). The products you sell will only be as stable as your platform. The innovation you achieve will only be as consistent as your platform is.

Second things are goals you can only achieve once you’ve built the first things.

Here’s the hard truth no one wants to hear: Generating revenue is a second thing.

Humans become what they do.

We all want to believe we can become what we Continue reading

1 48 49 50 51 52 3,854