026
EXH-0262023Fictional reconstruction
RST_STREAM Loop
October 2023. Google, AWS, and Cloudflare coordinate disclosure: a flaw in HTTP/2 stream cancellation lets a handful of TCP connections tie up origin CPU, the largest layer-7 attacks measured to date.
Type
Modern / Cloud
Difficulty
Intermediate
Era
2020s
Time
8 min
Briefing
Numbers are synthetic; the mechanism and October 2023 coordination are real.
Your role
SRE reading attack recap the night your provider enabled emergency mitigations.
Objective
Connect the coordinated disclosure memo to edge metrics showing `RST_STREAM` spikes and elevated request churn.
Terminal environment
- user
- sre
- host
- edge-metrics
- cwd
- /cdn/rapid-reset-drill
- steps
- 3
Enter the terminalAbout 8 minutesSafe simulation
Safety note. This is a safe reconstruction. All systems, files, hosts, credentials, and outputs are simulated. Do not use these techniques on systems you do not own or have explicit permission to test.