A group of researchers discovered a broadcast amplification vulnerability in Cloudflare's QUIC implementation, where a single packet to a broadcast IP address could trigger multiple responses from server workers. The vulnerability, which has been fully patched, highlighted how broadcast functionality combined with SO_REUSEPORT socket options can create significant amplification risks in UDP-based services.

https://blog.cloudflare.com/mitigating-broadcast-address-attack/

#security #networking #quicprotocol #infrastructure #ddos