Lets Suppose a attacker want to DDoS a website targetx.com that have a image or a PDF file on its server, he will just replace the link with the file link and use it multiple times. Thapa Demonstrated his concept over a target using 3 laptop and the only browser he was able to achieve 400+ Mbps outbound traffic for 2-3 hours using a Image file. Think about a situation when multiple users are trying to access the note at a similar time, the amount of Inbound traffic can be extended to a much higher level resulting in a very strong DDoS attack which is strong enough to bring down any average website.Unfortunately Facebook has no plan to fix the vulnerability, In the end, the conclusion is that there’s no real way to us fix this that would stop “attacks” against small consumer grade sites without also significantly degrading the overall functionality. Facebook replied to the researcher.
