Google Cloud has revealed it blocked the largest distributed denial-of-service (DDoS) attack on record, which peaked at 46 million requests per second (rps).
The June 1 attack targeted one Google Cloud customer using the Google Cloud Armor DDoS protection service.
[...] Google says it is the largest ever attack at Layer 7, referring to the application layer — the top layer — in the OSI model of the Internet.
The attack on Google's customer was almost twice the size of a HTTPS DDoS attack on a Cloudflare customer in June that peaked at 26 million rps. That attack also relied on a relatively small botnet consisting of 5,067 devices spread over 127 countries.
[...] Google noted that this Mēris-related botnet abused unsecured proxies to obfuscate the true origin of the attacks.
It also noted that around 22% or 1,169 of the source IPs corresponded to Tor exit nodes, but the request volume coming from those nodes amounted to just 3% of the attack traffic.
"While we believe Tor participation in the attack was incidental due to the nature of the vulnerable services, even at 3% of the peak (greater than 1.3 million rps) our analysis shows that Tor exit nodes can send a significant amount of unwelcome traffic to web applications and services."
Previously: Massive DDoS Attack Delivered By Tiny Botnet
Related Stories
Hackers just launched the largest HTTPS DDoS attack in history:
The largest HTTPS distributed denial-of-service (DDoS) attack in history materialized last week, Cloudflare has confirmed.
As reported by Bleeping Computer, the company revealed that it recorded a 26 million requests per second distributed denial-of-service (DDoS) attack.
It should be stressed that this is an HTTPS-based DDoS attempt as opposed to the more traditional, standard DDoS attacks. In any case, the intended target was a Cloudflare client utilizing the service's Free plan.
[...] Interestingly, whoever was behind the attack managed to concentrate all its firepower with a botnet of 5,067 devices, which is a relatively small number considering the scale of the assault. Every single device was capable of delivering around 5,200 requests per second (rps) at its peak.
[...] Specifically, the botnet that was put to work in the unprecedented 26 million rps DDoS attack managed to deliver over an astronomical 212 million HTTPS requests within a period of just 30 seconds. This was achieved due to requests stemming from more than 1,500 networks located in 121 countries around the globe.
Tsunami of junk traffic that broke DDoS records delivered by tiniest of botnets:
The DDoS delivered 26 million HTTPS requests per second, breaking the previous record of 15.3 million requests for that protocol set only seven weeks ago, Cloudflare Product Manager Omer Yoachimik reported. Unlike more common DDoS payloads such as HTTP, SYN, or SYN-ACK packets, malicious HTTPS requests require considerably more computing resources for the attacker to deliver and for the defender or victim to absorb.
[Cloudflare Product Manager Omer] Yoachimik wrote:
The 26M rps DDoS attack originated from a small but powerful botnet of 5,067 devices. On average, each node generated approximately 5,200 rps at peak. To contrast the size of this botnet, we've been tracking another much larger but less powerful botnet of over 730,000 devices. The latter, larger botnet wasn't able to generate more than one million requests per second, i.e. roughly 1.3 requests per second on average per device. Putting it plainly, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers.
[...] The Cloudflare product manager said that his company automatically detected and mitigated the attack against the customer, which was using Cloudflare's free service.
See also:
Cloudflare Just Mitigated One of the Most Powerful DDoS Attacks Ever
Microsoft Azure Customer Hit by Largest 3.47 Tbps DDoS Attack
Microsoft Azure Fends Off Huge DDoS Attack
(Score: 2) by RS3 on Tuesday August 23 2022, @03:58AM (3 children)
What's often (usually) missing from these articles is the nuts and bolts of it: what OSes, what hardware, how to find the infection, what executables, etc. In this case they tell us- FTFA:
I don't think I've ever heard of MikroTik routers, and I'm not sure if they're provided by any ISPs, but check to see if you have one.
(Score: 3, Informative) by Freeman on Tuesday August 23 2022, @02:11PM (1 child)
The little I've heard about them, they seem to be big with corporations. I went looking for information about them and they definitely don't seem to be a standard consumer router. Their site lists some of their customers: https://mikrotik.com/customers [mikrotik.com] It looks like their hardware line-up includes everything you could want.
Some example hardware:
https://mikrotik.com/product/rb5009upr_s_in [mikrotik.com] (Perfect for small and medium ISPs. 2.5 Gigabit Ethernet & 10 Gigabit SFP+, numerous powering options.)
https://mikrotik.com/product/crs310_1g_5s_4s_in [mikrotik.com] (10 Gigabit fibre connectivity way over a 100 meters – for small offices or ISPs. Hardware offloaded VLAN-filtering and even some L3 routing on a budget!)
https://mikrotik.com/product/hap_ax2 [mikrotik.com] (With PoE-in and PoE-out, much faster wireless, more RAM, and a modern CPU. The smallest fully-fledged AX router on the market!)
https://mikrotik.com/product/chateaulte18_ax [mikrotik.com] (The best home AP just got even better. Generation 6 version of the Chateau LTE18. Much faster wireless, improved CPU, and now – with 2.5 Gigabit Ethernet!)
https://mikrotik.com/product/RB750r2 [mikrotik.com] (5x Ethernet, Small plastic case, 850MHz CPU, 64MB RAM, Most affordable MPLS router, RouterOS L4)
https://mikrotik.com/product/ccr2216_1g_12xs_2xq [mikrotik.com] (The new MikroTik flagship with the power of a whole fleet. Unleash the power of 100 Gigabit networking with L3 Hardware Offloading! This router can be a handy drop-in upgrade for existing CCR1072 setups.) With "dual-redundant hot-swap power supplies".
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Interesting) by RS3 on Tuesday August 23 2022, @02:48PM
Wow, thank you for all of that info. When I posted above comment I had no time to research. I see they're based in Latvia.
(Sorry, not a google fan and I'm sure there are other translator websites out there, but this came up first:)
Jobs at MikroTek: https://darbs-mikrotik-com.translate.goog/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp [translate.goog]
I see they're posting for a "Junior IoT C/C++ developer". Hmmm. I should write to them and suggest they're getting what they're paying for: cheap and dirty software. How about hiring a (very) senior developer who is strongly motivated in performing much testing and security.
(Score: 4, Interesting) by richtopia on Tuesday August 23 2022, @04:41PM
I ran a MikroTik router about a year ago. If you are looking for commercial grade at consumer prices, the players are MikroTik, Ubiquiti, or TP Link. MikroTik was not user-friendly and I'm not surprised many users are ignoring updates to their routers. I've used all 3 vendors; Ubiquiti is probably the most polished but they've depreciated their budget router. MikroTik was very powerful to the point I was paranoid if my router failed I would be down for hours as I relearn how to setup my router. I'm now running TP Link which is the most consumer-grade of all three options.
From my quick research, the issue was patched in 2018:
https://blog.mikrotik.com/security/meris-botnet.html [mikrotik.com]
(Score: 4, Funny) by jb on Tuesday August 23 2022, @04:14AM (1 child)
Surely, that should read:
(Score: 3, Interesting) by progo on Tuesday August 23 2022, @06:18AM
Maybe or maybe not the largest, but definitely in the running.
https://drewdevault.com/2022/05/25/Google-has-been-DDoSing-sourcehut.html [drewdevault.com]