Slash Boxes

SoylentNews is people

posted by janrinok on Sunday July 07, @09:18AM   Printer-friendly
from the un-hack-your-router dept.

OVHcloud Sees Record 840 Mpps DDoS Attack:

Cloud provider OVHcloud this week revealed that it had mitigated the largest ever distributed denial-of-service (DDoS) attack in terms of packet rate, amid an overall increase in DDoS attack intensity.

Packet rate DDoS attacks seek to overload the processing engines of the networking devices close to the target, essentially taking down the infrastructure in front of the victim, such as the anti-DDoS systems.

Packet rate DDoS attacks, the cloud provider explains, are highly effective as their mitigation requires dealing with many small packets, which is typically more difficult than dealing with less, albeit larger packets.

"We can summarize this problem into a single sentence: if your job is to deal mostly with payloads, bandwidth may be the hard limit; but if your job is to deal mostly with packet headers, packet rate is the hard limit," OVHcloud notes.

Peaking at around 840 Mpps (million packets per second), the largest packet rate attack was registered in April this year, breaking the record that was set at 809 Mpps in 2021.

Even more worrying, however, is that OVHcloud has been observing a sharp increase in packet rate DDoS attacks above the 100 Mpps threshold over the past six months.

Typically, threat actors rely on DDoS attacks that focus on exhausting the target's bandwidth (network-layer or Layer 3 attacks) or resources (application-layer or Layer 7 attacks), but the adoption of packet rate assaults is surging.

"We went from mitigating a few of them each week, to tens or even hundreds per week. Our infrastructures had to mitigate several 500+ Mpps attacks at the beginning of 2024, including one peaking at 620 Mpps. In April 2024, we even mitigated a record-breaking DDoS attack reaching ~840 Mpps," OVHcloud says.

Most of the traffic used in the record attack, the cloud provider says, consisted of TCP ACK packets originating from roughly 5,000 IPs.

The company's investigation revealed the use of MikroTik routers as part of the attack, specifically cloud core routers – namely the CCR1036-8G-2S+ and CCR1072-1G-8S+ device models. There are close to 100,000 CCR devices exposed to the internet, with the two models accounting for roughly 40,000 of them.

Original Submission

This discussion was created by janrinok (52) for logged-in users only. Log in and try again!
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Troll) by Rosco P. Coltrane on Sunday July 07, @04:20PM (2 children)

    by Rosco P. Coltrane (4757) on Sunday July 07, @04:20PM (#1363375)


    • (Score: 4, Informative) by ls671 on Sunday July 07, @07:18PM (1 child)

      by ls671 (891) on Sunday July 07, @07:18PM (#1363385) Homepage

      We hesitated a long time before trying OVH (bare metal servers) because of people like yourself so we kept on paying double the prices we are paying now. We finally gave it a try and nowadays most of our infrastructure is in several OVH data centers, we never looked back since.

      Everything I write is lies, including this sentence.
      • (Score: 2) by stormreaver on Sunday July 07, @09:19PM

        by stormreaver (5101) on Sunday July 07, @09:19PM (#1363400)

        I have a couple tiny bare-metal servers through OVH, and I haven't noticed any impact at all.