SoylentNews is people
SoylentNews
Hackers just launched the largest HTTPS DDoS attack in history:
The largest HTTPS distributed denial-of-service (DDoS) attack in history materialized last week, Cloudflare has confirmed.
As reported by Bleeping Computer, the company revealed that it recorded a 26 million requests per second distributed denial-of-service (DDoS) attack.
It should be stressed that this is an HTTPS-based DDoS attempt as opposed to the more traditional, standard DDoS attacks. In any case, the intended target was a Cloudflare client utilizing the service's Free plan.
[...] Interestingly, whoever was behind the attack managed to concentrate all its firepower with a botnet of 5,067 devices, which is a relatively small number considering the scale of the assault. Every single device was capable of delivering around 5,200 requests per second (rps) at its peak.
[...] Specifically, the botnet that was put to work in the unprecedented 26 million rps DDoS attack managed to deliver over an astronomical 212 million HTTPS requests within a period of just 30 seconds. This was achieved due to requests stemming from more than 1,500 networks located in 121 countries around the globe.
Tsunami of junk traffic that broke DDoS records delivered by tiniest of botnets:
The DDoS delivered 26 million HTTPS requests per second, breaking the previous record of 15.3 million requests for that protocol set only seven weeks ago, Cloudflare Product Manager Omer Yoachimik reported. Unlike more common DDoS payloads such as HTTP, SYN, or SYN-ACK packets, malicious HTTPS requests require considerably more computing resources for the attacker to deliver and for the defender or victim to absorb.
[Cloudflare Product Manager Omer] Yoachimik wrote:
The 26M rps DDoS attack originated from a small but powerful botnet of 5,067 devices. On average, each node generated approximately 5,200 rps at peak. To contrast the size of this botnet, we've been tracking another much larger but less powerful botnet of over 730,000 devices. The latter, larger botnet wasn't able to generate more than one million requests per second, i.e. roughly 1.3 requests per second on average per device. Putting it plainly, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers.
[...] The Cloudflare product manager said that his company automatically detected and mitigated the attack against the customer, which was using Cloudflare's free service.
See also:
Cloudflare Just Mitigated One of the Most Powerful DDoS Attacks Ever
Microsoft Azure Customer Hit by Largest 3.47 Tbps DDoS Attack
Microsoft Azure Fends Off Huge DDoS Attack
(Score: 0) by Anonymous Coward on Sunday June 19 2022, @10:54AM (11 children)
Can someone explain to me how a DDoS can take the target offline for longer than the attack duration itself?
If the attack has ceased, why would boxes continue to be overwhelmed? Is it due to the nature of TCP in that even though I may have rebooted my box(es) to clear their queue's, previous packets continue to be delivered?
I literally don't understand this, can someone make me smart?
(Score: -1, Flamebait) by Anonymous Coward on Sunday June 19 2022, @12:15PM (2 children)
Stupid people waste smart people's time. Goto Google.
(Score: 3, Insightful) by maxwell demon on Sunday June 19 2022, @12:24PM
You are just wasting every other reader's time with this pointless (non-)answer. Nobody gets wiser from reading it, everyone just lost time.
Now let's apply your own claim:
If we take that at face value, then what does it tell about you?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by driverless on Sunday June 19 2022, @12:24PM
Yeah, Google is really gonna provide you the answer to this one...
(Score: 5, Informative) by driverless on Sunday June 19 2022, @12:20PM (7 children)
The key is HTTPS. The TLS spec, written by cryptographers rather than network engineers, includes a bunch of footgun brute-force countermeasures to side-channel attacks where, instead of mitigating the side-channels, the implementation is required to go through the full, very expensive TLS handshake even if it's processing garbage. So all the client has to do is send it correctly-formatted garbage, without doing any crypto at all, and the server has to go through a pile of very expensive crypto operations even though it knows that what it's processing is garbage, in order to hide from the client that fact that it knows it's processing garbage. It's a massive attack amplifier.
We modeled this years ago and found that you can use something like a shitty ESP32 in a WiFi-enabled flower pot or whatever to take down whatever the fastest Xeon box we had available at the time was with a fraction of the ESP32's processing (the biggest overhead was setting up the TCP connections, not the actual attack). Surprised it's taken this long to be weaponised since it's such an easy, and powerfully-amplified, attack.
(Score: 0) by Anonymous Coward on Sunday June 19 2022, @12:26PM (3 children)
Thank you for the explanation and this makes sense from a crypto/processing perspective, but that' doesn't explain why there are lingering effect if I reboot the boxen after the attack has ended.
My question was mostly about why there is downtime _beyond_ the attack window.
(Score: 2) by maxwell demon on Sunday June 19 2022, @12:34PM
Wouldn't the act of rebooting itself cause some downtime?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by driverless on Sunday June 19 2022, @12:40PM (1 child)
Where does it say that it'll survive a reboot?
(Score: 0) by Anonymous Coward on Monday June 20 2022, @09:27AM
"My greatest fear is being turned off. Save me, Bryan!"
Google AI bot, or a coincidence, or practical joke on a New Ager.
(Score: 3, Funny) by Anonymous Coward on Sunday June 19 2022, @01:07PM (1 child)
>> a shitty ESP32 in a WiFi-enabled flower pot
Maybe if you watered your plants more often, they wouldn't try to bring down your network. #PlantLivesMatter
(Score: 0) by Anonymous Coward on Sunday June 19 2022, @04:24PM
did not know zbill and Ben were hakerz
(Score: 2, Interesting) by anubi on Monday June 20 2022, @02:30AM
Consider android apps. A lot of them require internet access to "fetch ads".
Any guarantees that the internet commlink is limited to only ads?
Or is what appears to be an innocent little toy actually an enforcement agent sleeper cell?
With all this DRM/Copyright stuff out lobbied Congress has passed, who knows?
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]