A year ago, the company Cloudflare —an Internet giant, little known among the general public despite being a key player in the management of the infrastructure of the Network of networks— announced that had managed to deal with the largest DDoS attack in history.
During that attack, a huge botnet bombarded Cloudflare’s servers with up to 17.2 million requests per second, a certainly disproportionate figure, and well above an average DDoS. In fact, while most DDoS seek nothing more than to clog the attacked server’s bandwidth, the August 2021 DDoS was a volumetric DDoS, seeking to consume the server’s CPU and RAM.
10 months laterBack in June, Cloudflare let the world know that it had succeeded in stopping another much larger attack on its own infrastructure: 26 million requests per secondwith the particularity that this time it was an attack via HTTPS (which makes the attack more expensive and difficult to mitigate).
At that time, Cloudflare was once again crowned the recipient and mitigator of the largest DDoS attack to date. However, now just two months later, he has lost that throne…
46 million requests per second
…Google Cloud, Google’s cloud hosting service, has reported that it has successfully coped with a much larger attack, this time amounting to 46 million requests per second. To try to get an idea of the enormity of this attack, let’s think about concentrating in just 10 seconds all the connection requests that Wikipedia usually receives throughout just one day.
Another way to measure it: practically the entire population of Spain connecting to the same server in the exact same second
According to Google Cloud, the attack failed because its Cloud Armor service was able to detect the first signs of the threat and immediately automatically recommended a protection rule for the server that achieved the miracle of dodging the bullet. Faced with failure, the attack-attacked was extinguished an hour and nine minutes later. As the company explains in its corporate blog,
“In addition to its unexpectedly high volume of traffic, the attack had other notable features. They were involved 5,256 IPs from 132 different countries who contributed to the attack. […] The attack was based on encrypted requests (HTTPS) that required the use of additional technological resources.”
“About 22% of source IPs were from Tor network exit nodesAlthough the volume of requests coming from those nodes represented only 3% of the attack traffic, “our analysis shows that Tor exit nodes can send a significant amount of unwanted traffic to web applications and services.”
Apparently, “the geographical distribution and the types of insecure services used to generate the attack” coincide with those detected in others released via the Mēris botnetof which Xataka informed us last September 2021 that it had managed to beat the record for the largest DDoS attack in history twice.