A cryptocurrency platform Content-delivery network CloudFlare reported that threat actors were recently nearing the end of receiving one of the largest distributed denials of service attacks recorded after the bombing with 15.3 million requests.
DDoS attacks can be measured in a variety of ways, including the amount of data, the number of packets, or the number of requests sent per second. The current record is 3.4 terabits per second for volumetric DDoS যা which attempts to use all available bandwidth for the target এবং and 809 million packets per second, and 17.2 million requests per second. The next two records measure the strength of the application-layer attack, which seeks to deplete the computing resources of the target infrastructure.
Cloudflare's latest DDoS mitigation tops 15.3 million requests per second. In less time on record, the attack may be more powerful, since it was delivered via HTTPS requests instead of the HTTP requests used in the record. Since HTTPS requests are much more compact, this new attack was likely to put more pressure on the target.
The resources needed to flood HTTPS requests were also plentiful, indicating that DDoSers are getting stronger. Cloudflare claims that about 6,000 bot-integrated botnets are responsible, providing payloads of 10 million requests per second. The attack originated in 112 countries, with about 15 percent of the firepower coming from Indonesia, followed by Russia, Brazil, India, Colombia and the United States.
“Among those countries, the attack originated from more than 1,300 different networks,” wrote Cloudflare researchers Om Yochimik and Julian Desgats. They said the flood of traffic came primarily from data centers, as DDoSers moved from residential network ISPs to cloud computing ISPs. Top data center networks involved include the German provider Hetzner Online (autonomous system number 24940), Azteca Communicaciones Colombia (ASN 262186), and OVH in France (ASN 16276). Other sources include home and small office routers.
“In this case, the attacker was using compromised servers on the cloud hosting provider, some of which appear to be running Java-based applications. This is significant because of the recent discovery of a vulnerability (CVE-2022-21449) that could be used to bypass authentication in a wide range of Java-based applications, “Patrick Donahu, CloudFlare VP of the product, wrote in an email. “We've also seen a significant number of MikroTik routers used in the attack, probably exploiting the same vulnerabilities that Maris Botnet did.”
The attack lasted about 15 seconds. Cloudflare has mitigated this by using a system in the data center network that automatically detects traffic spikes and quickly filters sources. Cloudflare could not identify the target simply by saying that it operates a crypto launchpad, a platform that helps fund decentralized financial projects.
The numbers underscore the arms race between attackers and defenders as each tries to outdo the other. No wonder the new record is set next month.
This story originally appeared Ars Technica.
More great cable story
