- The huge DDOS attack of 38 TB has targeted an accommodation supplier
- Cloudflare DDOS protection started and blocked the attack
- It was the largest DDOS attack never recorded
Distributed Denial Department attacks (DDOS) generally use a network of compromise devices to bomb a server with an unusually large amount of data in order to make a service unusable.
But Cloudflare says that he recently blocked a monumental DDOS attack which tried to empty nearly 38 TB of data in just 45 seconds, making it the biggest attack of this type of history.
For comparison, 38 TB is equivalent to downloading 9,350 full HD films, or 9.35 million songs, or 7,480 hours of high definition video.
Cloudflare blocks mega-ddos
Cloudflare said the attack led to 7.3 terabits per second (TBP) of traffic reaching an average of 21,925 destination ports on an IP address belonging to an unnamed accommodation provider.
The attack used UDP packages as the main attack vector in order to “flood” the IP address with illegitimate packages that the service will not be able to treat, representing approximately 99.996% of the attack.
The remaining 0.004% of the attack used a combination of reflection and amplification attacks which bounce on the victim and amplify the attack, and the flood attacks.
Some of the additional attacks have used obsolete diagnostic tools for “ ping ” the IP address for an automatic response, which, once finished en masse, overloads the network’s capacity to respond and amplify the traffic of the network.
The DDOS attack comes from 161 countries, with a little less than half of the traffic from IP addresses based in Brazil and Vietnam.
Cloudflare said another third of traffic was traced in Taiwan, China, Indonesia, Ukraine, Ecuador, Thailand, the United States and Saudi Arabia.
For the uninitiated, this can ring the attack as a huge coordinated effort of a highly organized group that extends over the world, but in reality, the majority of the devices used are devices to the compromised Internet which have been infected with malicious software, transforming the device into a “bot”.
Pirates will use phishing, malicious downloads or vulnerabilities to spread malware, the infected device continuing to operate as expected until it is called upon to participate in an attack.
The attack culminated at 45,097 single source IP addresses per second, with an average of 26,855 for the duration of the attack. To counter the attack, Cloudflare said that he had used the distributed nature of a DDOS attack to spread the traffic load between data centers near the origin of traffic.
Cloudflare DDOS detection and attenuation systems also detect suspicious packets and “fingerprints”, allowing the system to identify similarities in attack packets and mitigate them without having an impact on legitimate traffic.
