Cloudflare: Huge DDoS Attack
Cloudflare reports that in July, it detected and mitigated a distributed denial-of-service (DDoS) attack that maxed out at 17.2 million HTTP requests-per-second. The attack lasted less than a minute. Cloudflare says the attack was using more than 20,000 infected devices in more than 100 countries. The same botnet targeted a different Cloudflare customer last week with a maximum rate of eight million requests-per-second.
Cloudflare’s DDoS mitigation service is separate from their CDN offering. It leverages their presence around the globe to detect, measure, and stop these activities. Customer traffic has to be routed through their system, which then dynamically builds rules to stop the attack at layer 4, rather than layer 7. The top network layer attacks are Syn, Reset, and UDP floods, with an emerging trend in network protocol attacks, including UDP Portmap and Quote of the DAY (QOTD). There seems to be a trend for shorter and more intense DDOS attacks that reactive SOC monitoring and response are not well suited for; automation is key here. Work with your DDOS vendor to tune your mitigation system based on your threat model.
The press loves “biggest DDoS attack ever” stories but many of the most damaging DDoS attacks weren’t brute force with high numbers of requests per second. The important point is where in your architecture have you put mitigation of denial-of-service attempts and do you regularly test your switchover to alternate connections or mitigation services?
DDos attacks are now so commonplace that hosting an online service without DDoS protection is similar to not having spam filtering for your email. Criminals will continue to evolve their tools and techniques in this area which requires constant innovation by defenders.
Read more in
Bleeping Computer: HTTP DDoS attacks reach unprecedented 17 million requests per second
Gov Infosecurity: Record-Setting DDoS Attack Hits Financial Service Firm