Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security IT Technology

Cloudflare Says It Mitigated a Record-Breaking 17.2 Million HTTP RPS DDoS Attack (therecord.media) 10

Internet infrastructure company Cloudflare disclosed today that it mitigated the largest volumetric distributed denial of service attack that was recorded to date. From a report: The attack, which took place last month, targeted one of Cloudflare's customers in the financial industry. Cloudflare said that a threat actor used a botnet of more than 20,000 infected devices to flung HTTP requests at the customer's network in order to consume and crash server resources.

Called a volumetric DDoS, these are different from classic bandwidth DDoS attacks where threat actors try to exhaust and clog up the victim's internet connection bandwidth. Instead, attackers focus on sending as many junk HTTP requests to a victim's server in order to take up precious server CPU and RAM and prevent legitimate users from using targeted sites. Cloudflare said this attack peaked at 17.2 million HTTP requests/second (rps), a figure that the company described as almost three times larger than any previous volumetric DDoS attack that was ever reported in the public domain.

This discussion has been archived. No new comments can be posted.

Cloudflare Says It Mitigated a Record-Breaking 17.2 Million HTTP RPS DDoS Attack

Comments Filter:
  • I'll be impressed when they mitigate a DDoS attack that employs botnet with five million bots.

    • by Snard ( 61584 )
      That's nothing. I'll be impressed when they mitigate a DDoS attack that employs a botnet with FIVE MILLION AND ONE bots. Imagine a Beowulf cluster of these!
  • by rudy_wayne ( 414635 ) on Friday August 20, 2021 @02:03PM (#61712401)

    " a threat actor used a botnet of more than 20,000 infected devices to flung HTTP requests at the customer's network"

    OMG! We have been flunged!

  • I wonder if the DDoS potential in all the recent and historical TCP flaws [healthitsecurity.com] will result in some movement to try again to replace IPv4 with something "more safe". In this case "safe" means:
    • ** Easier to spy on
    • ** Locks out older computers so nobody can hide from the spyware the vendors to install
    • ** Insures embedded devices now all need 4G of RAM

    I always thought IPv6 was terrible due to the QoS and IPSEC features making it so top-heavy it never got off the ground. However, I think maybe the "powers that be" ju

    • by Anonymous Coward

      I always thought IPv6 was terrible due to the QoS and IPSEC features making it so top-heavy it never got off the ground.

      You're not wrong, but, the bigger reason for the failure of IPv6 is much simpler.

      The companies who make modems and routers were too cheap/short sighted to design their equipment so that it could be upgraded beyond IPv4. As Bill Gates once famously said, "4 Billion IP addresses should be enough for everyone."

      So now, consumers, businesses and ISPs are stuck with a billion modems/routers that would have to be thrown out in order to switch to IPv6.

    • Why would TCP flaws make anybody come up with a new IP version? They aren't the same thing, they don't even try to do the same thing, nor are they interchangeable. IPv4 and IPv6 use the exact same transport protocols.

      • Because typically folks who want to tear one down have designs on layers 3-4 as a whole. Also, typically folks who find flaws in TCP are going to know a few with IP also. They might not be strictly dependent on each other (though that's arguable also when you look at a lot of network stacks, including 4.3 BSD where most folks took the code). It would take significant work to surgically remove IP without impacting TCP in that stack. I've hacked on it many times and what you'll find, like siamese twins, is th
  • by Arnonyrnous Covvard ( 7286638 ) on Friday August 20, 2021 @02:38PM (#61712525)
    860 requests per second and device. It should be easy to detect and filter or rate limit this to manageable amounts. That traffic must stand out like a sore thumb.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...