Cloudflare Says It Mitigated a Record-Breaking 17.2 Million HTTP RPS DDoS Attack

Internet infrastructure company Cloudflare disclosed today that it mitigated the largest volumetric distributed denial of service attack that was recorded to date. From a report: The attack, which took place last month, targeted one of Cloudflare's customers in the financial industry. Cloudflare said that a threat actor used a botnet of more than 20,000 infected devices to flung HTTP requests at the customer's network in order to consume and crash server resources.

Called a volumetric DDoS, these are different from classic bandwidth DDoS attacks where threat actors try to exhaust and clog up the victim's internet connection bandwidth. Instead, attackers focus on sending as many junk HTTP requests to a victim's server in order to take up precious server CPU and RAM and prevent legitimate users from using targeted sites. Cloudflare said this attack peaked at 17.2 million HTTP requests/second (rps), a figure that the company described as almost three times larger than any previous volumetric DDoS attack that was ever reported in the public domain.

No impressed.

[Gravis Zero]

I'll be impressed when they mitigate a DDoS attack that employs botnet with five million bots.

Re:

[Snard]

That's nothing. I'll be impressed when they mitigate a DDoS attack that employs a botnet with FIVE MILLION AND ONE bots. Imagine a Beowulf cluster of these!

The Dreaded Flunging!

[rudy_wayne]

" a threat actor used a botnet of more than 20,000 infected devices to flung HTTP requests at the customer's network"

OMG! We have been flunged!

Re:

[mrbester]

* flang

Re:

[flyingfsck]

'to flung' - It was the Chinese guy Hoo Flung Dung of course.

Stack abuse involved? Not this time.

[Seven Spirals]

I wonder if the DDoS potential in all the recent and historical TCP flaws [healthitsecurity.com] will result in some movement to try again to replace IPv4 with something "more safe". In this case "safe" means:

• ** Easier to spy on
• ** Locks out older computers so nobody can hide from the spyware the vendors to install
• ** Insures embedded devices now all need 4G of RAM

I always thought IPv6 was terrible due to the QoS and IPSEC features making it so top-heavy it never got off the ground. However, I think maybe the "powers that be" ju

Re:

[Anonymous Coward]

I always thought IPv6 was terrible due to the QoS and IPSEC features making it so top-heavy it never got off the ground.

You're not wrong, but, the bigger reason for the failure of IPv6 is much simpler.

The companies who make modems and routers were too cheap/short sighted to design their equipment so that it could be upgraded beyond IPv4. As Bill Gates once famously said, "4 Billion IP addresses should be enough for everyone."

So now, consumers, businesses and ISPs are stuck with a billion modems/routers that would have to be thrown out in order to switch to IPv6.

Re: Stack abuse involved? Not this time.

[ArmoredDragon]

Why would TCP flaws make anybody come up with a new IP version? They aren't the same thing, they don't even try to do the same thing, nor are they interchangeable. IPv4 and IPv6 use the exact same transport protocols.

Re:

[Seven Spirals]

Because typically folks who want to tear one down have designs on layers 3-4 as a whole. Also, typically folks who find flaws in TCP are going to know a few with IP also. They might not be strictly dependent on each other (though that's arguable also when you look at a lot of network stacks, including 4.3 BSD where most folks took the code). It would take significant work to surgically remove IP without impacting TCP in that stack. I've hacked on it many times and what you'll find, like siamese twins, is th

17.2 million rps / 20000 devices

[Arnonyrnous Covvard]

860 requests per second and device. It should be easy to detect and filter or rate limit this to manageable amounts. That traffic must stand out like a sore thumb.