Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Google Cloud Security

How Google Cloud Blocked the Largest Web DDOS Attack Ever (google.com) 11

Distributed denial-of-service (or DDoS) attacks "are increasing in frequency and growing in size exponentially," reports Google Cloud's blog.

Recently an attacker tried to hit one of their customers with 46 million requests per second. The blog post describes it as the largest attack of its kind reported to date, "at least 76% larger than the previously reported record. To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds." Starting around 9:45 a.m. PT on June 1, 2022, an attack of more than 10,000 requests per second (rps) began targeting our customer's HTTP/S Load Balancer. Eight minutes later, the attack grew to 100,000 requests per second. Cloud Armor Adaptive Protection detected the attack and generated an alert containing the attack signature by assessing the traffic across several dozen features and attributes. The alert included a recommended rule to block on the malicious signature....

Our customer's network security team deployed the Cloud Armor-recommended rule into their security policy, and it immediately started blocking the attack traffic. In the two minutes that followed, the attack began to ramp up, growing from 100,000 rps to a peak of 46 million rps. Since Cloud Armor was already blocking the attack traffic, the target workload continued to operate normally. Over the next few minutes, the attack started to decrease in size, ultimately ending 69 minutes later at 10:54 a.m.

Presumably the attacker likely determined they were not having the desired impact while incurring significant expenses to execute the attack.... The attack leveraged encrypted requests (HTTPS) which would have taken added computing resources to generate. Although terminating the encryption was necessary to inspect the traffic and effectively mitigate the attack, the use of HTTP Pipelining required Google to complete relatively few TLS handshakes.... The attack was stopped at the edge of Google's network, with the malicious requests blocked upstream from the customer's application.

While 22% of the source IPs corresponded to Tor exit nodes, the actual traffic coming from Tor nodes represented just 3% of attack traffic, the blog post points out.

And ultimately despite the attack, "the customer's service stayed online and continued serving their end-users."
This discussion has been archived. No new comments can be posted.

How Google Cloud Blocked the Largest Web DDOS Attack Ever

Comments Filter:
  • by 93 Escort Wagon ( 326346 ) on Sunday August 21, 2022 @10:46AM (#62808463)

    "To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds."

    How is this actually supposed to help? Okay, we assume that's a lot of requests... but it's not like any of us are really familiar with how much traffic Wikipedia gets in 10 seconds. That "helpful" tidbit is less useful than the real description of "46 million requests per second".

    A reference comparing the size of the attack to "Libraries of Congress" would've been equally (un)useful, but would've at least provided a bit of a chuckle.

    • by Guillermito ( 187510 ) on Sunday August 21, 2022 @11:34AM (#62808539) Homepage
      "To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds."

      it's not like any of us are really familiar with how much traffic Wikipedia gets in 10 seconds

      You don't need to know how much traffic Wikipedia gets in 10 seconds. All you need to know is the difference between 1 day and 10 secods. It is like saying "The Ithaca Regional Airport received in just 10 seconds the same amount of air traffic that JFK usually gets in one day". You don't need to know anything about air traffic to understand that's an extremely chaotic situation.

      • Mod parent up. Just to add: we don't even have to know Wikipedia. That's just a bit of creative writing. All we need to know is that a non-top 10 website received the daily traffic of a top 10 website in just 10 seconds. We may presume as much, since the Google writer doesn't name the DDoS target, which might invite copycat attacks from script kiddies just trying to test Google's cloud service. Not so with a site, Wikipedia, which already receives so much traffic and presumably already has protective measur
    • It's like trying to eat all the bananas in all the grocery stores in New York City at once.

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...