September 25, 2022

COSFONE

Networking, PBX, IT, DIY Solution

Google successfully thwarted a peak DDoS attack with over 46 million requests per second

3 min read

Google successfully thwarted a peak DDoS attack with over 46 million requests per second



 

Google successfully thwarted a peak DDoS attack with over 46 million requests per second. 

In June, Cloudflare reported the largest DDoS cyberattack ever, peaking at 26 million requests per second.

This beats the previous record of 17.2 million in August 2021 and 15.3 million in April 2022.

But the record was refreshed again this month, with Google saying it peaked at 46 million per second.

 

Google successfully thwarted a peak DDoS attack with over 46 million requests per second

 

 

In a Google Cloud blog post, Google said it peaked at 46 million requests per second, more than 76% of Cloudflare’s peak.

This DDoS attack was conducted against Google Cloud customers using Cloud Armor.

Google says that once the service detects signs of a threat, it alerts customers and advises them to adopt protection rules to ward off the danger.

This rule is then deployed before requests peak, meaning customers continue to stay online while Cloud Armor protects their infrastructure and workloads.

 

Google said the attack started in the early hours of June 1 at 10,000 requests per second, but rose to 100,000 requests per second eight minutes later, when Cloud Armor adaptive protection kicked in.

Two minutes later, requests per second increased to 46 million, but customers are now safe and continue to operate.

The attack went away in 69 minutes, probably because it was thwarted by Google Cloud Armor and didn’t have the desired effect.

 

Google successfully thwarted a peak DDoS attack with over 46 million requests per second

 

 

Regarding the post-mortem analysis of this security incident, Google said

In addition to the unexpectedly high traffic, the attack had other notable characteristics. The attack had 5256 source IPs from 132 countries. As you can see in Figure 2 above, the top 4 countries contributed about 31% of the total attack traffic.

The attack leverages encrypted requests (HTTPS), which would require additional computing resources to generate. While terminating encryption is necessary to inspect traffic and effectively mitigate attacks, using HTTP Pipelining requires Google to complete relatively few TLS handshakes.

About 22% (1,169) of the source IPs corresponded to Tor exit nodes, although requests from these nodes accounted for only 3% of attack traffic. While we believe that Tor’s participation in attacks is accidental due to the nature of vulnerable services, even at 3% of the peak (greater than 1.3 million rps), our analysis shows that Tor exit nodes can send large amounts of undesired traffic to Web applications and services.



Copyright © All rights reserved. | Newsphere by AF themes.