Google blocked the biggest DDoS attack of all time

One of the computer giant’s customers was faced with an avalanche of 46 million HTTPS requests per second. Unheard of in the history of the web.

It’s a new record, one more. On June 1, Google blocked a distributed denial of service attack (DDoS, Distributed Denial of Service) of unparalleled power since the internet existed. At 10:18 a.m. (San Francisco time), one of the computer giant’s customers was the target of an avalanche of data whose flow peaked at 46 million HTTPS requests per second!

“To fully understand the dimension of this attack, it’s like receiving in the space of 10 seconds all the requests received in one day by Wikipedia, one of the ten largest websites in the world”explains Google in a blog post.

The previous record in this area was recorded by Cloudflare which blocked a DDoS attack of 26 million HTTPS requests per second, also last June. Again, the number of traffic sources was relatively small. Google has counted 5256 IP addresses distributed in 132 countries. This is small compared to other DDoS botnets which can contain hundreds of thousands of zombie machines. The Mirai botnet, for example, contained more than 300,000 connected objects.

The previous record in this area was recorded by Cloudflare, which blocked a DDoS attack of 26 million HTTPS requests per second, also last June. Again, the number of traffic sources was relatively small. Google has counted 5256 IP addresses distributed in 132 countries. This is small compared to other DDoS botnets which can contain hundreds of thousands of zombie machines. The Mirai botnet, for example, contained more than 300,000 connected objects.

It must be said that in the case of an attack using HTTPS requests, it is not the number of sources that matters, but their quality. The goal of these attacks is to exhaust the target’s resources to create a denial of service, ie a failure. For the hacker, such an operation is quite expensive to perform, HTTP/HTTPS requests requiring more computing power than protocol exchanges. But it is much more efficient, because each query can cause multiple files to be loaded and database queries to be executed. To carry out this type of attack, it is therefore necessary to have powerful machines, such as servers.

An actor who is starting to be known

In the cases of Google and Cloudflare, it would seem that the same group of hackers is at work. Called “Meris”, it would broadcast its attacks from virtual servers. But, in order to cover their tracks, the requests would be routed via a proxy botnet made up of MikroTik brand routers.

Moreover, the firepower of Meris would be explained by the use of a technique called “HTTP Pipelining”. This allows request packets to be sent in batches without having to wait for a response from the web servers being queried. However, Google still managed to block this attack. In its blog post, the computer giant explains that it was able to detect the beginnings of the attack sufficiently in advance and, thus, to develop a suitable filtering process.

Source :

Google

Leave a Comment