DDoS defender targeted in 1.5 Bpps denial-of-service attack
A DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion packets per second.
The attack originated from thousands of IoTs and MikroTik routers, and it was mitigated by FastNetMon, a company that offers protection against service disruptions.
“The attack reached 1.5 billion packets per second (1.5 Gpps) — one of the largest packet-rate floods publicly disclosed,” FastNetMon says in a press release.
“The malicious traffic was primarily a UDP flood launched from compromised customer-premises equipment (CPE), including IoT devices and routers, across more than 11,000 unique networks worldwide,” the company explains.
FastNetMon did not name the targeted customer, but describes it as a DDoS scrubbing provider. These services specialize in filtering out malicious traffic during DDoS attacks through packet inspection, rate limiting, CAPTCHA, and anomaly detection.
The attack was detected in real-time, and mitigation action was taken using the customer's DDoS scrubbing facility. The measures included deploying access control lists (ACLs) on edge routers known for amplification capabilities.
News of the attack comes just days after internet infrastructure giant Cloudflare announced that it blocked the largest recorded volumetric DDoS attack in history, which peaked at 11.5 terabits per second (Tbps) and 5.1 billion packets per second (Bpps).
In both attacks, the goal was to exhaust processing abilities on the receiving end and cause service outages.
FastNetMon’s founder, Pavel Odintsov, commented that the trend of these massive attacks has become very dangerous, and intervention at the internet service provider (ISP) level is required to stop this mass-scale weaponization of compromised consumer hardware.
"What makes this case remarkable is the sheer number of distributed sources and the abuse of everyday networking devices. Without proactive ISP-level filtering, compromised consumer hardware can be weaponised at a massive scale" - FastNetMon
“The industry must act to implement detection logic at the ISP level to stop outgoing attacks before they scale,” says Odintsov.
