Firm suffers largest ever DDoS attack peaking at 580 million PPS
The DDoS attack took place on April 30th which was mitigated by Imperva.
Imperva has mitigated the largest ever DDoS attack on April 30. The attack was launched against one of the customers of the DDoS Protection Service provider firm. The company maintains that the attack peaked at 580 million PPS (packets per sec) and remained active for approx. 15 seconds.
See: World’s Largest DDoS Attack: US Firm Suffers 1.7 Tbps of DDoS Attack
The attack was thwarted successfully through Imperva’s effective defense systems but it is indeed an issue of concern that DDoS actors were able to deliver such a powerful attack that crossed the 500m PPS mark, which is unprecedented so far.
According to Imperva’s analysis, the volume of the packet is at least four times higher than those sent to GitHub in 2018, which was considered the highest until now.
“We believe at the time was the largest PPS attack publicly disclosed,” Imperva wrote in its blog post.
Imperva further stated that DDoS bandwidth is usually given most consideration but actually it is the volume of the PPS that is used to measure the attack’s intensity. The higher the volume, the more complicated it would be to block the attack.
See: New Electrum DDoS botnet steals $4.6M after infecting 152,000 hosts
In DDoS attacks, the network is rendered incapable by sending out a large number of packet requests so as to weaken its computing and bandwidth resources to such an extent that it becomes dysfunctional. It happens so because the high volume of PPS makes it difficult for the network to function due to the extreme processing power involved to evaluate the packet headers.
However, Imperva claimed that it handles DDoS attacks of over 500 Gbps almost every week but in such cases, the number of the PPS is quite low and the attacks are easier to mitigate through their defense mechanisms.
“While these huge attacks are the largest by bandwidth mitigated by Imperva to date, that wasn’t what made it a potential challenge. Rather, it was the 500 million packets-per-second torrent directed at our customer – the highest volume ever recorded – that made it so intense, and the real challenge to overcome,” writes Imperva.
Credit: Imperva
It is also difficult for threat actors to generate higher PPS to carry out successful DDoS attacks but if they use old SYN flood tools in combination with each other then they can deliver attacks of such magnitude.
Imperva identified a similar attack on January 10 when an SYN flood was augmented by a larger SYN flood, approx. 800-900 bytes, but the source ports and IP addresses of their customer’s server were most likely spoofed. Imperva managed to mitigate the attack without any difficulty.
Their analysis suggested that the attack was launched through older tools, one of which was for the SYN attack and the other for the large SYN attack.
It is believed that two different individuals wrote these tools and combined them for developing an arsenal for launching more intense DDoS attack.
On April 30, a larger attack was recorded against one of Imperva’s clients, which peaked at 580 million PPS, which was mitigated using the latest common mitigation state feature. The company believes that the attack in January was like a ‘test run’ for the latest attack.
See: Man whose DDoS attacks took down the entire country’s Internet jailed
As TechNadu noted, The January attempt was like a test run for this latest record-breaking DDoS attempt, but the chances of this record to stand the test of time are slim to none. We expect to see higher PPS numbers soon, testing the limits of defensive mechanisms, and pushing things to new territories.
If you are running a business; calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.
Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.
Gloss