Record DDoS Pummels Site with Unprecedented 7.3 Tbps of Junk Traffic
Cloudflare, a leading internet security and performance provider, has reported a record-breaking Distributed Denial-of-Service (DDoS) attack that sent a staggering 7.3 terabits per second (Tbps) of junk traffic to a targeted site in just 45 seconds. This colossal assault is equivalent to more than 9,300 full-length high-definition (HD) movies or 7,500 hours of HD streaming content, making it one of the most massive DDoS attacks ever recorded.
The Nature of the Attack
Cloudflare described the attackers as "carpet bombing" an average of nearly 22,000 destination ports of a single IP address belonging to the targeted site. A total of 34,500 ports were targeted, indicating the thoroughness and well-engineered nature of the attack. The vast majority of the attack was delivered in the form of User Datagram Protocol (UDP) packets.
Understanding UDP Floods
Legitimate UDP-based transmissions are used for time-sensitive communications such as video playback, gaming applications, and DNS lookups. They speed up communications by not formally establishing a connection before data is transferred. Unlike Transmission Control Protocol (TCP), which waits for a connection between two computers to be established through a handshake and checks whether data is properly received by the other party, UDP immediately sends data from one machine to another.
UDP flood attacks send extremely high volumes of packets to random or specific ports on the targeted IP. These floods can saturate the target’s internet link or overwhelm internal resources with more packets than they can handle. Since UDP doesn’t require a handshake, attackers can use it to flood a targeted server with torrents of traffic without first obtaining the server’s permission to begin the transmission.
The Role of Reflection Attacks
A much smaller portion of the attack, measured at just 0.004 percent, was delivered as reflection attacks. Reflection attacks direct malicious traffic to one or more third-party intermediaries, such as Network Time Protocol (NTP) services for syncing server clocks. The attacker spoofs the sender IP of the malicious packets to give the appearance they’re being delivered by the final target.
When the third party sends a response, it’s delivered to the target rather than the destination of the original source of the traffic. Reflection attacks provide multiple benefits to attackers. For one, such attacks cause the DDoS to be delivered from a wide variety of destinations, making it harder for targets to defend against the onslaught.
The Use of Mirai-Based Botnets
Cloudflare said the record DDoS exploited various reflection or amplification vectors, including NTP; Quote of the Day Protocol (Quoting Protocol), which listens on UDP port 17 and responds with a short quote or message; Echo Protocol, which responds with the same data it receives; and Portmapper services used to identify resources available to applications connecting through Remote Procedure Call (RPC).
The attack was also delivered through one or more Mirai-based botnets. Such botnets are typically made up of home and small office routers, web cameras, and other Internet of Things (IoT) devices that have been compromised.
The Growing Trend of DDoS Attacks
DDoS sizes have continued a steady climb over the past three decades. In March, Nokia reported that a botnet dubbed Eleven11bot delivered a DOS with a peak of 6.5 Tbps. In May, KrebsonSecurity said it came under a DDoS that peaked at 6.3 Tbps.
Conclusion
The record-breaking DDoS attack on the targeted site is a stark reminder of the ever-evolving threat landscape. As attackers continue to push the boundaries of what is possible with their attacks, defenders must stay one step ahead by adopting cutting-edge technologies and strategies. The use of UDP flood attacks and reflection attacks highlights the importance of robust security measures, including firewalls, intrusion detection systems, and rate limiting.
As the demand for online services continues to grow, so does the risk of DDoS attacks. It is essential for organizations to invest in proactive defense mechanisms, such as Cloudflare’s Threat Stack, which provides real-time threat intelligence and automated protection against known threats.
The world needs to wake up to this reality and address the root causes of these massive cyberattacks before they become even more sophisticated and destructive. By working together, we can build a safer online environment for all users.