A DDoS scrubbing service has become an ironic target in a massive DDoS attack from more than 11,000 distributed networks around the world, with a peak traffic of 1.5 billion packets per second. The unnamed DDoS scrubbing provider was protected by another DDoS defensive firm, FastNetMon, which was ultimately able to mitigate the attack, though warned that further support at the ISP level was needed as these sorts of attacks grow in size and scope.
The point of a distributed denial of service (DDoS) attack is to overwhelm a network or service with so much traffic that it stalls or crashes entirely. So, as attacks have grown more sophisticated, recruiting a greater number of traffic sources through botnets and compromised hardware, defences have had to become more capable in turn. DDoS scrubbing is one such defense that allows a network to sort through traffic to spot legitimate users and to block malicious access through packet inspection, anomaly detection, and CAPTCHA checks.
DDoS scrubbing providers also need their own protection, though, which is why the unnamed victim in this latest DDoS attack had FastNetMon on call to help augment its defences. It appears in this case to have been a successful defence, but the attack was noteworthy for its size and persistence all the same.
To give some context to the 1.5 billion packets per second attack, Cloudflare recently mitigated the largest DDoS attack in history, which peaked at 11.5 terabits per second and 5.1 billion packets per second. It's not directly comparable to this latest attack, but it shows that even though this one was smaller, it was still one of the largest ever to take place, and showcases the growing capability of DDoS attackers.
Although FastNetMon and the DDoS scrubbing service were able to thwart the attack in this case, that may not always be possible, and it calls for further regulation and ISP-level filtering and support for anti-DDoS efforts to combat this growing issue.
"What makes this case remarkable is the sheer number of distributed sources and the abuse of everyday networking devices," FastNetMon said. "Without proactive ISP-level filtering, compromised consumer hardware can be weaponised at a massive scale.
"These incidents show that adversaries are escalating both packet volumes and bandwidth floods beyond what many networks are prepared to handle."
One of the most pernicious aspects of DDoS attacks is that their purpose isn't always clear. While ransomware and malware attacks are almost always designed to earn the attacker money through ransoms or identity theft, DDoS attacks cripple services with a less obvious goal. It could be related to corporate espionage, nation-state actors, or a motivated individual with enough time and access to botnets.
Regardless of the motive, though, it's an ongoing issue that FastNetMon and others believe needs addressing on a grander scale.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
