According to Google, it has fended off the largest HTTPS-based DDoS (Distributed Denial of Service) attack to date, with peak values of 46 million requests per second.
The incident occurred on June 1 and lasted 69 minutes, and was targeted at a Google Cloud Armor customer.
The attack is said to have been 76% more extensive than the previously largest DDoS attack, which was also blocked by Cloudflare in June.
“To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds,” explains Google developers Emil Kiner and Satya Konduru in a blog post.
According to the report, the attack targeted a customer’s HTTP/S load balancer and started with around 10,000 requests per second, increased to 100,000 within eight minutes and grew to the said 46 million requests per second two minutes later.
At this point, Google had already detected the attack and alerted the customer with an attack signature and a suggested blocking rule. The customer activated this immediately, and the attack was significantly weakened.
“Presumably the attacker likely determined they were not having the desired impact while incurring significant expenses to execute the attack.” write Kiner and Konduru.
The company noted that more than 5,000 source IP addresses from 132 countries were recorded during the attack and linked the DDoS to the Meris botnet, which had previously been used in other large-scale incidents.
According to Google, the attack traffic came from just 5,256 IP addresses scattered across 132 countries and exploited HTTPS, which means that the devices that sent the requests have very impressive computing resources. Another distinguishing feature of this attack was linking the DDoS to the Meris botnet, which had previously been used in other large-scale incidents, and attackers used Tor exit nodes. Although 22% (1169) of the sources sent requests through the Tor network, they accounted for only about 3% of the total attack traffic.
